Skip to main content
CVE-2025-32969 CRITICAL POC PATCH THREAT Act Now

XWiki is a generic wiki platform. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.9%.

SQLi Xwiki
NVD GitHub
CVSS 4.0
9.3
EPSS
26.9%
Threat
4.2
CVE-2025-45429 CRITICAL POC Act Now

In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow RCE Stack Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2025-45428 CRITICAL POC Act Now

In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow RCE Stack Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2025-45427 CRITICAL POC Act Now

In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow RCE Stack Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2025-32968 HIGH POC PATCH This Week

XWiki is a generic wiki platform. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xwiki
NVD GitHub
CVSS 4.0
8.6
EPSS
0.9%
CVE-2025-32966 HIGH POC This Week

DataEase is an open-source BI tool alternative to Tableau. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 4.0
8.2
EPSS
0.4%
CVE-2025-46397 HIGH POC PATCH This Week

A flaw was found in xfig. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Fig2Dev Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-28017 MEDIUM POC This Month

TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A800R Firmware TOTOLINK
NVD
CVSS 3.1
6.5
EPSS
5.3%
CVE-2025-28028 HIGH POC This Week

TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A830R Firmware A950rg Firmware A3000Ru Firmware A3100R Firmware +1
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-28025 HIGH POC This Week

TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A830R Firmware A950rg Firmware A3000Ru Firmware A3100R Firmware +1
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-28022 HIGH POC This Week

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A810R Firmware TOTOLINK
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-28021 HIGH POC This Week

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A810R Firmware TOTOLINK
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-28020 HIGH POC This Week

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A800R Firmware TOTOLINK
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-28019 HIGH POC This Week

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A800R Firmware TOTOLINK
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-28018 HIGH POC This Week

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A800R Firmware TOTOLINK
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-47829 MEDIUM POC PATCH This Month

pnpm is a package manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Pnpm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-2767 CRITICAL Act Now

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Ng Firewall
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2025-42605 CRITICAL Act Now

This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2025-46398 MEDIUM POC PATCH This Month

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Fig2Dev Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-46400 MEDIUM POC PATCH This Month

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Fig2Dev Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-46399 MEDIUM POC PATCH This Month

A flaw was found in fig2dev. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Fig2Dev Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-1049 HIGH This Week

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE S1 S2
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2025-1050 HIGH This Week

Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE S2
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2025-1048 HIGH This Week

Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE S1 S2
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2025-42603 HIGH This Week

This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Red Hat
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-2765 HIGH This Week

CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Autokit
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-42600 HIGH This Week

This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.2
EPSS
1.1%
CVE-2025-42602 HIGH This Week

This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Authentication Bypass
NVD
CVSS 4.0
8.2
EPSS
0.6%
CVE-2025-3529 HIGH This Week

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2025-42601 HIGH This Week

This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2025-28169 HIGH This Week

BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.2312290.1_0 was discovered to cend broadcasts to the manufacturer's cloud server unencrypted, allowing attackers to execute a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-1520 HIGH PATCH MAL This Week

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

RCE SQLi Posthog
NVD GitHub
CVSS 3.1
8.0
EPSS
0.2%
CVE-2025-2764 HIGH This Week

CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack RCE Autokit
NVD
CVSS 3.0
8.0
EPSS
0.0%
CVE-2025-2760 HIGH PATCH This Week

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Gimp Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-2761 HIGH PATCH This Week

GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Gimp Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-1047 HIGH This Week

Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Keyshot
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2025-1046 HIGH This Week

Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Keyshot
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2025-1045 HIGH This Week

Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Keyshot
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2025-2762 HIGH This Week

CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Autokit
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2769 HIGH This Week

Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

OpenSSL RCE Privilege Escalation Netdrive
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2768 HIGH This Week

Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

OpenSSL RCE Privilege Escalation Netdrive
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-3530 HIGH This Week

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2025-21605 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis Denial Of Service Valkey Debian Linux Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-1021 HIGH This Week

Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Authentication Bypass Diskstation Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-32818 HIGH POC This Week

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-2773 HIGH This Week

BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Router Firmware
NVD
CVSS 3.0
7.2
EPSS
1.4%
CVE-2025-3904 HIGH This Week

Vulnerability in Drupal Sportsleague.*. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sportsleague Drupal
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-3903 HIGH This Week

Vulnerability in Drupal UEditor - 百度编辑器.*. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ueditor Drupal
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-42604 MEDIUM This Month

This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.9
EPSS
1.0%
CVE-2025-2703 MEDIUM PATCH This Month

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Red Hat Suse
NVD
CVSS 3.1
6.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy