Skip to main content
CVE-2025-6511 HIGH POC This Week

CVE-2025-6511 is a critical stack-based buffer overflow vulnerability in Netgear EX6150 (version 1.0.0.46_1.0.76) affecting the sub_410090 function, allowing authenticated attackers to achieve remote code execution with high integrity, confidentiality, and availability impact. The vulnerability is publicly disclosed with proof-of-concept code available, and impacts only end-of-life products no longer receiving vendor support, elevating real-world exploitation risk for unpatched legacy deployments.

Buffer Overflow Netgear RCE Denial Of Service Ex6150 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-6510 HIGH POC This Week

CVE-2025-6510 is a critical stack-based buffer overflow vulnerability in Netgear EX6100 WiFi extender (version 1.0.2.28_1.1.138) affecting the sub_415EF8 function. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with high integrity and availability impact. The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support.

Buffer Overflow Netgear RCE Ex6100 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-50349 HIGH POC This Week

PHPGurukul Pre-School Enrollment System v1.0 contains a directory traversal vulnerability in the update-teacher-pic.php endpoint that allows unauthenticated remote attackers to read arbitrary files from the server with high confidence. An attacker can exploit this network-accessible vulnerability without any privileges or user interaction to disclose sensitive files, potentially exposing database credentials, configuration files, or other system information. The high CVSS score of 7.5 reflects the ease of exploitation (network-accessible, low complexity, no authentication required) and significant confidentiality impact, though this vulnerability does not permit file modification or denial of service.

PHP Path Traversal Pre School Enrollment System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-50348 HIGH POC This Week

CVE-2025-50348 is a Directory Traversal vulnerability in PHPGurukul Pre-School Enrollment System Project version 1.0, specifically in the update-class-pic.php file. An unauthenticated remote attacker can exploit this vulnerability to read sensitive files from the server, achieving high confidentiality impact without requiring user interaction or special privileges. The vulnerability has a CVSS score of 7.5 (High) with a network-based attack vector and low attack complexity, indicating it is easily exploitable by remote actors; however, exploitation is limited to information disclosure without modification capabilities.

PHP Path Traversal Pre School Enrollment System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-44528 HIGH POC This Week

CVE-2025-44528 is a network-based Denial of Service vulnerability in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK version 7.41.00.17 that allows unauthenticated remote attackers to crash or disable affected devices by sending a maliciously crafted LL_Pause_Enc_Req packet during the Bluetooth Low Energy authentication and connection establishment phase. The vulnerability has a CVSS 3.1 score of 7.5 (High) with no authentication required and low attack complexity, making it readily exploitable against vulnerable deployments. No KEV status, EPSS score, or public POC availability data was provided, but the network-accessible attack vector and lack of prerequisite conditions indicate moderate real-world risk for exposed BLE devices.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-6529 HIGH POC This Week

Remote code execution via default Telnet credentials in 70mai M300 dashcam firmware (versions up to 20250611) allows adjacent network attackers to gain full device control without authentication. The vulnerability has public exploit code available on GitHub demonstrating malicious file upload and code execution capabilities. Despite CVSS 7.4 severity and public exploitation techniques, EPSS probability remains low at 0.18% (40th percentile), suggesting limited widespread targeting of consumer dashcam devices, though adjacent network requirement (AV:A) makes this exploitable in shared WiFi environments or vehicle networks.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-49126 HIGH PATCH This Week

Visionatrix versions 1.5.0 through 2.5.0 contain a Reflected XSS vulnerability in the /docs/flows endpoint that allows unauthenticated attackers to execute arbitrary JavaScript in users' browsers. The vulnerability stems from improper use of FastAPI's get_swagger_ui_html function with unsanitized user-controlled input, enabling session hijacking and exfiltration of application secrets. The CVSS 8.8 score reflects high severity due to network accessibility, low attack complexity, and no privilege requirements, though user interaction is required to trigger the exploit.

XSS Information Disclosure Python
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-23049 HIGH This Week

CVE-2025-23049 is an OS Command Injection vulnerability in Meridian Technique Materialise OrthoView through version 7.5.1 that allows unauthenticated remote attackers to execute arbitrary operating system commands when servlet sharing is enabled. The vulnerability has a CVSS score of 8.4 (High) and affects healthcare/dental imaging software used by medical professionals. Attackers can achieve high confidentiality impact and high availability impact, making this a significant threat to healthcare organizations relying on OrthoView for patient imaging workflows.

Command Injection
NVD
CVSS 4.0
8.4
EPSS
0.6%
CVE-2023-50450 HIGH This Week

A privilege escalation vulnerability in Sensopart VISOR Vision Sensors (CVSS 8.4) that allows local users. High severity vulnerability requiring prompt remediation.

Privilege Escalation Visor Vision Sensors Firmware
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2023-47294 HIGH This Week

CVE-2023-47294 is a session cookie validation flaw in NCR Terminal Handler v1.5.1 that permits authenticated attackers with low privileges to craft malicious session cookies to arbitrarily deactivate, lock, and delete user accounts, resulting in high integrity and availability impact. This vulnerability has a CVSS 8.1 score (High severity) and affects NCR's point-of-sale and terminal management infrastructure; while no public POC or active KEV listing is confirmed from the provided data, the network-accessible nature (AV:N) and low attack complexity (AC:L) make this a material risk for organizations deploying this terminal handler in production environments.

Information Disclosure Terminal Handler
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-2171 HIGH This Week

Aviatrix Controller versions before 7.1.4208, 7.2.5090, and 8.0.0 lack rate limiting on password reset PIN attempts, allowing unauthenticated attackers to brute force 6-digit PINs over the network without authentication or user interaction. This vulnerability is characterized as having exploitation probability (E:P in CVSS vector) and enables complete account takeover via password reset bypass, affecting all Aviatrix Controller deployments in vulnerable versions.

Information Disclosure
NVD GitHub
CVSS 4.0
7.8
EPSS
0.1%
CVE-2025-48026 HIGH This Week

CVE-2025-48026 is a path traversal vulnerability in the WebApl component of Mitel OpenScape Xpressions that allows unauthenticated attackers to read arbitrary files from the underlying operating system due to insufficient input validation. The vulnerability affects OpenScape Xpressions through version V7R1 FR5 HF43 P913, and successful exploitation could expose sensitive information without requiring authentication, elevated privileges, or user interaction. The CVSS 7.5 score reflects the high confidentiality impact, though integrity and availability are not affected.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-52922 HIGH This Week

CVE-2025-52922 is a directory traversal vulnerability in Innoshop through version 0.4.1 that allows authenticated administrators to abuse multiple FileManager API endpoints to map the filesystem, create/delete arbitrary directories and files, read sensitive files, and move files anywhere on the server. With a CVSS score of 7.4 and low attack complexity, this represents a significant integrity and confidentiality risk for affected deployments, though exploitation requires valid administrative credentials.

Path Traversal
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2025-27387 HIGH This Week

OPPO Clone Phone devices implement a WiFi hotspot file transfer feature that uses weak default or easily guessable passwords, allowing unauthenticated attackers on the local network to connect and access sensitive files without authentication. This vulnerability (CVE-2025-27387) carries a CVSS score of 7.4 with high confidentiality impact, though exploitation requires physical proximity to the affected device's WiFi network. No active exploitation in the wild has been confirmed in public KEV databases, but the attack surface is significant given the prevalence of file-sharing features in budget smartphone lines.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-49144 HIGH PATCH This Week

CVE-2025-49144 is a privilege escalation vulnerability in Notepad++ v8.8.1 and earlier that exploits insecure executable search paths in the installer to allow unprivileged local users to execute arbitrary code with SYSTEM privileges. An attacker can leverage social engineering to colocate a malicious executable with the legitimate installer in a writable directory (e.g., Downloads), and upon installer execution, the malicious payload runs with elevated privileges. The vulnerability is fixed in version 8.8.2.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-23092 HIGH This Week

A path traversal vulnerability (CVSS 7.2) that allows an authenticated attacker with administrative privileges. High severity vulnerability requiring prompt remediation.

Path Traversal
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-52558 HIGH PATCH This Week

CVE-2025-52558 is a reflected/stored cross-site scripting (XSS) vulnerability in changedetection.io prior to version 0.50.4, where error messages from website change detection filters are not properly sanitized before display. Attackers can inject malicious JavaScript through crafted filter configurations or monitored web pages, potentially compromising user sessions and data. The vulnerability requires user interaction (clicking a link/visiting a page) and affects all users of the open-source change detection service, though no CISA KEV listing or widespread active exploitation is currently documented.

XSS
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy