Skip to main content
CVE-2025-48954 HIGH POC PATCH THREAT Act Now

Discourse versions prior to 3.5.0.beta6 contain a reflected cross-site scripting (XSS) vulnerability in social login functionality that is only exploitable when Content Security Policy (CSP) is disabled. An unauthenticated attacker can craft a malicious link leveraging social authentication endpoints to inject arbitrary JavaScript, potentially stealing session tokens, credentials, or performing actions on behalf of the victim. The vulnerability requires user interaction (clicking a malicious link) but has high impact on confidentiality and integrity with no availability impact.

XSS Discourse
NVD GitHub
CVSS 3.1
8.1
EPSS
14.0%
CVE-2025-6627 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link A702r Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-6617 HIGH POC This Week

CVE-2025-6617 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the /goform/formAdvanceSetup endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'webpage' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impacts). The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support.

Buffer Overflow D-Link Stack Overflow RCE Dir 619l Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-6616 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in D-Link DIR-619L firmware version 2.06B01, affecting the formSetWAN_Wizard51 function's handling of the curTime parameter. An authenticated attacker can exploit this remotely to achieve complete system compromise (confidentiality, integrity, and availability), and the exploit has been publicly disclosed with no vendor patches available since the product is end-of-life.

Buffer Overflow D-Link RCE Dir 619l Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-6615 HIGH POC This Week

CVE-2025-6615 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the formAutoDetecWAN_wizard4 function. An authenticated remote attacker can exploit improper handling of the 'curTime' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support.

Buffer Overflow D-Link RCE Dir 619l Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-6614 HIGH POC This Week

CVE-2025-6614 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the WAN configuration function. An authenticated remote attacker can exploit this vulnerability by manipulating the 'curTime' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impacts). The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support.

Buffer Overflow D-Link Stack Overflow RCE Dir 619l Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-45333 HIGH POC PATCH This Week

CVE-2025-45333 is a Null Pointer Dereference vulnerability in Berkeley ABC (version 1.1) within the Abc_NtkCecFraigPart function that causes denial of service through segmentation faults and program crashes. The vulnerability is remotely exploitable without authentication or user interaction, affecting any system running the vulnerable ABC library for circuit synthesis and verification tasks. An attacker can trigger a crash by providing malformed input to the data processing module, resulting in complete service unavailability.

Null Pointer Dereference Denial Of Service Abc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-45332 HIGH POC This Week

CVE-2025-45332 is a Null Pointer Dereference vulnerability in vkoskiv c-ray 1.1's parse_mtllib function that causes segmentation faults and program crashes. While the CVSS score of 7.5 indicates high severity, the vulnerability results in Availability impact only (crashes) with no confidentiality or integrity compromise, making it primarily a denial-of-service risk rather than an exploitable code execution vulnerability. The network-accessible attack vector (AV:N) and lack of privilege requirements (PR:N) mean remote attackers can trigger crashes without authentication.

Denial Of Service C Ray
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-25905 HIGH POC This Week

CVE-2025-25905 is a Reflected Cross-Site Scripting (XSS) vulnerability in CADClick versions 1.13.0 and earlier that allows unauthenticated remote attackers to inject arbitrary HTML and JavaScript through the 'tree' parameter. Successful exploitation requires user interaction (clicking a malicious link) but can lead to session hijacking, credential theft, and defacement. The vulnerability has a CVSS score of 7.1 (high severity) with a moderate attack complexity, indicating it is practically exploitable in real-world scenarios.

XSS Cadclick
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-5015 HIGH PATCH This Week

CVE-2025-5015 is a stored/reflected cross-site scripting (XSS) vulnerability in AccuWeather and Custom RSS widget implementations that permits unauthenticated attackers to inject malicious scripts by replacing legitimate RSS feed URLs with attacker-controlled URLs. The vulnerability has a CVSS 3.1 score of 8.8 (High) with network-based attack vector requiring only user interaction, enabling attackers to achieve high confidentiality, integrity, and availability impact on affected systems. Given the network accessibility and low attack complexity, this represents a significant real-world risk for any platform hosting these widgets.

XSS
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-5830 HIGH This Week

CVE-2025-5830 is a heap-based buffer overflow vulnerability in Autel MaxiCharger AC Wallbox Commercial EV chargers affecting the DLB_SlaveRegister message handler. Network-adjacent attackers can execute arbitrary code without authentication due to insufficient input validation on user-supplied data length before copying to a fixed-length buffer. This is a critical vulnerability affecting critical infrastructure (EV charging stations) with a CVSS score of 8.8 and high real-world exploitability due to the unauthenticated, network-adjacent attack vector.

RCE Buffer Overflow Maxicharger Single Charger Firmware Maxicharger Dc Compact Mobile Firmware Maxicharger Dh480 Firmware +6
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2025-5827 HIGH This Week

CVE-2025-5827 is a stack-based buffer overflow vulnerability in the ble_process_esp32_msg function of Autel MaxiCharger AC Wallbox Commercial EV chargers that allows unauthenticated, network-adjacent attackers to execute arbitrary code with high impact. The vulnerability results from insufficient validation of user-supplied data length before copying to a fixed-size stack buffer, affecting commercial EV charging infrastructure without requiring authentication or user interaction.

RCE Buffer Overflow Maxicharger Ac Pro Firmware Maxicharger Dc Compact Mobile Firmware Maxicharger Ac Elite Business C50 Firmware +6
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2025-36004 HIGH This Week

CVE-2025-36004 is a privilege escalation vulnerability in IBM Facsimile Support for i affecting IBM i 7.2, 7.3, 7.4, and 7.5. The vulnerability stems from an unqualified library call that allows authenticated users to execute arbitrary code with administrator privileges. With a CVSS score of 8.8 and network accessibility, this represents a critical privilege escalation risk for organizations running affected IBM i systems.

IBM Privilege Escalation RCE
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-5822 HIGH This Week

CVE-2025-5822 is a privilege escalation vulnerability in the Autel MaxiCharger AC Wallbox Commercial Technician API that allows authenticated attackers to escalate from low-privileged users to higher privilege levels, potentially gaining unauthorized access to administrative functions and sensitive charging station data. The vulnerability requires an attacker to first obtain a valid low-privileged API token, after which they can bypass authorization controls to access restricted resources. With a CVSS score of 8.8 and network-accessible attack vector, this represents a significant risk to commercial EV charging infrastructure.

Privilege Escalation Maxicharger Ac Ultra Firmware Maxicharger Single Charger Firmware Maxicharger Dc Compact Mobile Firmware Maxicharger Dc Compact Pedestal Firmware +5
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49152 HIGH This Week

CVE-2025-49152 is a security vulnerability (CVSS 8.7) that allows an attacker. High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-52999 HIGH PATCH This Week

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

Buffer Overflow Stack Overflow Ubuntu Debian Red Hat +1
NVD GitHub HeroDevs
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-6445 HIGH This Week

CVE-2025-6445 is a critical directory traversal vulnerability in ServiceStack's FindType method that allows remote attackers to execute arbitrary code without authentication. The vulnerability stems from insufficient path validation in file operations, enabling attackers to traverse the filesystem and execute malicious code in the context of the affected application process. With a CVSS score of 8.1 and network-based attack vector, this vulnerability poses significant risk to ServiceStack deployments, though exploitation requires application-level interaction with the vulnerable FindType method.

RCE Path Traversal Servicestack
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2025-52890 HIGH PATCH This Week

CVE-2025-52890 is a network-layer security bypass in Incus 6.12 and 6.13 where improper nftables rule generation on bridge-connected ACL devices allows attackers to circumvent MAC filtering, IPv4 filtering, and IPv6 filtering security controls. This enables ARP spoofing and full VM/container impersonation on the same bridge. The vulnerability requires administrative privilege and local network access but results in high confidentiality and availability impact across the container/VM infrastructure.

Authentication Bypass Linux Privilege Escalation Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-41255 HIGH This Week

CVE-2025-41255 is a security vulnerability (CVSS 8.0). High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows
NVD GitHub
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-6661 HIGH This Week

CVE-2025-6661 is a use-after-free vulnerability in PDF-XChange Editor that allows remote code execution when users open malicious PDF files or visit compromised websites. The vulnerability exploits improper object validation in App object handling, enabling attackers to execute arbitrary code with the privileges of the current user. With a CVSS score of 7.8 and local attack vector requiring user interaction, this represents a significant risk to PDF-XChange Editor users, particularly in environments where documents from untrusted sources are frequently processed.

RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6659 HIGH This Week

CVE-2025-6659 is an out-of-bounds write vulnerability in PDF-XChange Editor's PRC file parser that allows remote code execution with high integrity and confidentiality impact (CVSS 7.8). The vulnerability affects PDF-XChange Editor users who open malicious PRC files or visit compromised websites, requiring user interaction but no special privileges. While the vulnerability demonstrates significant local exploitation potential, real-world risk depends on KEV/CISA status, EPSS probability data, and proof-of-concept availability, which would indicate active threat actor interest.

RCE Buffer Overflow Adobe Pdf Xchange Pro Pdf Xchange Editor +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6654 HIGH This Week

CVE-2025-6654 is an out-of-bounds write vulnerability in PDF-XChange Editor's PRC file parser that enables remote code execution with high severity (CVSS 7.8). The vulnerability affects PDF-XChange Editor installations when users open malicious PRC files or visit compromised web pages, allowing attackers to execute arbitrary code in the application's context. The vulnerability (formerly tracked as ZDI-CAN-26729) requires user interaction but poses significant risk due to the ubiquity of PDF applications and the high impact of code execution.

RCE Buffer Overflow Adobe Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6651 HIGH This Week

CVE-2025-6651 is a critical out-of-bounds write vulnerability in PDF-XChange Editor's JP2 image file parser that allows remote code execution when a user opens a malicious PDF or visits a malicious webpage containing an embedded JP2 file. The vulnerability (CVSS 7.8, formerly ZDI-CAN-26713) requires user interaction but results in arbitrary code execution with full process privileges. No public exploit code availability or active KEV status has been confirmed at this time, though the high CVSS and straightforward attack vector (local file opening) suggest meaningful real-world risk.

RCE Buffer Overflow Adobe Pdf Xchange Editor Pdf Tools
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6647 HIGH This Week

CVE-2025-6647 is a critical out-of-bounds write vulnerability in PDF-XChange Editor's U3D file parsing engine that enables remote code execution with high integrity and confidentiality impact (CVSS 7.8). The vulnerability affects users who open malicious PDF files or embedded U3D objects, requiring only user interaction to exploit. This is a memory corruption flaw in a widely-used PDF editor with moderate attack complexity, making it a practical threat to enterprise environments handling untrusted documents.

RCE Buffer Overflow Adobe Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6645 HIGH This Week

CVE-2025-6645 is a use-after-free vulnerability in PDF-XChange Editor's U3D file parser that allows remote code execution with high severity (CVSS 7.8). The vulnerability affects PDF-XChange Editor across multiple versions when processing malicious U3D-embedded PDF files; attackers can execute arbitrary code in the application's process context, requiring only user interaction to open a malicious file or visit a compromised webpage. The vulnerability was previously tracked as ZDI-CAN-26642 and represents a critical remote code execution risk for users of this widely-used PDF editor.

RCE Use After Free Adobe Pdf Xchange Editor Pdf Tools
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6644 HIGH This Week

CVE-2025-6644 is a use-after-free vulnerability in PDF-XChange Editor's U3D file parser that allows remote code execution with high severity (CVSS 7.8). The vulnerability affects PDF-XChange Editor across multiple versions when processing malicious U3D-embedded PDF files or standalone U3D files, requiring only user interaction to exploit. The flaw stems from insufficient object validation before dereferencing, enabling attackers to execute arbitrary code in the application context; exploitation likelihood and active KEV status would indicate real-world threat priority.

RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6642 HIGH This Week

CVE-2025-6642 is a critical out-of-bounds read vulnerability in PDF-XChange Editor's U3D file parser that allows remote code execution with user interaction. The vulnerability affects PDF-XChange Editor across multiple versions and stems from improper validation of U3D file data structures, enabling attackers to read beyond allocated memory boundaries and execute arbitrary code in the application's context. While this vulnerability currently shows a CVSS 7.8 score indicating high severity, real-world exploitation requires user interaction (opening a malicious PDF or visiting a malicious page), moderating immediate organizational risk.

RCE Buffer Overflow Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6640 HIGH This Week

CVE-2025-6640 is a use-after-free vulnerability in PDF-XChange Editor's U3D file parsing engine that allows remote code execution when a user opens a malicious PDF or visits a compromised webpage containing a specially crafted U3D file. The vulnerability stems from insufficient object validation before operations, enabling arbitrary code execution in the context of the affected application with high impact on confidentiality, integrity, and availability. This is a local attack vector requiring user interaction, with a CVSS score of 7.8 indicating high severity.

RCE Use After Free Adobe Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6660 HIGH This Week

CVE-2025-6660 is a heap-based buffer overflow vulnerability in PDF-XChange Editor's GIF file parsing engine that enables remote code execution with high severity (CVSS 7.8). The vulnerability affects users who open malicious GIF files or visit compromised web pages hosting malicious GIFs, requiring user interaction for exploitation. The flaw stems from inadequate validation of user-supplied data lengths before copying to fixed-length buffers, allowing attackers to overwrite heap memory and execute arbitrary code in the application's context.

Heap Overflow RCE Buffer Overflow Adobe Pdf Tools +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-49797 HIGH This Week

CVE-2025-49797 is a privilege escalation vulnerability in multiple Brother device driver installers for Windows that allows a local attacker with limited user privileges to execute arbitrary code with administrative rights without user interaction. The vulnerability affects various Brother printer and multifunction device driver packages across multiple versions. While the CVSS score of 7.8 indicates significant severity, real-world exploitability depends on whether an attacker has local access to a system during driver installation or can manipulate installer processes.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-5834 HIGH This Week

CVE-2025-5834 is a local privilege escalation vulnerability in Pioneer DMH-WT7600NEX infotainment systems caused by a missing hardware root of trust in the SoC configuration. An attacker with local access and valid authentication credentials can bypass the existing authentication mechanism and execute arbitrary code during boot with elevated privileges. The vulnerability has a CVSS score of 7.8 (High) and was previously tracked as ZDI-CAN-26078; exploitation likelihood and active exploitation status depend on public POC availability and EPSS scoring.

RCE Privilege Escalation Dmh Wt7600nex Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-52479 HIGH PATCH This Week

CVE-2025-52479 is a CRLF injection vulnerability in URIs.jl (<1.6.0) and HTTP.jl (<1.10.17) that allows attackers to construct malicious URIs containing carriage return and line feed characters. If user input is not properly escaped, this can enable CRLF injection attacks to manipulate HTTP headers or protocol boundaries. The vulnerability has a CVSS score of 7.7 (high integrity impact) and affects Julia ecosystem users; patch versions are available and should be deployed immediately.

Code Injection
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2024-51983 HIGH This Week

CVE-2024-51983 is an unauthenticated denial-of-service vulnerability in Web Services (HTTP port 80) that allows remote attackers to crash affected devices via malformed WS-Scan SOAP requests with unexpected JobToken values, forcing repeated reboots. The vulnerability affects multiple device types with Web Services capabilities and carries a CVSS 7.5 (High) rating with no authentication required and network-accessible attack vector, making it easily exploitable at scale.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2025-5927 HIGH This Week

The Everest Forms (Pro) WordPress plugin versions up to 1.9.4 contain an arbitrary file deletion vulnerability in the delete_entry_files() function due to insufficient path validation (CWE-36). Unauthenticated attackers can delete arbitrary files on the server by tricking an administrator into deleting a form entry, potentially leading to remote code execution through deletion of critical files like wp-config.php. This is a high-severity vulnerability (CVSS 7.5) that requires social engineering or admin interaction but can completely compromise WordPress installations.

RCE PHP WordPress Everest Forms
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-51982 HIGH This Week

CVE-2024-51982 is a denial-of-service vulnerability affecting network-connected printers and multifunction devices that expose the Printer Job Language (PJL) interface on TCP port 9100. An unauthenticated remote attacker can send a malformed PJL command with an invalid FORMLINES variable to crash the device repeatedly, causing service disruption without authentication or user interaction. The CVSS 7.5 score reflects the high availability impact, and while specific KEV/POC data was not provided in the source material, the straightforward nature of the exploit (malformed input causing crash) suggests practical exploitability.

Denial Of Service HP
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-0966 HIGH This Week

CVE-2025-0966 is a SQL injection vulnerability in IBM InfoSphere Information Server 11.7 that allows authenticated remote attackers to execute arbitrary SQL commands against the backend database. An attacker with valid credentials can view, add, modify, or delete sensitive information without administrative privileges. The vulnerability carries a CVSS score of 7.6 (High) and requires low attack complexity, making it a significant risk for organizations using affected versions.

IBM SQLi Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-6678 HIGH This Week

CVE-2025-6678 is an unauthenticated remote information disclosure vulnerability in Autel MaxiCharger AC Wallbox Commercial charging stations affecting the Pile API endpoint. An attacker can remotely access sensitive information including credentials without requiring authentication, enabling credential theft and potential further compromise of the charging infrastructure. The vulnerability has a CVSS 7.5 severity rating reflecting high confidentiality impact, and the lack of authentication requirements makes exploitation trivial.

Information Disclosure Authentication Bypass Maxicharger Dc Compact Pedestal Firmware Maxicharger Dc Compact Mobile Firmware Maxicharger Dh480 Firmware +6
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2025-49845 HIGH PATCH This Week

Discourse versions prior to 3.4.6 (stable) and 3.5.0.beta8-dev (tests-passed) contain an information disclosure vulnerability where users retain visibility of their own whisper-typed posts even after losing group membership that should restrict access to whispers. This is a logic flaw in the whisper visibility enforcement mechanism (CWE-200: Information Exposure) affecting unauthenticated network access with high confidentiality impact. No public exploitation has been reported, but the issue is easily discoverable through normal platform usage.

Information Disclosure Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-5825 HIGH This Week

CVE-2025-5825 is a firmware downgrade remote code execution vulnerability in Autel MaxiCharger AC Wallbox Commercial charging stations that allows network-adjacent attackers with Bluetooth pairing capability to execute arbitrary code by uploading a malicious firmware image without proper validation. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality, integrity, and availability impact, though exploitation requires prior Bluetooth device pairing. This is a ZDI-coordinated disclosure (ZDI-CAN-26354) affecting commercial charging infrastructure.

RCE Maxicharger Dc Compact Pedestal Firmware Maxicharger Dh480 Firmware Maxicharger Dc Compact Mobile Firmware Maxicharger Ac Pro Firmware +5
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2025-52894 HIGH PATCH This Week

OpenBao versions before 2.3.0 contain an unauthenticated denial-of-service vulnerability in the root rekey and recovery rekey endpoints that allows attackers to cancel critical key management operations without authentication or audit logging. This affects organizations using OpenBao for secrets management, and the high CVSS 7.5 score reflects the availability impact, though the vulnerability requires no special privileges or user interaction to exploit.

Denial Of Service Authentication Bypass Openbao Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-5824 HIGH This Week

CVE-2025-5824 is an authentication bypass vulnerability in Autel MaxiCharger AC Wallbox Commercial that allows network-adjacent attackers to bypass authentication through insufficient origin validation in Bluetooth pairing requests. The vulnerability (formerly ZDI-CAN-26353) has a CVSS score of 7.5 with high confidentiality, integrity, and availability impact; exploitation requires prior ability to pair a malicious Bluetooth device with the target system. No KEV or active exploitation data was provided in the supplied intelligence, and patch availability status is not documented in the available information.

Authentication Bypass Maxicharger Ac Elite Business C50 Firmware Maxicharger Dc Fast Firmware Maxicharger Dc Compact Pedestal Firmware Maxicharger Dh480 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-41256 HIGH This Week

Cyberduck and Mountain Duck improperly implement TLS certificate pinning by storing certificate fingerprints using the cryptographically weak SHA-1 algorithm instead of modern alternatives like SHA-256. This allows attackers to potentially forge or spoof self-signed certificates and perform man-in-the-middle (MITM) attacks against users of affected versions. The vulnerability affects Cyberduck through version 9.1.6 and Mountain Duck through version 4.17.5; while no public POC or active KEV exploitation is currently documented, the CVSS 7.4 rating reflects high confidentiality and integrity impact.

Information Disclosure
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2024-51979 HIGH This Week

CVE-2024-51979 is a stack-based buffer overflow vulnerability affecting authenticated users of printing and web services that process malformed HTTP/HTTPS requests with oversized Referer headers. An authenticated attacker with high privileges can exploit this flaw by sending a specially crafted request containing an empty Origin header and a Referer header with a host value exceeding 64 bytes, potentially achieving remote code execution or denial of service. The vulnerability affects services on TCP ports 80 (HTTP), 443 (HTTPS), and 631 (IPP/printing protocol), with a CVSS 7.2 score indicating high severity, though exploitation requires prior authentication.

Buffer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-6443 HIGH This Week

CVE-2025-6443 is an unauthenticated remote access control bypass vulnerability in Mikrotik RouterOS affecting VXLAN traffic handling. The vulnerability allows remote attackers to bypass ingress filtering and gain unauthorized access to internal network resources by exploiting improper validation of remote IP addresses in VXLAN packets. With a CVSS score of 7.2 (Network-based, Low complexity, No privileges required) and unauthenticated exploitation capability, this vulnerability presents a significant risk to exposed RouterOS deployments, particularly those utilizing VXLAN for network segmentation.

Mikrotik Authentication Bypass Routeros
NVD
CVSS 3.0
7.2
EPSS
0.2%
CVE-2023-44915 HIGH This Week

CVE-2023-44915 is a reflected cross-site scripting (XSS) vulnerability in c3crm's /Login.php component affecting versions up to v3.0.4, where the login_error parameter fails to properly sanitize user input. An attacker can inject malicious JavaScript that executes in victims' browsers when they click a crafted login link, potentially stealing session cookies, credentials, or performing unauthorized actions on behalf of authenticated users. With a CVSS score of 7.1 and network-based attack vector requiring only user interaction, this represents a moderate-to-high severity issue for organizations using vulnerable c3crm deployments.

PHP XSS
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27685 HIGH This Week

A SQL injection vulnerability in Student Record system Using PHP and MySQL v (CVSS 7.1) that allows a remote attacker. High severity vulnerability requiring prompt remediation.

PHP SQLi MySQL Information Disclosure Student Record System
NVD
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy