Skip to main content
CVE-2025-32814 CRITICAL POC THREAT Emergency

An issue was discovered in Infoblox NETMRI before 7.6.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 32.1% and no vendor patch available.

SQLi Netmri
NVD
CVSS 3.1
9.8
EPSS
32.1%
Threat
4.4
CVE-2025-32815 MEDIUM POC THREAT This Month

An issue was discovered in Infoblox NETMRI before 7.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 33.5% and no vendor patch available.

Authentication Bypass Netmri
NVD
CVSS 3.1
6.5
EPSS
33.5%
CVE-2024-41196 CRITICAL POC Act Now

An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Innovation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-41198 CRITICAL POC Act Now

An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Innovation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-41197 CRITICAL POC Act Now

An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Innovation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-41195 CRITICAL POC Act Now

An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Innovation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-32813 HIGH POC THREAT Act Now

An issue was discovered in Infoblox NETMRI before 7.6.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.3% and no vendor patch available.

Command Injection Netmri
NVD
CVSS 3.1
7.2
EPSS
10.3%
CVE-2025-4123 HIGH POC PATCH This Week

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect XSS SSRF Grafana Path Traversal
NVD Exploit-DB VulDB
CVSS 3.1
7.6
EPSS
6.3%
CVE-2025-45471 HIGH POC This Week

Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Measure Cold Start
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40462 HIGH POC This Week

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40461 HIGH POC This Week

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40460 HIGH POC This Week

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40459 HIGH POC This Week

An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40458 HIGH POC This Week

An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-41199 HIGH POC This Week

An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-5076 MEDIUM POC This Month

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5075 MEDIUM POC This Month

A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5074 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-48368 MEDIUM POC This Month

Group-Office is an enterprise customer relationship management and groupware tool. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Group Office
NVD GitHub
CVSS 4.0
5.8
EPSS
0.2%
CVE-2024-48853 CRITICAL Act Now

An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user.08.03; NEXUS Series: through 3.08.03; MATRIX Series:. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
9.5
EPSS
0.3%
CVE-2025-5079 MEDIUM POC This Month

A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-5078 MEDIUM POC This Month

A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2024-13955 CRITICAL Act Now

2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.*; NEXUS Series: through 3.*;. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
9.4
EPSS
0.2%
CVE-2025-3887 HIGH POC PATCH This Week

A stack-based buffer overflow vulnerability exists in GStreamer's H265 codec parsing functionality that allows remote attackers to execute arbitrary code on affected systems. The vulnerability occurs when processing malformed H265 slice headers, enabling attackers to overflow a fixed-length stack buffer and potentially take control of the application processing the media content. With an EPSS score of 0.61% (69th percentile) and a CVSS score of 8.8, this represents a significant risk for applications using GStreamer for video processing, though it requires user interaction to exploit.

RCE Buffer Overflow Debian Linux Gstreamer Red Hat +1
NVD VulDB GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2024-13956 HIGH This Week

SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-13952 HIGH This Week

Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series:. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-2759 HIGH PATCH This Week

A local privilege escalation vulnerability in GStreamer's installer allows attackers with low-privileged access to escalate to higher privileges due to incorrect folder permissions. The vulnerability affects all versions of GStreamer and enables arbitrary code execution in the context of a target user. With a low EPSS score of 0.01% and no KEV listing, this vulnerability has limited evidence of active exploitation in the wild.

Privilege Escalation RCE Gstreamer Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-3937 HIGH This Week

Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-5024 HIGH PATCH This Week

A flaw was found in gnome-remote-desktop. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
7.4
EPSS
0.5%
CVE-2025-2272 HIGH This Week

Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.05. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2024-51552 HIGH This Week

Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2025-33137 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-33136 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-48848 HIGH This Week

Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series:. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.3%
CVE-2024-51553 HIGH This Week

Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series:. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-13957 HIGH This Week

SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-13953 MEDIUM This Month

Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2023-47466 LOW POC PATCH Monitor

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available.

Null Pointer Dereference Denial Of Service Taglib
NVD GitHub
CVSS 3.1
2.9
EPSS
0.0%
CVE-2025-3938 MEDIUM This Month

Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis.14.2, before 4.15.1,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-48373 MEDIUM PATCH This Month

Schule is open-source school management system software. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Schule School Management System
NVD GitHub
CVSS 4.0
6.6
EPSS
0.3%
CVE-2025-48372 MEDIUM PATCH This Month

Schule is open-source school management system software. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Brute Force Information Disclosure Schule School Management System
NVD GitHub
CVSS 4.0
6.6
EPSS
0.3%
CVE-2025-3111 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Kubernetes Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-2853 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-3936 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-4575 MEDIUM PATCH This Month

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13951 MEDIUM This Month

One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attacker*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.1
EPSS
0.2%
CVE-2025-3941 MEDIUM This Month

Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation.14.2,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2025-33138 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Faspex
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-3940 MEDIUM This Month

Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation.14.2,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-3939 MEDIUM This Month

Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis.14.2, before 4.15.1,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
5.3
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy