Skip to main content
CVE-2025-37899 HIGH POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37898 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries get_stubs_size assumes that there must always be at least. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37897 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release plfxlc_mac_release() asserts that mac->lock is held. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37896 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: Add fix to avoid divide error For some SPI flash memory operations, dummy bytes are not mandatory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37895 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix error handling path in bnxt_init_chip() WARN_ON() is triggered in __flush_work() if bnxt_init_chip() fails because we. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37894 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: use sock_gen_put() when sk_state is TCP_TIME_WAIT It is possible for a pointer of type struct inet_timewait_sock to be. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-4980 MEDIUM POC This Week

A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Information Disclosure Dgnd3700 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-47941 HIGH PATCH This Month

TYPO3 is an open source, PHP based web content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Typo3
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-47940 HIGH PATCH This Month

TYPO3 is an open source, PHP based web content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Typo3
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-47939 MEDIUM PATCH This Month

TYPO3 is an open source, PHP based web content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-47938 LOW PATCH Monitor

TYPO3 is an open source, PHP based web content management system. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Typo3
NVD GitHub
CVSS 3.1
3.8
EPSS
0.2%
CVE-2025-47937 LOW PATCH Monitor

TYPO3 is an open source, PHP based web content management system. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Authentication Bypass Typo3
NVD GitHub
CVSS 3.1
3.7
EPSS
0.2%
CVE-2025-47936 LOW PATCH Monitor

TYPO3 is an open source, PHP based web content management system. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. No vendor patch available.

SSRF PHP CSRF Typo3
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2025-45862 MEDIUM POC This Week

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-53359 HIGH POC This Month

An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zalo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-4978 CRITICAL POC Act Now

A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Authentication Bypass Dgnd3700 Firmware
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
1.5%
CVE-2025-4977 MEDIUM POC This Week

A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Information Disclosure Dgnd3700 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-41231 HIGH This Month

VMware Cloud Foundation contains a missing authorisation vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware Cloud Foundation
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-41230 HIGH This Month

VMware Cloud Foundation contains an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-41229 HIGH This Month

VMware Cloud Foundation contains a directory traversal vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal VMware
NVD
CVSS 3.1
8.2
EPSS
2.1%
CVE-2025-40635 CRITICAL This Week

SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-30193 HIGH PATCH This Month

In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-40634 CRITICAL This Week

Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

TP-Link Buffer Overflow RCE Stack Overflow
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2025-40633 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-37892 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the return value of inftl_read_oob() need to be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-4971 HIGH POC This Week

Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution rights on the agent executable to escalate their privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Broadcom
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.8%
CVE-2025-3079 MEDIUM This Month

A passback vulnerability which relates to office/small office multifunction printers and laser printers. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure
NVD
CVSS 4.0
6.3
EPSS
0.3%
CVE-2025-3078 MEDIUM This Month

A passback vulnerability which relates to production printers and office multifunction printers. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure
NVD
CVSS 4.0
6.3
EPSS
0.3%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy