Skip to main content
CVE-2025-5307 HIGH This Week

Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Dicom Viewer Pro
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-31189 HIGH This Week

A file quarantine bypass was addressed with additional checks. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-54952 HIGH This Month

MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Buffer Overflow Mikrotik Denial Of Service Routeros
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-46701 HIGH PATCH This Month

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Tomcat Red Hat Suse
NVD HeroDevs
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-46823 HIGH This Month

openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
8.0
EPSS
0.3%
CVE-2024-51392 HIGH This Month

An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-48471 HIGH POC PATCH This Month

FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Apache RCE File Upload Freescout
NVD GitHub
CVSS 4.0
7.0
EPSS
2.9%
CVE-2025-48390 HIGH POC PATCH This Week

FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Code Injection Freescout
NVD GitHub
CVSS 4.0
8.6
EPSS
1.3%
CVE-2025-48389 HIGH POC PATCH This Week

FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Deserialization Freescout
NVD GitHub
CVSS 4.0
8.6
EPSS
4.0%
CVE-2025-45474 HIGH POC This Month

maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Maccms
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-5334 HIGH This Month

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Google Authentication Bypass Apple Remote Desktop Manager +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-22654 HIGH POC PATCH This Month

tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpreplay Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-48045 HIGH This Month

An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-48388 HIGH PATCH This Month

FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Freescout
NVD GitHub
CVSS 4.0
7.0
EPSS
0.3%
CVE-2025-4687 HIGH This Month

In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy