Skip to main content
CVE-2025-43567 CRITICAL This Week

Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
9.3
EPSS
0.8%
CVE-2025-43566 MEDIUM This Month

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Coldfusion
NVD
CVSS 3.1
6.8
EPSS
2.4%
CVE-2025-43565 HIGH This Month

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Coldfusion
NVD
CVSS 3.1
8.4
EPSS
3.9%
CVE-2025-43564 CRITICAL This Week

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Coldfusion
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2025-43563 CRITICAL This Week

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Coldfusion
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2025-43562 CRITICAL This Week

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Coldfusion
NVD
CVSS 3.1
9.1
EPSS
8.4%
CVE-2025-45863 CRITICAL POC Act Now

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-45865 CRITICAL POC Act Now

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-45861 CRITICAL POC Act Now

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-45746 MEDIUM POC This Week

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zkbio Cvsecurity
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2025-3744 HIGH This Month

Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nomad
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2025-4660 HIGH This Month

A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation Secureconnector Windows
NVD
CVSS 4.0
8.7
EPSS
1.5%
CVE-2025-30394 MEDIUM This Month

Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022 +3
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2025-30388 HIGH This Month

Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Office Office Long Term Servicing Channel +16
NVD VulDB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-30387 CRITICAL This Week

Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Azure Ai Document Intelligence Studio
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2025-30386 HIGH This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +2
NVD VulDB
CVSS 3.1
8.4
EPSS
0.6%
CVE-2025-30385 HIGH This Month

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-29979 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29978 HIGH This Month

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29977 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29976 HIGH This Month

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29974 MEDIUM This Month

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
5.7
EPSS
1.1%
CVE-2025-29973 HIGH This Month

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Authentication Bypass Azure File Sync
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-29968 MEDIUM This Month

Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
6.5
EPSS
5.0%
CVE-2025-29967 HIGH This Month

Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2025-29966 HIGH This Month

Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Remote Desktop Windows App +16
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2025-29964 HIGH This Month

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2025-29963 HIGH This Month

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2025-29956 MEDIUM This Month

Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2025-29955 MEDIUM This Month

Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 11 24h2 Windows Server 2022 23h2 Windows Server 2025 +1
NVD
CVSS 3.1
6.2
EPSS
1.1%
CVE-2025-29954 MEDIUM This Month

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2025-29842 HIGH This Month

Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-29841 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Race Condition Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +6
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-29830 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2025-29829 MEDIUM This Month

Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2025-29826 HIGH This Month

Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Dataverse
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2025-27488 MEDIUM This Month

Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows Hardware Lab Kit Windows
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2025-27468 HIGH This Month

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-26685 MEDIUM This Month

Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Defender For Identity
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2025-0035 HIGH This Month

Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-6364 MEDIUM This Month

A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass Persistence
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-36339 HIGH This Month

A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-36321 HIGH This Month

Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-21960 HIGH This Month

Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-47278 LOW PATCH Monitor

Flask is a web server gateway interface (WSGI) web application framework. Rated low severity (CVSS 1.8), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 4.0
1.8
EPSS
0.1%
CVE-2025-47276 HIGH This Month

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Debian
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-46721 MEDIUM POC PATCH This Month

nosurf is cross-site request forgery (CSRF) protection middleware for Go. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF XSS Nosurf Suse
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-31493 MEDIUM PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Kirby
NVD GitHub
CVSS 4.0
6.3
EPSS
0.8%
CVE-2025-30207 LOW PATCH Monitor

Kirby is an open-source content management system. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nginx Apache PHP Path Traversal Kirby
NVD GitHub
CVSS 4.0
2.3
EPSS
0.6%
CVE-2025-28056 CRITICAL POC Act Now

rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rebuild
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy