Skip to main content
CVE-2025-27134 HIGH POC PATCH THREAT Act Now

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%.

Authentication Bypass Privilege Escalation Joplin
NVD GitHub
CVSS 3.1
8.8
EPSS
13.4%
CVE-2025-4142 HIGH POC This Week

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Ex6200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-4141 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Ex6200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-4140 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Ex6120 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-46342 HIGH POC PATCH This Week

Kyverno is a policy engine designed for cloud native platform engineering teams. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Kubernetes Authentication Bypass Kyverno Suse
NVD GitHub
CVSS 3.1
8.5
EPSS
0.3%
CVE-2025-44193 HIGH POC This Week

SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_complaint. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Barangay Management System
NVD GitHub
CVSS 3.1
7.6
EPSS
0.2%
CVE-2025-27409 HIGH POC PATCH This Week

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Joplin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-30202 HIGH POC PATCH This Week

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Vllm Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-44194 HIGH POC This Week

SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Barangay Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-45020 HIGH POC This Week

A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-4120 HIGH This Week

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Buffer Overflow Jwnr2000V2 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-4139 HIGH This Week

A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Buffer Overflow Ex6120 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2025-24351 HIGH This Week

A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-4116 HIGH This Week

A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Buffer Overflow Jwnr2000 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.7%
CVE-2025-4115 HIGH This Week

A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Buffer Overflow Jwnr2000 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.7%
CVE-2025-4114 HIGH This Week

A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Buffer Overflow Jwnr2000 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.7%
CVE-2025-27611 HIGH PATCH This Week

base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-30389 HIGH This Week

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Azure Ai Bot Service
NVD
CVSS 3.1
8.7
EPSS
0.3%
CVE-2025-21416 HIGH This Week

Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Authentication Bypass Azure Virtual Desktop
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-9876 HIGH This Week

: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-3394 HIGH This Week

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Automation Builder
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-46557 HIGH PATCH This Week

XWiki is a generic wiki platform. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xwiki
NVD GitHub
CVSS 4.0
8.4
EPSS
0.4%
CVE-2025-3395 HIGH This Week

Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Automation Builder
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-32777 HIGH PATCH This Week

Volcano is a Kubernetes-native batch scheduling system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Privilege Escalation Elastic Denial Of Service Suse
NVD GitHub
CVSS 4.0
8.2
EPSS
0.7%
CVE-2025-30391 HIGH This Week

Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Dynamics 365 Customer Service
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2025-22882 HIGH This Week

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ispsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-4125 HIGH This Week

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ispsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-4124 HIGH This Week

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ispsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-22883 HIGH This Week

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ispsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-22884 HIGH This Week

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ispsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-6032 HIGH This Week

Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE Model S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2024-6031 HIGH This Week

Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Model S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2024-13943 HIGH This Week

Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Model S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-46619 HIGH This Week

A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Couchbase Server Windows
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2025-33074 HIGH This Week

Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Jwt Attack Information Disclosure Azure Functions
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-24346 HIGH This Week

A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-2082 HIGH This Week

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow RCE Model 3 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2025-2170 HIGH This Week

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Sma1000 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-24349 HIGH This Week

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-24350 HIGH This Week

A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-24338 HIGH This Week

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

RCE
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-37535 HIGH This Week

Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-6030 HIGH This Week

Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Model S Firmware
NVD
CVSS 3.0
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy