Skip to main content
CVE-2025-4322 CRITICAL POC THREAT Emergency

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.1% and no vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
31.1%
Threat
4.4
CVE-2025-44898 CRITICAL POC Act Now

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the theauthName parameter in the web_aaa_loginAuthlistEdit function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Wgs 804Hpt Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-44897 CRITICAL POC Act Now

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftp_srvip parameter in the web_tool_upgradeManager_post function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Wgs 804Hpt Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-44890 CRITICAL POC Act Now

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_notifyv3_add_post function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Wgs 804Hpt Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-44888 CRITICAL POC Act Now

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the stp_conf_name parameter in the web_stp_globalSetting_post function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Wgs 804Hpt Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-44885 CRITICAL POC Act Now

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the remote_ip parameter in the web_snmpv3_remote_engineId_add_post function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Wgs 804Hpt Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-44893 CRITICAL POC Act Now

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Wgs 804Hpt Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-2929 HIGH POC This Week

The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Order Delivery Date For Woocommerce PHP
NVD WPScan
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-44084 CRITICAL Act Now

D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Di 8100G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2025-37924 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Red Hat +1
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-41228 MEDIUM POC This Month

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS VMware
NVD Exploit-DB
CVSS 3.1
4.3
EPSS
6.0%
CVE-2025-41225 HIGH This Week

The vCenter Server contains an authenticated command-execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection VMware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-37927 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which can lead to an overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Amd Memory Corruption Buffer Overflow Linux Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37926 HIGH PATCH This Week

A use-after-free vulnerability exists in the Linux kernel's ksmbd (in-kernel SMB server) component, where a race condition between ksmbd_session_rpc_open() and __session_rpc_close() functions can lead to memory corruption. This vulnerability affects Linux kernel versions up to 6.15-rc4 and allows local attackers with low privileges to potentially execute arbitrary code or cause system crashes, achieving complete compromise of confidentiality, integrity, and availability. With an EPSS score of 0.07%, the vulnerability has low real-world exploitation likelihood despite its high CVSS score, and patches are available from the vendor.

Linux Use After Free Race Condition Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37947 HIGH PATCH This Week

A boundary validation vulnerability in the Linux kernel's ksmbd (in-kernel SMB server) allows authenticated local users to perform out-of-bounds memory writes when handling stream data operations. The flaw occurs when write offsets exceed existing stream data boundaries, potentially leading to memory corruption with high impact on system confidentiality, integrity, and availability (CVSS 7.8). A proof-of-concept exploit is publicly available on GitHub, though real-world exploitation probability remains low at 0.03% according to EPSS data.

Linux Buffer Overflow Debian Linux Linux Kernel Red Hat +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26086 HIGH This Week

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Management System
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-22157 HIGH PATCH This Week

This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Authentication Bypass Privilege Escalation Jira Data Center Jira Server
NVD
CVSS 4.0
7.2
EPSS
0.3%
CVE-2025-41226 MEDIUM This Month

VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

VMware Denial Of Service
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2023-33861 MEDIUM This Month

IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Qradar Edr
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45641 MEDIUM This Month

IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Qradar Edr
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-5878 MEDIUM This Month

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-37958 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Debian Denial Of Service Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37966 MEDIUM PATCH This Month

A denial-of-service vulnerability exists in the Linux kernel's RISC-V architecture implementation where improper validation of the PR_SET_TAGGED_ADDR_CTRL prctl system call causes a kernel crash when the Supm (Supervisor User Memory) extension is not available. Affected systems are Linux kernel versions including 6.15-rc1 through 6.15-rc5 and potentially earlier versions across all RISC-V platforms. A local attacker with unprivileged user access can trigger an illegal instruction exception, crashing the kernel and denying service to all users, with an EPSS exploitation probability of only 0.11 percent indicating low real-world exploitation likelihood despite the availability of a vendor patch.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37909 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Fix memleak issue when GSO enabled Always map the `skb` to the LS descriptor. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37959 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpf_redirect_peer When bpf_redirect_peer is used to redirect packets to a device in another network namespace,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37931 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37968 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37972 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37964 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate window where TLB flushes may be inadvertently skipped tl;dr: There is a window in the mm switching code where the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37917 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Use spin_lock_irqsave and spin_unlock_irqrestore instead. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Mediatek Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-41227 MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

VMware Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37904 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix the inode leak in btrfs_iget() [BUG] There is a bug report that a syzbot reproducer can lead to the following busy inode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Ubuntu Debian Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37945 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY DSA has 2 kinds of drivers: 1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Mediatek Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37980 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37907 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpu_job_submit Fix deadlock in job submission and abort handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48056 MEDIUM PATCH This Month

Hubble is a fully distributed networking and security observability platform for cloud native workloads. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-37906 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd ublk_cancel_cmd() calls io_uring_cmd_done() to complete. Rated medium severity (CVSS 4.7).

Linux Race Condition Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-37920 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AF_XDP generic RX path Move rx_lock from xsk_socket to xsk_buff_pool.

Linux Information Disclosure Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-4951 MEDIUM This Month

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

XSS Appspider Pro
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-5008 MEDIUM POC This Week

A vulnerability was found in projectworlds Online Time Table Generator 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Time Table Generator
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5007 MEDIUM This Month

A vulnerability was found in Part-DB up to 1.17.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-5006 MEDIUM POC This Week

A vulnerability was found in Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5004 MEDIUM POC This Week

A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Time Table Generator
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4436 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-5003 MEDIUM POC This Week

A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Time Table Generator
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5002 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Client Database Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5001 MEDIUM POC Monitor

A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pspp Suse
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5000 MEDIUM This Month

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys Fgw3000 Ah Firmware Fgw3000 Hk Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.9%
CVE-2025-4999 MEDIUM This Month

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys Fgw3000 Ah Firmware Fgw3000 Hk Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.9%
CVE-2025-4998 HIGH This Month

A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy