Skip to main content
CVE-2025-4009 CRITICAL POC THREAT Emergency

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

Command Injection PHP Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
12.3%
CVE-2025-45343 CRITICAL POC Act Now

An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Authentication Bypass W18E Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-5287 HIGH POC THREAT Act Now

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.0% and no vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
10.0%
CVE-2025-27706 MEDIUM Monitor

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 4.0
4.6
EPSS
0.2%
CVE-2025-27703 HIGH This Month

CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Secure Access
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-27702 MEDIUM This Month

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Secure Access
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5256 MEDIUM PATCH This Month

SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-48749 CRITICAL This Week

Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Directory Manager
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-48747 MEDIUM This Month

Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Directory Manager
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2025-47748 MEDIUM This Month

Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Directory Manager
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-32803 MEDIUM PATCH Monitor

In some cases, Kea log files or lease files may be world-readable.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Suse
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-31501 HIGH This Month

Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Request Tracker
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-31500 HIGH This Month

Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Request Tracker
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-30087 HIGH This Month

Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Request Tracker
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-1461 MEDIUM This Month

Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component in Vuetify allows unsanitized HTML to be inserted into the page. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD GitHub HeroDevs
CVSS 3.1
5.6
EPSS
0.2%
CVE-2024-57338 MEDIUM This Month

An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE File Upload
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-57337 MEDIUM This Month

An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE File Upload
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-57336 MEDIUM This Month

Incorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to obtain Administrator account access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-47057 MEDIUM PATCH This Month

SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-47055 MEDIUM PATCH Monitor

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Mautic
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-5257 MEDIUM PATCH This Month

SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-48931 LOW Monitor

The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-48930 LOW Monitor

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues. Rated low severity (CVSS 2.8). No vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
2.8
EPSS
0.1%
CVE-2025-48929 MEDIUM Monitor

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-48928 MEDIUM KEV THREAT Act Now

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
4.0
EPSS
8.3%
CVE-2025-48927 MEDIUM KEV THREAT Act Now

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Information Disclosure Java Telemessage
NVD
CVSS 3.1
5.3
EPSS
7.6%
CVE-2025-48926 MEDIUM Monitor

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-48925 MEDIUM Monitor

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-48746 MEDIUM This Month

Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Directory Manager
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-36572 MEDIUM This Month

Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerstoreos
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32802 MEDIUM PATCH This Month

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-32801 HIGH PATCH This Month

Kea configuration and API directives can be used to load a malicious hook library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-47056 MEDIUM PATCH This Month

SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nginx Apache Information Disclosure
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-51453 MEDIUM Monitor

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Sterling Secure Proxy
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-38341 MEDIUM This Month

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Sterling Secure Proxy
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-3357 CRITICAL This Week

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM RCE Tivoli Monitoring
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-5277 CRITICAL This Week

aws-mcp-server MCP server is vulnerable to command injection. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.4
EPSS
0.7%
CVE-2025-4134 HIGH This Month

Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-48734 HIGH PATCH This Month

Improper Access Control vulnerability in Apache Commons. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache Authentication Bypass Java Commons Beanutils +2
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-45997 HIGH POC This Week

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Web Based Pharmacy Product Management System
NVD GitHub
CVSS 3.1
8.6
EPSS
0.7%
CVE-2025-40651 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Real Easy Store. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD
CVSS 4.0
5.1
EPSS
0.4%
CVE-2025-4493 MEDIUM This Month

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue.1.3.0 through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-5299 MEDIUM POC This Week

A vulnerability was found in SourceCodester Client Database Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Client Database Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5298 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB Exploit-DB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5297 MEDIUM POC Monitor

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0.c. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Simple Computer Store System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3864 LOW Monitor

Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
2.3
EPSS
0.3%
CVE-2025-5295 MEDIUM POC This Week

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-40673 MEDIUM This Month

A Missing Authorization vulnerability has been found in DinoRANK. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4963 MEDIUM This Month

The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1753 HIGH POC PATCH This Month

LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection RCE Llamaindex Red Hat
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy