Skip to main content
CVE-2024-45567 HIGH PATCH This Week

Memory corruption while encoding JPEG format. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45566 HIGH PATCH This Week

Memory corruption during concurrent buffer access due to modification of the reference count. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware +20
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45564 HIGH PATCH This Week

Memory corruption during concurrent access to server info object due to incorrect reference count update. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6800 Firmware +59
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21470 HIGH This Week

Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +30
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21469 HIGH This Week

Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +17
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49842 HIGH This Week

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass Aqt1000 Firmware Ar8035 Firmware Fastconnect 6200 Firmware +173
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45554 HIGH PATCH This Week

Memory corruption during concurrent SSR execution due to race condition on the global maps list. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware +18
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-45565 HIGH PATCH This Week

Memory corruption when blob structure is modified by user-space after kernel verification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Sdm429w Firmware Snapdragon 429 Mobile Firmware Wcn3620 Firmware Wcn3660b Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-46584 HIGH This Week

Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21459 HIGH PATCH This Week

Transient DOS while parsing per STA profile in ML IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +119
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-49847 HIGH This Week

Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 7800 Firmware Qca6574au Firmware Qca6584au Firmware +43
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-2802 HIGH This Week

The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Code Injection PHP
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2025-0853 HIGH This Week

The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'save_header_builder' function in all versions up to, and including, 5.8.0 due to insufficient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-2898 HIGH This Week

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-46585 HIGH This Week

Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5). No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-46814 LOW POC PATCH Monitor

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Fastapi Guard
NVD GitHub
CVSS 3.1
3.4
EPSS
0.2%
CVE-2025-0856 HIGH This Week

The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-46762 HIGH PATCH This Week

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache RCE Parquet Red Hat
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2025-46820 HIGH This Week

phpgt/Dom provides access to modern DOM APIs. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-49829 MEDIUM PATCH This Month

Memory corruption can occur during context user dumps due to inadequate checks on buffer length. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sdm429w Firmware Snapdragon 429 Mobile Firmware +6
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-45568 MEDIUM PATCH This Month

Memory corruption due to improper bounds check while command handling in camera-kernel driver. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sdm429w Firmware Snapdragon 429 Mobile Firmware +9
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-45581 MEDIUM PATCH This Month

Memory corruption while sound model registration for voice activation with audio kernel driver. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mdm9628 Firmware Qam8295p Firmware Qca6564a Firmware +27
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-49830 MEDIUM PATCH This Month

Memory corruption while processing an IOCTL call to set mixer controls. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qca6574au Firmware Qca6595au Firmware Qca6678aq Firmware Qca6688aq Firmware +8
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45583 MEDIUM PATCH This Month

Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow Fastconnect 7800 Firmware Snapdragon 8 Gen 3 Mobile Firmware +5
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45570 MEDIUM PATCH This Month

Memory corruption may occur during IO configuration processing when the IO port count is invalid. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Qca6391 Firmware Qca6426 Firmware Qca6436 Firmware +54
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45563 MEDIUM PATCH This Month

Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sdm429w Firmware +11
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45562 MEDIUM PATCH This Month

Memory corruption during concurrent access to server info object due to unprotected critical field. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6800 Firmware +76
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-26262 MEDIUM This Month

An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-44900 MEDIUM This Month

In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Stack Overflow Rx3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-4374 MEDIUM This Month

A flaw was found in Quay. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Quay Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-37730 MEDIUM This Month

Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-3782 MEDIUM This Month

The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-46590 MEDIUM This Month

Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-39442 MEDIUM This Month

In sprd ssense service, there is a possible missing permission check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-46591 MEDIUM This Month

Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-58252 MEDIUM This Month

Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-46587 MEDIUM This Month

Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-4384 MEDIUM This Month

The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-47256 MEDIUM PATCH This Month

Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow Suse
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-4341 MEDIUM This Month

A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 880L Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.3%
CVE-2025-22476 MEDIUM This Month

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Storage Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-3020 MEDIUM This Month

An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-3609 MEDIUM This Month

The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-46736 MEDIUM PATCH This Month

Umbraco is a free and open source .NET content management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Umbraco Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-47418 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3281 MEDIUM This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-4333 MEDIUM This Month

A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4305 MEDIUM This Month

A vulnerability has been found in kefaming mayi up to 1.3.9 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-47417 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2023-33770 MEDIUM This Month

Real Estate Management System v1.0 was discovered to contain a SQL injection vulnerability via the message parameter at /contact.php. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy