Skip to main content
CVE-2025-4008 HIGH POC KEV THREAT Act Now

Meteobridge weather station web interface contains a command injection vulnerability allowing unauthenticated remote attackers to execute arbitrary commands through crafted requests to CGI endpoints.

Command Injection Meteobridge Vm Meteobridge Firmware
NVD
CVSS 4.0
8.7
EPSS
45.9%
Threat
6.1
CVE-2025-46822 HIGH POC This Week

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Java
NVD GitHub Exploit-DB
CVSS 4.0
7.7
EPSS
6.8%
CVE-2025-48060 HIGH POC PATCH This Week

jq is a command-line JSON processor. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Jq Red Hat Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.6%
CVE-2021-25255 HIGH This Week

Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Yandex Browser Android
NVD
CVSS 4.0
8.3
EPSS
0.7%
CVE-2025-27997 HIGH This Week

An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Battle Net
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2019-16536 HIGH This Week

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Clickhouse
NVD
CVSS 4.0
8.2
EPSS
0.3%
CVE-2021-25254 HIGH This Week

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Yandex Browser Android
NVD
CVSS 4.0
8.2
EPSS
0.3%
CVE-2025-48416 HIGH This Week

An OpenSSH daemon listens on TCP port 22. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass SSH
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-48413 HIGH This Week

The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-40775 HIGH PATCH This Week

When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-20113 HIGH This Week

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Intelligence Center Unified Contact Center Express
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-34025 HIGH This Month

The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-47947 HIGH POC PATCH This Month

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Apache Denial Of Service Modsecurity Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-45753 HIGH This Month

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection Vtiger Crm
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-44040 HIGH This Month

An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via UserService.php and the checkForOldHash function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Orangehrm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-45752 HIGH POC This Month

A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Seeddms
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-3751 HIGH This Month

The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-2261 HIGH This Month

Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
7.0
EPSS
0.3%
CVE-2025-4416 HIGH PATCH This Month

Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.0.0 before 3.1.11, from 4.0.0 before 4.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Events Log Track Drupal
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-20152 HIGH This Month

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Cisco Denial Of Service Identity Services Engine
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-48207 HIGH PATCH This Month

The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-48205 HIGH PATCH This Month

The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-48201 HIGH PATCH This Month

The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-27998 HIGH This Month

An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-56429 HIGH This Month

itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-1416 HIGH This Month

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM (Mobile Device Management). Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-4803 HIGH This Month

The Glossary by WPPedia - Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress PHP Deserialization
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2025-1712 HIGH This Month

Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Checkmk
NVD
CVSS 4.0
8.7
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy