Skip to main content
CVE-2025-29471 HIGH POC THREAT Act Now

Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 16.0%.

RCE XSS Log Server
NVD Exploit-DB
CVSS 3.1
8.3
EPSS
16.0%
CVE-2025-29281 HIGH POC This Week

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection File Upload Perfreeblog
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-31491 HIGH POC This Week

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Open Redirect Information Disclosure Autogpt Platform
NVD GitHub
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-30712 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Oracle Authentication Bypass Denial Of Service Vm Virtualbox +1
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-50960 HIGH POC This Week

A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Code Injection Smp 111 Firmware Smp 351 Firmware +2
NVD GitHub
CVSS 3.1
7.2
EPSS
4.3%
CVE-2025-32948 HIGH POC This Week

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption SSRF Denial Of Service Peertube
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-32947 HIGH POC PATCH This Week

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Peertube
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-26959 HIGH This Week

Missing Authorization vulnerability in Quý Lê 91 Administrator Z allows Privilege Escalation.03.24. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-26741 HIGH This Week

Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates allows Privilege Escalation.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-32438 HIGH This Week

make-initrd-ng is a tool for copying binaries and their dependencies. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-3575 HIGH This Week

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-3574 HIGH This Week

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-30511 HIGH This Week

An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cloud Portal
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-3618 HIGH This Week

A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Rockwell Buffer Overflow Thinmanager
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-3617 HIGH This Week

A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Rockwell Privilege Escalation Thinmanager
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-27791 HIGH This Week

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Path Traversal
NVD GitHub
CVSS 4.0
8.3
EPSS
0.9%
CVE-2025-30735 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Page and Field Configuration). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Cc Common Application Objects
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-26748 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP CSRF
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-1274 HIGH This Week

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1275 HIGH This Week

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Heap Overflow RCE Autocad Mechanical +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-2497 HIGH This Week

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1656 HIGH This Week

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Heap Overflow RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1277 HIGH This Week

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1273 HIGH This Week

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Heap Overflow RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1276 HIGH This Week

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Advance Steel Autocad +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-31499 HIGH PATCH This Week

Jellyfin is an open source self hosted media server. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

RCE Jellyfin
NVD GitHub
CVSS 4.0
7.6
EPSS
0.7%
CVE-2025-30686 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Denial Of Service Hospitality Simphony
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2025-26908 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegratör allows SQL Injection.1.14. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2025-30706 HIGH PATCH This Week

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Oracle Privilege Escalation Mysql Connectors Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-26894 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Coming Soon, Maintenance Mode allows PHP Local File Inclusion.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-26889 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound hockeydata LOS allows PHP Local File Inclusion.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-30728 HIGH PATCH This Week

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Configurator
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30716 HIGH PATCH This Week

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Oracle Authentication Bypass Common Applications
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30708 HIGH This Week

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search and Register Users). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass User Management
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30707 HIGH PATCH This Week

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Istore
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-27011 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager allows PHP Local File Inclusion.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30724 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30730 HIGH This Week

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Application Object Library
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-32929 HIGH This Week

Missing Authorization vulnerability in Dmitry V. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26730 HIGH This Week

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-27008 HIGH This Week

Missing Authorization vulnerability in NotFound Unlimited Timeline allows Accessing Functionality Not Properly Constrained by ACLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26953 HIGH This Week

Missing Authorization vulnerability in NotFound JetMenu allows Accessing Functionality Not Properly Constrained by ACLs.4.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26958 HIGH This Week

Missing Authorization vulnerability in NotFound JetBlog allows Accessing Functionality Not Properly Constrained by ACLs.4.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26944 HIGH This Week

Missing Authorization vulnerability in NotFound JetPopup allows Accessing Functionality Not Properly Constrained by ACLs.0.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26942 HIGH This Week

Missing Authorization vulnerability in NotFound JetTricks allows Accessing Functionality Not Properly Constrained by ACLs.5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-32784 HIGH This Week

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
7.5
EPSS
0.2%
CVE-2025-31497 HIGH This Week

TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SSRF
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-21587 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Java Jre Jdk +4
NVD VulDB
CVSS 3.1
7.4
EPSS
0.6%
CVE-2025-30736 HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Java Java Virtual Machine
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-36842 HIGH This Week

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Google Android
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy