Skip to main content
CVE-2025-1752 HIGH POC PATCH This Week

A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Llamaindex Red Hat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2025-4525 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Rated high severity (CVSS 7.3). Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Discord Windows
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-2158 HIGH This Week

The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE WordPress Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-3876 HIGH PATCH This Week

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Privilege Escalation Sms Alert Order Notifications PHP
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-47817 HIGH This Week

In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-4496 HIGH This Week

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A3000Ru Firmware A810R Firmware T10 Firmware A3100R Firmware +4
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2023-53145 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1137 HIGH This Week

IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Storage Scale
NVD
CVSS 3.1
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy