Skip to main content
CVE-2025-6554 HIGH POC KEV PATCH THREAT Act Now

Chrome's V8 engine contains a type confusion vulnerability (CVE-2025-6554, CVSS 8.1) enabling arbitrary read/write operations through crafted HTML pages. KEV-listed with public PoC, type confusion in V8 is the most reliable class of browser exploitation primitives, providing full memory read/write capability for code execution within the renderer sandbox.

Google Information Disclosure Memory Corruption Debian Chrome +2
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
Threat
4.6
CVE-2025-32462 HIGH POC PATCH THREAT Act Now

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

Authentication Bypass Sudo
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
17.4%
CVE-2025-6887 HIGH POC This Week

A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow Ac5 Firmware Tenda
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-6886 HIGH POC This Week

A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow Ac5 Firmware Tenda
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-6881 HIGH POC This Week

A vulnerability was found in D-Link DI-8100 16.07.21. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pppoe_base.asp of the component jhttpd. The manipulation of the argument mschap_en leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow Di 8100 Firmware D-Link
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-46014 HIGH POC This Week

Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation.

Privilege Escalation Pc Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-52995 HIGH POC PATCH This Week

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more shell commands than they are authorized for. The concrete impact of this vulnerability depends on the commands configured, and the binaries installed on the server or in the container image. Due to the missing separation of scopes on the OS-level, this could give an attacker access to all files managed the application, including the File Browser database. This issue has been patched in version 2.33.10.

Command Injection Filebrowser Suse
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-6916 HIGH POC This Week

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-45143 HIGH POC This Week

string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.

Denial Of Service String Math
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-6882 HIGH This Week

A vulnerability classified as critical has been found in D-Link DIR-513 1.0. This affects an unknown part of the file /goform/formSetWanPPTP. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Buffer Overflow Dir 513 Firmware D-Link
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-49521 HIGH PATCH This Week

A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft.

RCE Code Injection Red Hat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49520 HIGH PATCH This Week

A security vulnerability in A flaw (CVSS 8.8) that allows an authenticated attacker. High severity vulnerability requiring prompt remediation.

Code Injection Kubernetes Red Hat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-52898 HIGH PATCH This Week

Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This can only be exploited on self hosted instances configured in a certain way. Frappe Cloud users are safe. This issue has been patched in versions 14.94.3 and 15.58.0. Workarounds for this issue involve verifying password reset URLs before clicking on them or upgrading for self hosted users.

Information Disclosure Frappe
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-36593 HIGH PATCH This Week

Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed authentication request.

Dell Authentication Bypass Openmanage Network Integration
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-53416 HIGH This Week

Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution

Deserialization RCE
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-53415 HIGH This Week

Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution

Deserialization RCE
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-38087 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t protected by an RCU read-side critical section, a race with advance_sched() can lead to a use-after-free. Adding rcu_read_lock() inside taprio_dev_notifier() prevents this.

Linux Use After Free Memory Corruption Information Disclosure Ubuntu +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-8419 HIGH This Week

The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-53621 HIGH This Week

A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Buffer Overflow Stack Overflow Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-40732 HIGH This Week

A security vulnerability in Daily Expense Manager (CVSS 7.5). High severity vulnerability requiring prompt remediation.

PHP Information Disclosure Daily Expense Manager
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-52895 HIGH PATCH This Week

Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. This issue has been patched in versions 14.94.3 and 15.58.0. There are no workarounds for this issue other than upgrading.

SQLi Frappe
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-38088 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap memtrace mmap issue has an out of bounds issue. This patch fixes the by checking that the requested mapping region size should stay within the allocated region size.

Information Disclosure Buffer Overflow Linux Ubuntu Debian +4
NVD
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy