Skip to main content
CVE-2024-57394 HIGH POC This Week

The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Tianqing Endpoint Security Management System Windows
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-32956 HIGH POC PATCH This Week

ManageWiki is a MediaWiki extension allowing users to manage wikis. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Managewiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.2%
CVE-2025-32431 HIGH PATCH This Week

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Traefik Suse
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-3857 HIGH PATCH This Week

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-43971 HIGH PATCH This Week

An issue was discovered in GoBGP before 3.35.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gobgp Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-2298 HIGH This Week

An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Denial Of Service
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2025-27086 HIGH This Week

A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Performance Cluster Manager
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-43922 HIGH This Week

The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-23174 HIGH This Week

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy