Skip to main content
CVE-2025-30391 HIGH This Week

Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Dynamics 365 Customer Service
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2025-22882 HIGH This Week

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ispsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-4125 HIGH This Week

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ispsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-4124 HIGH This Week

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ispsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-22883 HIGH This Week

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ispsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-22884 HIGH This Week

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ispsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-6032 HIGH This Week

Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE Model S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-32971 LOW POC PATCH Monitor

XWiki is a generic wiki platform. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
3.8
EPSS
0.1%
CVE-2024-6031 HIGH This Week

Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Model S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2024-13943 HIGH This Week

Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Model S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-46619 HIGH This Week

A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Couchbase Server Windows
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2025-33074 HIGH This Week

Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Jwt Attack Information Disclosure Azure Functions
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-24346 HIGH This Week

A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-2082 HIGH This Week

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow RCE Model 3 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2025-2170 HIGH This Week

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Sma1000 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-24349 HIGH This Week

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-24350 HIGH This Week

A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-24338 HIGH This Week

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

RCE
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-37535 HIGH This Week

Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-6030 HIGH This Week

Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Model S Firmware
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2025-4119 MEDIUM This Month

A vulnerability classified as critical was found in Weitong Mall 1.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mall
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4118 MEDIUM This Month

A vulnerability classified as critical has been found in Weitong Mall 1.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mall
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-24341 MEDIUM This Month

A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-30145 MEDIUM This Month

Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-3599 MEDIUM This Month

Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Symantec Eraser Engine Windows
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-2890 MEDIUM This Month

The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘subscriptionCouponId’ parameter in all versions up to, and including, 1.7 due to insufficient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-27532 MEDIUM This Month

A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24347 MEDIUM This Month

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-30422 MEDIUM This Month

A buffer overflow was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-24340 MEDIUM This Month

A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-24132 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-24345 MEDIUM This Month

A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-24887 MEDIUM PATCH This Month

OpenCTI is an open-source cyber threat intelligence platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Opencti
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-30115 MEDIUM This Month

Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-24344 MEDIUM This Month

A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-3859 MEDIUM This Month

Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-46331 MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Google Authentication Bypass Docker Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.3%
CVE-2025-4121 MEDIUM This Month

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Jwnr2000V2 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.8%
CVE-2025-4122 MEDIUM This Month

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Jwnr2000V2 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.8%
CVE-2025-24091 MEDIUM This Month

An app could impersonate system notifications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-4135 MEDIUM This Month

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Wg302V2 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.2%
CVE-2025-24343 MEDIUM This Month

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2025-3953 MEDIUM This Month

The WP Statistics - The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-24348 MEDIUM This Month

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-45721 MEDIUM This Month

Insufficient default configuration in HCL Leap allows anonymous access to directory information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domino Leap
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-4136 MEDIUM This Month

A vulnerability was found in Weitong Mall 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-24342 MEDIUM This Month

A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-9877 MEDIUM This Month

: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-4117 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Netgear Buffer Overflow Jwnr2000 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2025-24339 MEDIUM This Month

A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.0
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy