Skip to main content
CVE-2025-47445 HIGH POC This Week

Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.0.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
8.8%
CVE-2025-47783 HIGH POC PATCH GHSA This Week

Label Studio is a multi-type data labeling and annotation tool. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Label Studio
NVD GitHub
CVSS 4.0
7.6
EPSS
0.2%
CVE-2025-4637 HIGH This Week

Divide By Zero vulnerability in davisking dlib allows remote attackers to cause a denial of service via a crafted file. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-47708 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.0.0 before 4.7.0, from 5.0.0 before 5.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Miniorange 2fa Drupal
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-2875 HIGH This Week

cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to access resources. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-4430 HIGH This Week

Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows file manipulation.19 (published on 22nd August 2024). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2025-24022 HIGH This Week

iTop is an web based IT Service Management tool. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE Itop
NVD GitHub
CVSS 3.1
8.5
EPSS
0.7%
CVE-2025-3833 HIGH This Week

Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Manageengine Adselfservice Plus
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2025-3834 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Manageengine Adaudit Plus
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2025-4640 HIGH This Week

Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow
NVD GitHub
CVSS 4.0
8.3
EPSS
0.3%
CVE-2025-0130 HIGH This Week

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Paloalto
NVD VulDB
CVSS 4.0
8.2
EPSS
0.3%
CVE-2025-3909 HIGH PATCH This Week

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-58101 HIGH This Week

Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-3600 HIGH This Week

In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Telerik Ui For Asp Net Ajax
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-26864 HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.10.0 through 1.3.3, from 2.0.1-beta. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Iotdb
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-26795 HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver.10.0 through 1.3.3, from 2.0.1-beta before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Iotdb
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-3875 HIGH PATCH This Week

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-47707 HIGH PATCH This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.0.0 before 4.7.0, from 5.0.0 before 5.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Miniorange 2fa Drupal
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-2900 HIGH PATCH This Week

IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow IBM Denial Of Service Semeru Runtime +1
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-47710 HIGH PATCH This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.0.0 before 4.7.0, from 5.0.0 before 5.2.0. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Miniorange 2fa Drupal
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-47885 HIGH PATCH This Month

Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Health Advisor By Cloudbees
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-44879 HIGH This Month

WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-26783 HIGH This Month

An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, W1000, Modem 5300, and Modem 5400. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service Exynos 2100 Firmware Exynos 1280 Firmware Exynos 2200 Firmware +7
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-55569 HIGH This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 980 Firmware Exynos 990 Firmware +15
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-0131 HIGH This Month

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Privilege Escalation Windows
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-4639 HIGH This Month

1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE
NVD GitHub
CVSS 4.0
8.8
EPSS
0.2%
CVE-2025-30663 HIGH This Month

Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Meeting Software Development Kit Rooms Rooms Controller Workplace +2
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-47701 HIGH PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.0.0 before 1.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Restrict Route By Ip Drupal
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-40595 HIGH This Month

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-26785 HIGH This Month

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 1280 Firmware Exynos 2200 Firmware +15
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-47782 HIGH PATCH This Month

motionEye is an online interface for the software motion, a video surveillance program with motion detection. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
8.9
EPSS
0.3%
CVE-2024-10864 HIGH This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

SQLi
NVD
CVSS 4.0
7.5
EPSS
0.2%
CVE-2024-54780 HIGH POC PATCH This Week

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Code Injection Pfsense Ce Pfsense Plus
NVD
CVSS 3.1
8.8
EPSS
8.1%
CVE-2025-3931 HIGH PATCH This Month

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy