Skip to main content
CVE-2025-31650 HIGH POC PATCH THREAT Act Now

Improper Input Validation vulnerability in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.3%.

Apache Tomcat Denial Of Service Red Hat Suse
NVD Exploit-DB HeroDevs
CVSS 3.1
7.5
EPSS
20.3%
CVE-2025-34491 HIGH POC This Week

GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Mailessentials
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2025-4007 HIGH POC This Week

A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow W12 Firmware I24 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-3993 HIGH POC This Week

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow N150rt Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-3992 HIGH POC This Week

A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow N150rt Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-3991 HIGH POC This Week

A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow N150rt Firmware TOTOLINK
NVD VulDB GitHub
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-34489 HIGH POC This Week

GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Deserialization Mailessentials
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-42598 HIGH This Week

Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation Windows
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-23375 HIGH This Week

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Powerprotect Data Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-32470 HIGH This Week

A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-22235 HIGH PATCH This Week

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Spring Red Hat
NVD HeroDevs
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-3224 HIGH This Week

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. Rated high severity (CVSS 7.3). No vendor patch available.

Microsoft Docker Privilege Escalation Desktop Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2015-4582 HIGH This Week

The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php tcp_register_error XSS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Oracle PHP XSS Boot Store
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-27937 HIGH This Week

Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy