Skip to main content
CVE-2025-45846 HIGH POC This Week

ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsindex parameter in the formBTClinetSetting function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Aip W512 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-45845 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45844 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45843 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45842 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-4441 HIGH This Week

A vulnerability was found in D-Link DIR-605L 2.13B01. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Buffer Overflow Dir 605l Firmware
NVD VulDB GitHub
CVSS 4.0
8.7
EPSS
0.9%
CVE-2025-27578 HIGH This Week

Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-6648 HIGH This Week

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ap Pagebuilder
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-8100 HIGH This Week

On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2025-3758 HIGH This Week

WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-4098 HIGH This Week

Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-37822 HIGH PATCH This Week

A vulnerability in the Linux kernel's RISC-V architecture implementation causes incorrect execution of uprobes due to missing instruction cache flushing after building the XOL (execute out-of-line) buffer. This affects Linux kernel versions from 6.4 up to 6.15-rc3 on RISC-V systems, potentially allowing local attackers with low privileges to gain complete system compromise through code execution, information disclosure, or denial of service. The vulnerability has a low EPSS score of 0.07% indicating minimal real-world exploitation activity currently.

Linux RCE Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37810 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37823 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37803 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1331 HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Cics Tx
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1330 HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption IBM Buffer Overflow RCE Cics Tx
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1329 HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption IBM Buffer Overflow RCE Cics Tx
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1948 HIGH PATCH This Week

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jetty Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-13793 HIGH This Week

The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Code Injection Wolmart
NVD
CVSS 3.1
7.3
EPSS
1.3%
CVE-2025-26847 HIGH This Week

An issue was discovered in Znuny before 7.1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Znuny
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26842 HIGH This Week

An issue was discovered in Znuny through 7.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Znuny
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-9448 HIGH This Week

On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-3419 HIGH PATCH This Week

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-13009 HIGH PATCH This Week

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jetty Red Hat Suse
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-37825 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no transport configured yet,. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-4440 HIGH This Month

A vulnerability was found in H3C GR-1800AX up to 100R008 and classified as critical. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-47732 HIGH This Month

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Deserialization Dataverse
NVD
CVSS 3.1
8.7
EPSS
2.7%
CVE-2025-33072 HIGH This Month

Improper access control in Azure allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Msagsfeedback Azurewebsites Net
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2025-41450 HIGH This Month

Improper Authentication vulnerability in Danfoss AKSM8xxA Series.2. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-3759 HIGH This Month

Endpoint /cgi-bin-igd/netcore_set.cgi which is used for changing device configuration is accessible without authentication. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-40846 HIGH This Month

Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect XSS
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-1254 HIGH This Month

Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Connext Professional
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-37819 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37817 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy