Skip to main content
CVE-2025-34093 HIGH POC PATCH THREAT Act Now

Polycom HDX Series video conferencing systems contain an authenticated command injection in the LAN traceroute function. The devcmds console accessible over Telnet allows injection of shell metacharacters through the traceroute target parameter, enabling arbitrary command execution on the conferencing endpoint.

RCE Command Injection
NVD Exploit-DB
CVSS 4.0
7.5
EPSS
46.6%
Threat
4.4
CVE-2025-34097 HIGH POC PATCH THREAT Act Now

ProcessMaker BPM platform versions prior to 3.5.4 contain an unrestricted file upload vulnerability in the plugin installation mechanism. An admin can upload a malicious .tar plugin containing arbitrary PHP code that executes during the plugin's install() method, achieving remote code execution on the workflow automation server.

File Upload PHP RCE Privilege Escalation
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
28.3%
Threat
4.1
CVE-2025-34098 HIGH POC THREAT Act Now

A path traversal vulnerability in Riverbed SteelHead VCX appliances allows authenticated users to retrieve arbitrary system files through improper input validation in the log filtering functionality. The vulnerability affects VCX255U running version 9.6.0a and potentially other VCX models, enabling authenticated attackers to bypass access controls and read sensitive system files via crafted filter expressions. With a CVSS score of 7.1 and authentication requirement, this represents a significant confidentiality risk for organizations running affected appliances, though exploitation requires valid credentials.

Path Traversal
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
41.4%
Threat
4.2
CVE-2025-7425 HIGH POC PATCH CISA Act Now

CVE-2025-7425 is a use-after-free (UAF) vulnerability in libxslt where improper memory management during XSLT tree fragment processing leads to heap corruption and potential code execution. The vulnerability affects libxslt library versions processing XSLT functions like key() that generate tree fragments, allowing local attackers with no privileges to trigger crashes or heap corruption through crafted XSLT stylesheets. While CVSS 7.8 indicates high severity, real-world impact depends on KEV inclusion status and whether public exploits exist; this vulnerability presents significant risk to applications embedding libxslt and processing untrusted XSLT input.

Denial Of Service Memory Corruption Use After Free
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
Threat
5.1
CVE-2025-7419 HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 router firmware version 1.0.0.12(3880), affecting the httpd daemon's speed test functionality. An authenticated remote attacker can exploit the destIP parameter in the /goform/setRateTest endpoint to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7418 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7417 HIGH POC This Week

CVE-2025-7417 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the /goform/setPingInfo endpoint. An authenticated attacker can exploit improper input validation on the 'ip' parameter to achieve remote code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exploit exists, and the vulnerability is actively exploitable in real-world environments.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7416 HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 1.0.0.12(3880) in the httpd component's fromSysToolTime function within /goform/setSysTimeInfo. An authenticated remote attacker can exploit this by manipulating the Time argument to achieve arbitrary code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public exploit disclosure and active exploitation indicators elevate real-world risk significantly.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-28244 HIGH POC This Week

A security vulnerability in the Local Storage in Alteryx Server 2023 (CVSS 8.8) that allows remote attackers. Risk factors: public PoC available.

Information Disclosure Alteryx Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-53628 HIGH POC PATCH This Week

CVE-2025-53628 is a memory exhaustion vulnerability in cpp-httplib versions prior to 0.20.1 that allows unauthenticated remote attackers to cause denial of service by sending HTTP requests with arbitrarily large individual header lines, exploiting the absence of per-line size limits. The vulnerability affects any application using cpp-httplib as a C++ HTTP/HTTPS library component and requires only user interaction (UI:R) to trigger, with high impact across confidentiality, integrity, and availability. No active exploitation in the wild has been confirmed, but the fix availability and related CVE-2025-53629 suggest this was discovered during security review rather than active exploitation.

Information Disclosure Cpp Httplib Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-28243 HIGH POC This Week

CVE-2025-28243 is a Stored/Reflected HTML Injection vulnerability in Alteryx Server 2023.1.1.460 affecting the pages component, enabling unauthenticated attackers to inject malicious scripts that execute in victims' browsers with user interaction. This vulnerability carries a CVSS 8.0 score with high confidentiality and integrity impact; while no KEV or confirmed EPSS data is provided in the source material, the network-accessible attack vector and relatively high CVSS indicate moderate-to-significant real-world risk depending on deployment scope and user exposure.

Code Injection Alteryx Server
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-53629 HIGH POC PATCH This Week

CVE-2025-53629 is a Denial of Service vulnerability in cpp-httplib versions prior to 0.23.0 that allows unauthenticated remote attackers to exhaust server memory through maliciously crafted HTTP requests using Transfer-Encoding: chunked headers. The vulnerability has a CVSS score of 7.5 (high severity) with a network-based attack vector requiring no authentication, and is fixed in version 0.23.0. This is a resource exhaustion attack with direct availability impact and no known public exploit code referenced in initial disclosures.

Denial Of Service Cpp Httplib Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53630 HIGH PATCH This Week

CVE-2025-53630 is a critical integer overflow vulnerability in llama.cpp's GGUF file parsing function that can trigger heap out-of-bounds read/write operations, potentially leading to information disclosure, memory corruption, or remote code execution. The vulnerability affects llama.cpp versions prior to commit 26a48ad699d50b6268900062661bd22f3e792579, with a CVSS score of 8.9 indicating high severity. The network-accessible attack vector (AV:N) combined with low complexity (AC:L) means remote attackers can exploit this without authentication by supplying malformed GGUF model files.

Heap Overflow Buffer Overflow Integer Overflow Memory Corruption Suse
NVD GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2025-6948 HIGH PATCH This Week

CVE-2025-6948 is a Stored Cross-Site Scripting (XSS) vulnerability in GitLab CE/EE that allows authenticated attackers to execute actions on behalf of other users through malicious content injection. Affected versions include 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2. An attacker with valid credentials can manipulate the UI context (via user interaction) to perform unauthorized actions with high confidentiality and integrity impact across the GitLab instance.

Gitlab Code Injection
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-53625 HIGH PATCH This Week

A security vulnerability in DynamicPageList3 extension (CVSS 8.7). High severity vulnerability requiring prompt remediation.

Information Disclosure Mediawiki PHP
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-7370 HIGH PATCH This Week

Rejected reason: Upon investigtion upstream maintainers discovered this was not a real issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Ubuntu Suse
NVD
CVSS 3.1
7.5
EPSS
6.0%
CVE-2025-2521 HIGH This Week

A remote code execution vulnerability in Honeywell Experion PKS and OneWireless WDM (CVSS 8.6). High severity vulnerability requiring prompt remediation.

RCE Buffer Overflow Honeywell Memory Corruption Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2025-46334 HIGH PATCH This Week

A remote code execution vulnerability in Git GUI (CVSS 8.6) that allows you. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-27614 HIGH PATCH This Week

CVE-2025-27614 is a command injection vulnerability in Gitk (Git's Tcl/Tk history browser) affecting versions 2.41.0 through 2.50.0 that allows arbitrary script execution with user privileges through specially crafted repository filenames. An attacker can exploit this via social engineering by tricking a user into invoking 'gitk filename' where the filename is maliciously structured to execute attacker-supplied scripts (shell, Perl, Python, etc.). With a CVSS score of 8.6 and no privilege requirement, this poses significant real-world risk for developers who clone untrusted repositories.

Python Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-46835 HIGH PATCH This Week

A remote code execution vulnerability in Git GUI (CVSS 8.5) that allows you. High severity vulnerability requiring prompt remediation.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-3946 HIGH This Week

A remote code execution vulnerability in Honeywell Experion PKS and OneWireless WDM (CVSS 8.2). High severity vulnerability requiring prompt remediation.

RCE
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-3947 HIGH This Week

A denial of service vulnerability in Honeywell Experion PKS (CVSS 8.2). High severity vulnerability requiring prompt remediation.

Denial Of Service
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-32990 HIGH PATCH This Week

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Heap Overflow Buffer Overflow Gnutls Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-32988 HIGH PATCH This Week

Memory corruption and denial of service in GnuTLS arises from a double-free (CWE-415) in the code that exports X.509 Subject Alternative Name entries containing an otherName field. When the type-id OID inside such an entry is invalid or malformed, GnuTLS calls asn1_delete_structure() on an ASN.1 node it does not own, so the same structure is freed again by the calling function, corrupting allocator state. The flaw is reachable through public GnuTLS APIs - meaning any application that parses or re-exports an attacker-supplied certificate is exposed - and there is no public exploit identified at time of analysis (EPSS 0.04%, 12th percentile; not in CISA KEV).

Buffer Overflow Denial Of Service Gnutls Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-1727 HIGH This Week

CVE-2025-1727 is a critical vulnerability in RF-based remote linking protocols used for End-of-Train (EoT) and Head-of-Train (HoT/FRED) devices in railway operations. The vulnerability exploits a weak BCH checksum implementation that allows attackers to forge brake control commands using software-defined radios (SDR), potentially disrupting train operations or overwhelming brake systems. This affects railway infrastructure globally, with a CVSS score of 8.1 indicating high severity; active exploitation status and proof-of-concept availability are critical factors that determine immediate priority despite the attack requiring physical/adjacent network proximity.

IoT SCADA Industrial Authentication Bypass Denial Of Service
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-52837 HIGH PATCH This Week

Trend Micro Password Manager (Consumer) versions 5.8.0.1327 and below contains a privilege escalation vulnerability exploiting symbolic link following and file/folder deletion capabilities. An authenticated local attacker with low privileges can leverage this vulnerability to delete arbitrary files and escalate privileges on the affected system. While no active exploitation in the wild has been publicly confirmed as of this analysis, the local attack vector and straightforward nature of symbolic link exploitation represent meaningful risk to Password Manager users.

Privilege Escalation Password Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-52521 HIGH PATCH This Week

Trend Micro Security 17.8 for consumer platforms contains a local privilege escalation vulnerability via improper symlink handling (CWE-64: Improper Link Resolution Before File Access) that allows a local attacker with limited privileges to delete or modify critical Trend Micro system files without user interaction. The vulnerability affects Trend Micro Security 17.8 specifically and carries a CVSS 3.1 score of 7.8 (High) with local attack vector; KEV status, EPSS score, and active exploitation data are not provided in available sources, limiting real-world risk quantification.

Privilege Escalation Trend Micro Path Traversal Maximum Security 2022
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-5037 HIGH PATCH This Week

CVE-2025-5037 is a memory corruption vulnerability in Autodesk Revit triggered by parsing maliciously crafted RFA, RTE, or RVT files, allowing unauthenticated local attackers with user interaction to execute arbitrary code with the privileges of the Revit process. With a CVSS score of 7.8 and requiring only local access and user interaction (opening a file), this vulnerability poses significant risk to design and engineering teams who routinely handle external Revit model files.

RCE Buffer Overflow Revit
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-53503 HIGH PATCH This Week

CVE-2025-53503 is a privilege escalation vulnerability in Trend Micro Cleaner One Pro that allows a local attacker with low privileges to delete critical Trend Micro system files, potentially including the security software itself. The CVSS 7.8 score reflects high impact across confidentiality, integrity, and availability. No public exploit code or active exploitation in the wild has been confirmed at this time, but the vulnerability requires only low privileges and no user interaction, making it a material risk for environments running this product.

Privilege Escalation Trend Micro Cleaner One
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-5040 HIGH PATCH This Week

CVE-2025-5040 is a heap-based buffer overflow vulnerability in Autodesk Revit's RTE file parser that allows local attackers with user interaction to trigger memory corruption. Successful exploitation enables arbitrary code execution, sensitive data theft, or application denial of service within the Revit process context. This vulnerability requires a maliciously crafted RTE file and user action to open it, making it a moderate-to-high priority for organizations using Revit for design workflows.

RCE Information Disclosure Revit
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38348 HIGH PATCH This Week

CVE-2025-38348 is a buffer overflow vulnerability in the Linux kernel's p54 WiFi driver (wifi: p54) that allows a malicious or compromised USB device to trigger a memory overflow in the p54_rx_eeprom_readback() function by sending a crafted eeprom_readback message with an inflated length value. An attacker with local access and low privileges can cause denial of service or potentially execute code with kernel privileges; however, exploitation requires the device to first upload vendor firmware (proprietary and not widely distributed), which significantly limits real-world attack surface. The vulnerability is not currently tracked as actively exploited in CISA KEV catalog.

Linux Buffer Overflow Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38346 HIGH PATCH This Week

CVE-2025-38346 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Use After Free Denial Of Service Debian Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38298 HIGH PATCH This Week

CVE-2025-38298 is a general protection fault vulnerability in the Linux kernel's EDAC/skx_common module caused by failure to reset the 'adxl_component_count' variable during module unload/reload cycles. This affects users running i10nm_edac or skx_edac_common on Intel Xeon systems, allowing local attackers with low privileges to trigger a kernel crash or potential code execution through error injection testing or normal module lifecycle operations. The vulnerability has a CVSS score of 7.8 (high severity) but appears to be a reliability/denial-of-service issue rather than actively exploited in the wild.

Linux Memory Corruption Denial Of Service Debian Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38295 HIGH PATCH This Week

CVE-2025-38295 is a kernel preemption context violation in the Amlogic DDR PMU driver where smp_processor_id() is called in a preemptible context, causing kernel warnings and potential system instability. This affects Linux kernel users with Amlogic SoC-based systems (e.g., ODROID-N2Plus) when the meson_ddr_pmu module is loaded. While the vulnerability allows a local unprivileged user to trigger kernel warnings and potentially cause denial of service, there is no evidence of active exploitation or public POC, and the fix involves a simple API replacement from smp_processor_id() to raw_smp_processor_id().

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38313 HIGH PATCH This Week

CVE-2025-38313 is a double-free memory corruption vulnerability in the Linux kernel's FSL Management Complex (fsl-mc) bus driver that allows a local attacker with low privileges to cause denial of service or potential code execution. The vulnerability affects Linux kernel versions where the MC device allocation error path incorrectly frees memory twice when a DPRC (Data Path Resource Container) device is involved. This is not currently listed as actively exploited in KEV databases, but the high CVSS score (7.8) and local attack vector make it a moderate priority for systems using FSL-MC enabled hardware.

Linux Use After Free Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38280 HIGH PATCH This Week

CVE-2025-38280 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Code Injection
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38338 HIGH PATCH This Week

CVE-2025-38338 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Denial Of Service Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38279 HIGH PATCH This Week

CVE-2025-38279 is a kernel verifier bug in Linux BPF (Berkeley Packet Filter) subsystem where improper handling of stack pointer register (r10) in precision backtracking causes a WARNING and EFAULT return during eBPF program verification. This affects unprivileged users on Linux systems with BPF enabled; an attacker with local access and BPF capabilities can trigger a kernel warning and denial of service by loading a specially crafted eBPF program. No active exploitation in the wild is confirmed, but a proof-of-concept test case is provided in the patch commit.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38341 HIGH PATCH This Week

CVE-2025-38341 is a double-free vulnerability in the Linux kernel's fbnic (Meta Fabric NIC) driver that occurs when DMA-mapping of a firmware message fails. An attacker with local access and low privilege can trigger this memory corruption to achieve code execution or denial of service. The vulnerability affects Linux kernels with the fbnic driver enabled, and while there is no current evidence of active exploitation in the wild, the high CVSS score (7.8) and local attack vector make this a moderate-to-high priority for systems running affected kernel versions.

Linux Use After Free Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38323 HIGH PATCH This Week

CVE-2025-38323 is a use-after-free vulnerability in the Linux kernel's ATM LEC (LAN Emulation Client) subsystem that allows a local unprivileged user to read or write kernel memory, potentially achieving privilege escalation. The vulnerability exists in net/atm/lec.c where error paths in lecd_attach() can leave dangling pointers in the dev_lec[] array, enabling access to freed memory. This is a local privilege escalation with CVSS 7.8 (High) requiring local access but no user interaction.

Linux Use After Free Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38317 HIGH PATCH This Week

A buffer overflow vulnerability exists in the Linux kernel's ath12k WiFi driver debugfs interface that allows local users with root privileges to write more than 32 bytes to a debugfs buffer, causing memory corruption. While the CVSS score is 7.8 (High), the practical impact is limited to authenticated root users on systems with ath12k WiFi hardware; no public exploit or KEV listing is currently available, but the vulnerability demonstrates a classic boundary-check failure that could enable privilege escalation or system instability.

Linux Buffer Overflow Memory Corruption Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38289 HIGH PATCH This Week

CVE-2025-38289 is a use-after-free vulnerability in the Linux kernel's lpfc (Emulex/Broadcom Fibre Channel) driver that occurs in the dev_loss_tmo_callbk function during driver unload or fatal error handling. A local privileged attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. There is no evidence of active exploitation in the wild or public proof-of-concept code at this time, but the vulnerability represents a real kernel memory safety issue requiring prompt patching.

Linux Use After Free Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38288 HIGH PATCH This Week

CVE-2025-38288 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38270 HIGH PATCH This Week

CVE-2025-38270 is a kernel race condition in the Linux netdevsim driver's netpoll implementation that can trigger a WARNING in napi_complete_done() when the NAPI scheduler bit is prematurely stolen by netpoll, potentially leading to kernel instability or denial of service. This affects Linux kernel versions with the vulnerable netdevsim driver code and requires local privilege (unprivileged user) to trigger. The vulnerability is not currently listed as actively exploited in CISA KEV, but the high CVSS 7.8 score (with local attack vector and high impact across confidentiality, integrity, and availability) indicates significant kernel-level compromise potential.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38267 HIGH PATCH This Week

CVE-2025-38267 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-53542 HIGH PATCH This Week

CVE-2025-53542 is a command injection vulnerability in Headlamp's macOS packaging workflow (codeSign.js) where unsanitized environment variables and config values are passed directly to Node.js execSync() without proper escaping, allowing local attackers to execute arbitrary commands. This affects Headlamp versions prior to 0.31.1, and while no active KEV or confirmed public POC is mentioned in available data, the vulnerability has a moderate-to-high CVSS score of 7.7 with user interaction required, making it a realistic threat in CI/CD and development environments.

Node.js Command Injection RCE macOS Kubernetes
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-49630 HIGH POC PATCH This Week

CVE-2025-49630 is a denial of service vulnerability in Apache HTTP Server versions 2.4.26 through 2.4.63 that can be triggered by untrusted remote clients when a reverse proxy is configured with HTTP/2 backend support and ProxyPreserveHost enabled, causing an assertion failure that crashes the proxy process. The vulnerability has a CVSS score of 7.5 (High) with network-accessible attack vector and no authentication required, making it immediately exploitable by unauthenticated remote attackers.

Apache Denial Of Service Http Server Red Hat Suse +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-53020 HIGH PATCH This Week

CVE-2025-53020 is a late release of memory after effective lifetime vulnerability (use-after-free) in Apache HTTP Server versions 2.4.17 through 2.4.63 that allows unauthenticated remote attackers to cause denial of service with high availability impact. The vulnerability has a CVSS score of 7.5 (high severity) with network-accessible attack vector and low attack complexity, making it easily exploitable without authentication. Affected organizations running vulnerable Apache HTTP Server versions should prioritize upgrading to version 2.4.64 immediately.

Apache Use After Free Denial Of Service Http Server Red Hat +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-53378 HIGH PATCH This Week

CVE-2025-53378 is a missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) SaaS agent that allows unauthenticated remote attackers to take control of affected agents with user interaction required. The vulnerability has a CVSS score of 7.6 (High) and affects only the cloud-based SaaS version of WFBSS, not on-premises deployments. Trend Micro has addressed this issue through a monthly maintenance update, and affected customers on the regular SaaS deployment schedule are automatically patched; no additional customer action is required for remediation.

Authentication Bypass Trend Micro RCE Worry Free Business Security Services
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-7424 HIGH PATCH This Week

CVE-2025-7424 is a type confusion vulnerability in the libxslt library where the psvi (Post-Schema-Validation Infoset) memory field is reused for both stylesheet and input document processing, enabling memory corruption during XML transformations. This affects any application using vulnerable libxslt versions to process untrusted XML stylesheets or documents, allowing unauthenticated remote attackers to trigger denial of service or memory corruption without requiring user interaction. The vulnerability has a high CVSS score (7.5) with high availability impact, though real-world exploitation probability and active KEV status require confirmation from official sources.

Denial Of Service Memory Corruption Libxslt Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy