Skip to main content
CVE-2025-5268 HIGH PATCH This Week

Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-5269 HIGH PATCH This Week

Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-5270 HIGH PATCH This Week

In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-5272 HIGH PATCH This Week

Memory safety bugs present in Firefox 138 and Thunderbird 138. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-48798 HIGH PATCH This Week

A flaw was found in GIMP when processing XCF image files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-48797 HIGH PATCH This Week

A flaw was found in GIMP when processing certain TGA image files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-48796 HIGH PATCH This Week

A flaw was found in GIMP. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5222 HIGH PATCH This Week

A stack buffer overflow was found in Internationl components for unicode (ICU ). Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow RCE International Components For Unicode
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-5280 HIGH PATCH This Month

Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-5279 HIGH PATCH This Month

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Python Red Hat
NVD GitHub
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-5063 HIGH PATCH This Month

Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-45529 HIGH POC This Month

An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Siteserver Cms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-49196 HIGH This Month

An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Denial Of Service Exynos 1480 Firmware Exynos 2400 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-27700 HIGH This Month

There is a possible bypass of carrier restrictions due to an unusual root cause. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48383 HIGH PATCH This Month

Django-Select2 is a Django integration for Select2. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2025-5262 HIGH PATCH This Month

A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Thunderbird Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-5117 HIGH This Month

The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-41653 HIGH This Month

An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-41650 HIGH This Month

An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-41649 HIGH This Month

An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-5228 HIGH POC This Week

A vulnerability was found in D-Link DI-8100 up to 20250523. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Di 8100 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.6%
CVE-2025-5215 HIGH POC This Week

A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dcs 5020L Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy