Skip to main content
CVE-2025-28055 HIGH POC This Month

upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Upset Gal Web
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-45867 MEDIUM POC This Month

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-45864 MEDIUM POC This Month

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-45859 MEDIUM POC This Month

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-44831 CRITICAL POC Act Now

EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Engineercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-32756 CRITICAL KEV THREAT CERT-EU Act Now

Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice contain a stack-based buffer overflow enabling unauthenticated remote code execution across multiple Fortinet products.

Buffer Overflow RCE Stack Overflow Fortinet Fortimail +4
NVD
CVSS 3.1
9.8
EPSS
41.6%
CVE-2025-28057 HIGH POC This Month

owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Owl Admin
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-22859 MEDIUM This Month

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Forticlientems Forticlientems Cloud Fortinet
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-35281 LOW Monitor

An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions. Rated low severity (CVSS 2.5). No vendor patch available.

Code Injection Forticlient Fortifone Softclient
NVD
CVSS 3.1
2.5
EPSS
0.1%
CVE-2024-12533 LOW Monitor

Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Securecore Technology
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-42446 HIGH This Month

APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Rated high severity (CVSS 7.5). No vendor patch available.

RCE Aptio V
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-36340 MEDIUM PATCH This Month

A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Amd Information Disclosure Uprof
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-4649 MEDIUM Monitor

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Centreon Web
NVD GitHub
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-32917 MEDIUM This Month

Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2025-4648 HIGH This Month

The content of a SVG file, received as input in Centreon web, was not properly checked. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Centreon Web
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2025-4647 HIGH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Centreon Web
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-4646 HIGH This Month

Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.04.0 before 24.04.10, from 24.10.0 before 24.10.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Centreon Web
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-40628 CRITICAL This Week

SQL injection vulnerability in DomainsPRO 1.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-40583 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
6.7
EPSS
0.0%
CVE-2025-40582 HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-40581 HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-40574 HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-40573 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
6.7
EPSS
0.1%
CVE-2025-40572 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-40566 HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Pcs Neo
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-40556 HIGH This Month

A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All versions), BACnet ATEC 550-445 (All versions), BACnet ATEC 550-446 (All versions). Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-40555 MEDIUM This Month

A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-33025 CRITICAL This Week

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2025-33024 CRITICAL This Week

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2025-32469 CRITICAL This Week

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2025-32454 HIGH This Month

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.14), Teamcenter Visualization V2312 (All versions < V2312.0010), Teamcenter Visualization V2406 (All. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Teamcenter Visualization Tecnomatix Plant Simulation
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-31930 HIGH This Month

A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions < V2.135), IEC. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-31929 MEDIUM Monitor

A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required. No vendor patch available.

RCE
NVD
CVSS 4.0
4.1
EPSS
0.1%
CVE-2025-30176 HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service Simatic Pcs Neo Sinec Nms +3
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-30175 HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Simatic Pcs Neo Sinec Nms +3
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-30174 HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service Sinec Nms Sinema Remote Connect +2
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-26390 CRITICAL This Week

A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ozw672 Firmware Ozw772 Firmware
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-26389 CRITICAL This Week

A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Ozw672 Firmware Ozw772 Firmware
NVD
CVSS 4.0
10.0
EPSS
1.1%
CVE-2025-24510 HIGH This Month

A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-24009 HIGH This Month

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-24008 HIGH This Month

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-24007 HIGH This Month

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-22248 CRITICAL This Week

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Kubernetes Docker Bitnami +1
NVD GitHub
CVSS 4.0
9.4
EPSS
0.3%
CVE-2024-51447 MEDIUM This Month

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Polarion Alm
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-51446 MEDIUM This Month

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Polarion Alm
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-51445 HIGH This Month

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Polarion Alm
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-51444 HIGH This Month

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Polarion Alm
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-23815 HIGH This Month

A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-41645 HIGH This Month

An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-3916 MEDIUM Monitor

exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD file) provided by the attacker. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 4.0
4.6
EPSS
0.1%
Prev Page 6 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy