Unauthenticated RCE in JEHC-BPM 2.0.1 via execParams. EPSS 17.3%. PoC and patch available. CVSS 10.0.
XSS in MailEnable before v10 via failure.aspx. EPSS 11.5%. PoC available.
Unauthenticated RCE in Audiocodes Mediapack MP-11x through 6.60A. EPSS 1.2%. PoC available.
Buffer overflow in Sangoma IMG2020 HTTP server through 2.3.9.6. EPSS 0.74%. PoC available.
Auth bypass in DataEase via CVE-2025-49001 patch evasion. PoC available.
Auth bypass in DataEase BI tool before 2.10.10.
Auth bypass account takeover in Golo City Travel Guide WordPress theme.
Credential exposure in IBM QRadar Suite 1.10.12.0-1.11.2.0.
Path traversal in Python tarfile extraction with filter='data'.
Insecure deserialization in Auth0-PHP SDK 8.0.0-BETA3 to before 8.3.1.
OOB write in Samsung Exynos 1380 processor.