Skip to main content
CVE-2024-36339 HIGH This Month

A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-36321 HIGH This Month

Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-21960 HIGH This Month

Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-47276 HIGH This Month

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Debian
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-28055 HIGH POC This Month

upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Upset Gal Web
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-28057 HIGH POC This Month

owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Owl Admin
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-42446 HIGH This Month

APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Rated high severity (CVSS 7.5). No vendor patch available.

RCE Aptio V
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-4648 HIGH This Month

The content of a SVG file, received as input in Centreon web, was not properly checked. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Centreon Web
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2025-4647 HIGH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Centreon Web
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-4646 HIGH This Month

Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.04.0 before 24.04.10, from 24.10.0 before 24.10.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Centreon Web
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-40582 HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-40581 HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-40574 HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-40566 HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Pcs Neo
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-40556 HIGH This Month

A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All versions), BACnet ATEC 550-445 (All versions), BACnet ATEC 550-446 (All versions). Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-32454 HIGH This Month

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.14), Teamcenter Visualization V2312 (All versions < V2312.0010), Teamcenter Visualization V2406 (All. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Teamcenter Visualization Tecnomatix Plant Simulation
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-31930 HIGH This Month

A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions < V2.135), IEC. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-30176 HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service Simatic Pcs Neo Sinec Nms +3
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-30175 HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Simatic Pcs Neo Sinec Nms +3
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-30174 HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service Sinec Nms Sinema Remote Connect +2
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-24510 HIGH This Month

A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-24009 HIGH This Month

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-24008 HIGH This Month

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-24007 HIGH This Month

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-51445 HIGH This Month

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Polarion Alm
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-51444 HIGH This Month

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Polarion Alm
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-23815 HIGH This Month

A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-41645 HIGH This Month

An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-4474 HIGH This Month

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-4473 HIGH This Month

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-35471 HIGH POC PATCH This Month

conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. Public exploit code available.

Microsoft OpenSSL RCE Miniforge Openssl Feedstock +1
NVD GitHub
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-43011 HIGH This Month

Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-43010 HIGH This Month

SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SAP
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2025-43000 HIGH This Month

Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2025-30018 HIGH This Month

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SAP Supplier Relationship Management
NVD
CVSS 3.1
8.6
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy