Skip to main content
CVE-2025-34026 CRITICAL POC KEV THREAT Emergency

Versa Concerto SD-WAN orchestration platform contains an authentication bypass in Traefik reverse proxy configuration, exposing Actuator endpoints with heap dumps and trace logs.

Authentication Bypass Concerto
NVD
CVSS 4.0
9.2
EPSS
75.1%
Threat
7.1
CVE-2025-4008 HIGH POC KEV THREAT Act Now

Meteobridge weather station web interface contains a command injection vulnerability allowing unauthenticated remote attackers to execute arbitrary commands through crafted requests to CGI endpoints.

Command Injection Meteobridge Vm Meteobridge Firmware
NVD
CVSS 4.0
8.7
EPSS
45.9%
Threat
6.1
CVE-2025-34027 CRITICAL POC Act Now

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass
NVD
CVSS 4.0
10.0
EPSS
5.2%
CVE-2025-4524 CRITICAL POC Act Now

The Madara - Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE WordPress Path Traversal
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2025-46822 HIGH POC This Week

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Java
NVD GitHub Exploit-DB
CVSS 4.0
7.7
EPSS
6.8%
CVE-2025-48060 HIGH POC PATCH This Week

jq is a command-line JSON processor. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Jq Red Hat Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.6%
CVE-2025-5051 MEDIUM POC This Month

A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5050 MEDIUM POC This Month

A vulnerability was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-57529 MEDIUM POC This Month

Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Jetplanner
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2025-36535 CRITICAL Act Now

The embedded web server lacks authentication and access controls, allowing unrestricted remote access. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass
NVD
CVSS 4.0
10.0
EPSS
0.4%
CVE-2024-56428 MEDIUM POC This Month

The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for their servers configured in the client. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ilabclient
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-41426 CRITICAL Act Now

Affected Vertiv products contain a stack based buffer overflow vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 4.0
9.3
EPSS
0.9%
CVE-2025-46412 CRITICAL Act Now

Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-41232 CRITICAL PATCH Act Now

Spring Security Aspects may not correctly locate method security annotations on private methods. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Red Hat
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2021-25255 HIGH This Week

Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Yandex Browser Android
NVD
CVSS 4.0
8.3
EPSS
0.7%
CVE-2025-27997 HIGH This Week

An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Battle Net
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2019-16536 HIGH This Week

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Clickhouse
NVD
CVSS 4.0
8.2
EPSS
0.3%
CVE-2021-25254 HIGH This Week

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Yandex Browser Android
NVD
CVSS 4.0
8.2
EPSS
0.3%
CVE-2025-48416 HIGH This Week

An OpenSSH daemon listens on TCP port 22. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass SSH
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-48413 HIGH This Week

The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-40775 HIGH PATCH This Week

When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-20113 HIGH This Week

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Intelligence Center Unified Contact Center Express
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-25262 MEDIUM This Month

Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Yandex Browser Android
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4969 MEDIUM PATCH This Month

A vulnerability was found in the libsoup package. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2025-48414 MEDIUM This Month

There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-48417 MEDIUM This Month

The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4221 MEDIUM This Month

The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-downloader' shortcode in all versions up to, and including, 1.0.0 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-4219 MEDIUM This Month

The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-4217 MEDIUM This Month

The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ib_youtube' shortcode in all versions up to, and including, 1.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3781 MEDIUM This Month

The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's raisely_donation_form shortcode in all versions up to, and including, 1.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-48415 MEDIUM This Month

A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-45755 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vtiger Crm
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12561 MEDIUM This Month

The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.4.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress Google
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-2102 MEDIUM This Month

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.1. Rated medium severity (CVSS 5.7). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-4105 MEDIUM This Month

The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-5013 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Hkcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4415 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).0.0 before 1.3.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Piwik Pro Drupal
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-5020 MEDIUM This Month

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-20255 MEDIUM This Month

A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Meetings
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1421 LOW Monitor

Data provided in a request performed to the server while activating a new device are put in a database. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure
NVD
CVSS 4.0
2.4
EPSS
0.2%
CVE-2025-5059 MEDIUM POC This Month

A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-34025 HIGH This Month

The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-5057 MEDIUM POC This Week

A vulnerability was found in Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5056 MEDIUM POC This Week

A vulnerability was found in Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-48070 LOW POC PATCH Monitor

Plane is open-source project management software. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation XSS Plane
NVD GitHub
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-47947 HIGH POC PATCH This Month

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Apache Denial Of Service Modsecurity Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-47942 MEDIUM This Month

The Open edX Platform is a learning management platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Authentication Bypass Python
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-5053 MEDIUM POC This Week

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5052 MEDIUM POC This Week

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-45753 HIGH This Month

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection Vtiger Crm
NVD
CVSS 3.1
7.2
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy