Skip to main content
CVE-2025-48336 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object Injection.6.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-41591 CRITICAL Act Now

An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Onos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-30466 CRITICAL Act Now

This issue was addressed through improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-5307 HIGH This Week

Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Dicom Viewer Pro
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-31189 HIGH This Week

A file quarantine bypass was addressed with additional checks. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-5273 MEDIUM This Month

All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5276 MEDIUM This Month

All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-31198 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31199 MEDIUM This Month

A logging issue was addressed with improved data redaction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31261 MEDIUM This Month

A permissions issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-4583 MEDIUM This Month

The Smash Balloon Social Photo Feed - Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-31264 MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-5332 MEDIUM POC This Week

A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Notice Board
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5331 MEDIUM POC This Week

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pcman Ftp Server
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5330 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-31263 CRITICAL This Week

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow macOS
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-31231 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-5328 MEDIUM POC This Month

A vulnerability was found in chshcms mccms 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Mccms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-5327 MEDIUM POC This Month

A vulnerability was found in chshcms mccms 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mccms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-5326 MEDIUM This Month

A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Adp Application Developer Platform
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-5325 MEDIUM This Month

A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Adp Application Developer Platform
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4967 CRITICAL This Week

Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Portal For Arcgis
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-47933 CRITICAL PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Kubernetes XSS Argo Cd Red Hat Suse
NVD GitHub
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-47288 LOW Monitor

Discourse Policy plugin gives the ability to confirm users have seen or done something. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-3050 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-2518 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-54952 HIGH This Month

MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Buffer Overflow Mikrotik Denial Of Service Routeros
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-49350 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Stack Overflow Buffer Overflow Denial Of Service Microsoft +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-5324 MEDIUM Monitor

A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-46701 HIGH PATCH This Month

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Tomcat Red Hat Suse
NVD HeroDevs
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-32752 MEDIUM This Month

Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Thinos
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-5323 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1.py of the component Mail Verification Handler. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-46823 HIGH This Month

openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
8.0
EPSS
0.3%
CVE-2025-29632 MEDIUM POC This Month

Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Free5gc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-53423 MEDIUM This Month

An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Onos
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-48475 MEDIUM POC PATCH This Month

FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Freescout
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-46722 MEDIUM PATCH Monitor

vLLM is an inference and serving engine for large language models (LLMs). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable.

Information Disclosure Vllm Red Hat
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-46570 LOW PATCH Monitor

vLLM is an inference and serving engine for large language models (LLMs). Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Vllm
NVD GitHub
CVSS 3.1
2.6
EPSS
0.2%
CVE-2024-51392 HIGH This Month

An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-48474 MEDIUM POC PATCH This Month

FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Freescout
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-48473 MEDIUM POC PATCH This Month

FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Freescout
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-48472 MEDIUM POC PATCH This Week

FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freescout
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-48471 HIGH POC PATCH This Month

FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Apache RCE File Upload Freescout
NVD GitHub
CVSS 4.0
7.0
EPSS
2.9%
CVE-2025-48390 HIGH POC PATCH This Week

FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Code Injection Freescout
NVD GitHub
CVSS 4.0
8.6
EPSS
1.3%
CVE-2025-48389 HIGH POC PATCH This Week

FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Deserialization Freescout
NVD GitHub
CVSS 4.0
8.6
EPSS
4.0%
CVE-2025-45474 HIGH POC This Month

maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Maccms
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-3913 MEDIUM PATCH This Month

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-5334 HIGH This Month

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Google Authentication Bypass Apple Remote Desktop Manager +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-5321 MEDIUM POC This Month

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Aim
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-4081 MEDIUM Monitor

Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
CVSS 4.0
4.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy