Skip to main content
CVE-2025-44040 HIGH This Month

An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via UserService.php and the checkForOldHash function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Orangehrm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-5049 MEDIUM POC This Week

A vulnerability was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-45752 HIGH POC This Month

A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Seeddms
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-44083 CRITICAL This Week

An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Di 8100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-3751 HIGH This Month

The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-2261 HIGH This Month

Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
7.0
EPSS
0.3%
CVE-2025-27558 CRITICAL This Week

IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-5033 MEDIUM POC This Month

A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Java Teacms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-48069 MEDIUM PATCH This Month

ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Suse
NVD GitHub
CVSS 3.1
6.6
EPSS
0.6%
CVE-2025-48064 LOW Monitor

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Apple Windows macOS
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-48063 MEDIUM POC PATCH Monitor

XWiki is a generic wiki platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Authentication Bypass Xwiki
NVD GitHub
CVSS 4.0
4.8
EPSS
4.9%
CVE-2025-47291 MEDIUM PATCH Monitor

containerd is an open-source container runtime. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Containerd Red Hat Suse
NVD GitHub
CVSS 4.0
4.6
EPSS
0.3%
CVE-2025-5032 MEDIUM POC This Week

A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5031 LOW Monitor

A vulnerability was found in Ackites KillWxapkg up to 2.4.1. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.3%
CVE-2025-5030 LOW POC Monitor

A vulnerability was found in Ackites KillWxapkg up to 2.4.1. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Killwxapkg
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.6%
CVE-2025-4416 HIGH PATCH This Month

Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.0.0 before 3.1.11, from 4.0.0 before 4.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Events Log Track Drupal
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-48012 MEDIUM PATCH Monitor

Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.0.0 before 1.3.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass One Time Password Drupal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-48011 MEDIUM POC PATCH Monitor

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.0.0 before 1.3.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass One Time Password Drupal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-48010 MEDIUM PATCH Monitor

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.0.0 before 1.3.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass One Time Password Drupal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-48009 LOW PATCH Monitor

Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.0.0 before 1.4.12. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Single Content Sync Drupal
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-45754 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Seeddms
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25539 MEDIUM This Month

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP Vasco Self Service Portal
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-20267 MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-20258 MEDIUM This Month

A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Cisco Duo
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-20257 MEDIUM This Month

A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Secure Network Analytics
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-20256 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Secure Network Analytics
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-20250 MEDIUM This Month

A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-20247 MEDIUM This Month

A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-20246 MEDIUM This Month

A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-20242 MEDIUM This Month

A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Unified Contact Center Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20152 HIGH This Month

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Cisco Denial Of Service Identity Services Engine
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-20114 MEDIUM Monitor

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Cisco Unified Intelligence Center Unified Contact Center Express
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-20112 MEDIUM This Month

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco VMware
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-0372 MEDIUM This Month

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.1. Rated medium severity (CVSS 5.9). No vendor patch available.

Microsoft Race Condition Privilege Escalation Windows
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-48207 HIGH PATCH This Month

The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-48206 MEDIUM PATCH This Month

The ns_backup extension through 13.0.0 for TYPO3 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ns Backup
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-48205 HIGH PATCH This Month

The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-48204 MEDIUM PATCH This Month

The ns_backup extension through 13.0.0 for TYPO3 allows command injection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2025-48203 MEDIUM PATCH This Month

The cs_seo extension through 9.2.0 for TYPO3 allows XSS. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-48202 MEDIUM PATCH This Month

The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-48201 HIGH PATCH This Month

The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-48200 CRITICAL PATCH This Week

The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization
NVD
CVSS 3.1
10.0
EPSS
2.2%
CVE-2025-27998 HIGH This Month

An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-5029 MEDIUM This Month

A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-23337 MEDIUM POC PATCH Monitor

jq is a command-line JSON processor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Jq Red Hat Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-44895 MEDIUM POC This Week

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Wgs 804Hpt Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-44892 MEDIUM POC This Week

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Wgs 804Hpt Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56429 HIGH This Month

itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2024-42922 MEDIUM POC This Week

AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aapanel
NVD GitHub
CVSS 3.1
6.5
EPSS
6.1%
CVE-2025-1420 LOW Monitor

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
2.4
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy