Skip to main content
CVE-2025-7598 HIGH POC This Week

CVE-2025-7598 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router (version 1.0.0.1) affecting the WiFi MAC filter configuration endpoint. An authenticated remote attacker can exploit improper input validation in the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impacts). Public exploit code has been disclosed and the vulnerability may be actively exploited.

Buffer Overflow RCE Ax1803 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7597 HIGH POC This Week

CVE-2025-7597 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router firmware (version 1.0.0.1) affecting the MAC filter configuration function. An authenticated attacker can remotely exploit this via the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). A public exploit has been disclosed and the vulnerability may be actively exploited.

Buffer Overflow Ax1803 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7596 HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda FH1205 firmware version 2.0.0.7(775) within the WifiExtraSet web form handler, triggered via the wpapsk_crypto parameter. This authenticated remote vulnerability allows attackers with user-level privileges to achieve complete system compromise including code execution, data theft, and device disruption. The vulnerability has public exploit disclosure and active exploitation potential, making it a high-priority security concern for deployed devices.

Buffer Overflow Fh1205 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7586 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow Ac500 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7551 HIGH POC This Week

CVE-2025-7551 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit improper input validation in the modino/username parameters to overflow the stack, achieving code execution with high confidentiality, integrity, and availability impact. A public proof-of-concept exists and the vulnerability may be actively exploited.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7571 HIGH POC This Week

A critical buffer overflow vulnerability exists in UTT HiPER 840G devices up to version 3.1.1-190328, affecting the /goform/aspApBasicConfigUrcp endpoint's Username parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. Public proof-of-concept code is available, and the vendor has not responded to early disclosure attempts, indicating no official patch is available.

Buffer Overflow 840g Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-7570 HIGH POC This Week

CVE-2025-7570 is a critical remote buffer overflow vulnerability in UTT HiPER 840G devices up to version 3.1.1-190328, affecting the /goform/aspRemoteApConfTempSend endpoint via the remoteSrcTemp parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public exploit exists and the vendor has not responded to early disclosure, indicating active exploitation risk.

Buffer Overflow 840g Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-53823 HIGH POC PATCH This Week

WeGIA versions prior to 3.4.5 contain a SQL Injection vulnerability in the member deletion endpoint that allows authenticated users to execute arbitrary SQL commands via the `id_socio` parameter. This high-severity vulnerability (CVSS 8.8) compromises the confidentiality, integrity, and availability of the entire database. The vulnerability requires valid credentials to exploit but offers complete database compromise once authenticated.

PHP SQLi Information Disclosure Wegia
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-26291 HIGH POC PATCH This Week

A information disclosure vulnerability (CVSS 8.7). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-42646 HIGH POC This Week

CVE-2024-42646 is a segmentation fault vulnerability in NanoMQ v0.21.10 that allows unauthenticated remote attackers to trigger a denial of service condition by sending specially crafted messages. This is a network-accessible DoS vulnerability with high availability impact (CVSS 7.5) that affects message broker deployments. The vulnerability requires no authentication or user interaction, making it easily exploitable in production environments.

Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53015 HIGH POC PATCH This Week

CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops during XMP file conversion operations. An unauthenticated attacker can trigger this vulnerability remotely by submitting a maliciously crafted XMP file, resulting in resource exhaustion and service unavailability. The vulnerability has a CVSS score of 7.5 (High) due to its network-exploitable nature and availability impact, though it does not affect confidentiality or integrity.

Information Disclosure Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-53101 HIGH POC PATCH This Week

A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-7603 HIGH POC This Week

CVE-2025-7603 is a critical stack-based buffer overflow vulnerability in D-Link DI-8100 firmware version 16.07.26A1, affecting the HTTP Request Handler component (/jingx.asp file). An authenticated remote attacker with high privileges can exploit this vulnerability to achieve complete compromise of the device, including code execution, data theft, and denial of service. A public proof-of-concept exploit exists, increasing real-world exploitation risk.

Buffer Overflow D-Link RCE Di 8100 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-7602 HIGH POC This Week

CVE-2025-7602 is a critical stack-based buffer overflow vulnerability in D-Link DI-8100 firmware version 16.07.26A1 affecting the /arp_sys.asp HTTP endpoint. An authenticated remote attacker with high privileges can exploit this vulnerability to achieve arbitrary code execution, potentially compromising device integrity, confidentiality, and availability. Public exploit code is available, elevating real-world risk despite the CVSS 7.2 score.

Buffer Overflow D-Link RCE Di 8100 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-7564 HIGH POC This Week

Hard-coded credentials in LB-LINK BL-AC3600 firmware 1.0.22 allow local authenticated attackers to escalate privileges to full system compromise. The router firmware contains static credentials 'root:blinkadmin' in /etc/shadow, enabling any user with device access to gain root-level control. Publicly available exploit code demonstrates practical exploitation (POC confirmed via GitHub). Despite CVSS 7.1 and low EPSS score (0.03%, 6th percentile), this represents a complete device takeover for home/SOHO networks where physical or admin panel access exists. Vendor (LB-LINK) unresponsive to disclosure attempts, indicating no patch is forthcoming.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-7619 HIGH This Week

CVE-2025-7619 is an Arbitrary File Write vulnerability in BatchSignCS, a background Windows application by WellChoose, that allows remote attackers with low privileges to write arbitrary files to any filesystem path via malicious website visits, potentially enabling arbitrary code execution. The vulnerability has a CVSS score of 8.8 (High) and requires user interaction (visiting a malicious site) but no elevated privileges; real-world exploitability depends on KEV listing status and public POC availability, which are not confirmed in the provided data.

Microsoft RCE Windows
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2025-7620 HIGH This Week

CVE-2025-7620 is a critical Remote Code Execution vulnerability in Digitware System Integration Corporation's cross-browser document creation component that allows unauthenticated attackers to execute arbitrary code on victim systems through malicious websites. The vulnerability exploits unsafe download and execution mechanisms, requiring only user interaction (visiting a malicious site) with no special privileges needed. With a CVSS score of 8.8 (High) and network-based attack vector, this poses significant risk to organizations deploying this component, particularly if actively exploited in the wild or if public exploits become available.

RCE
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-53689 HIGH PATCH This Week

Apache Jackrabbit versions prior to 2.23.2 contain blind XXE (XML External Entity) vulnerabilities in jackrabbit-spi-commons and jackrabbit-core components due to unsafe XML document parsing when loading privilege definitions. An authenticated attacker with low privileges can exploit this to achieve high-impact confidentiality, integrity, and availability compromise. The vulnerability requires user authentication (PR:L) but has no interaction requirement and affects all systems regardless of scope.

XXE Apache Java Information Disclosure Jackrabbit +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-26293 HIGH PATCH This Week

A path traversal vulnerability (CVSS 8.7). High severity vulnerability requiring prompt remediation.

Path Traversal Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-53623 HIGH PATCH This Week

CVE-2025-53623 is an arbitrary code execution vulnerability in the Job Iteration API's CsvEnumerator class affecting versions prior to 1.11.0. An unauthenticated remote attacker can execute arbitrary system commands by supplying malicious input to CSV file processing methods, particularly the count_of_rows_in_file method, potentially leading to complete system compromise. The vulnerability has a CVSS score of 8.1 indicating high severity with network-accessible attack vector and no privilege requirements.

RCE Ruby Information Disclosure
NVD GitHub
CVSS 4.0
8.1
EPSS
0.2%
CVE-2024-51768 HIGH PATCH This Week

CVE-2024-51768 is a remote code execution vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17, stemming from unsafe deserialization in the embedded HSQLDB database library. An authenticated attacker with local network access can execute arbitrary code with the privileges of the APLS service, potentially leading to complete system compromise. The vulnerability has a CVSS score of 8.0 and represents a significant risk to organizations using affected APLS versions, particularly given the authentication requirement is modest (PR:L) and the attack complexity is low.

RCE HP Java Autopass License Server
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2025-53819 HIGH PATCH This Week

CVE-2025-53819 is a privilege escalation vulnerability in Nix 2.30.0 on macOS where package builds are incorrectly executed with root privileges instead of restricted build user accounts. This affects macOS systems running Nix 2.30.0, allowing local attackers with standard user privileges to execute arbitrary code with root-level access during package builds. The vulnerability was patched in Nix 2.30.1, and no public exploits or known workarounds are currently available, though the high CVSS score (7.9) reflects the severity of privilege escalation with potential system-wide impact.

Information Disclosure Apple macOS
NVD GitHub
CVSS 3.1
7.9
EPSS
0.0%
CVE-2025-25180 HIGH This Week

CVE-2025-25180 is a privilege escalation vulnerability affecting GPU drivers that allows non-privileged users to conduct improper GPU system calls, enabling arbitrary writes to physical memory pages including kernel and driver memory. This vulnerability could allow local attackers to corrupt critical kernel data structures and alter system behavior, potentially leading to complete system compromise. The attack requires local access and low privilege level but has high impact across confidentiality, integrity, and availability.

Memory Corruption Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27582 HIGH PATCH This Week

A privilege escalation vulnerability in One Identity Password Manager (CVSS 7.6). High severity vulnerability requiring prompt remediation.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2024-51770 HIGH PATCH This Week

CVE-2024-51770 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated remote attackers to access sensitive information over the network. The vulnerability has a CVSS score of 7.5 with high confidentiality impact, enabling attackers to extract confidential data without requiring authentication, special privileges, or user interaction. The network-accessible nature of this information disclosure makes it a significant risk for organizations running vulnerable APLS versions.

Information Disclosure HP Autopass License Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-51769 HIGH PATCH This Week

CVE-2024-51769 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated network attackers to access sensitive information without requiring user interaction. The vulnerability has a CVSS 3.1 score of 7.5 with a high confidentiality impact (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor), making it a significant risk for organizations relying on APLS for license management across their HPE infrastructure.

Information Disclosure HP Autopass License Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53643 HIGH PATCH This Week

AIOHTTP versions prior to 3.12.14 contain a request smuggling vulnerability in the Python parser that fails to properly parse HTTP trailer sections, allowing attackers to bypass firewalls and proxy protections when the pure Python implementation is used. This vulnerability affects deployments running AIOHTTP without C extensions or with AIOHTTP_NO_EXTENSIONS enabled, enabling HTTP request smuggling attacks with high integrity impact. The vulnerability has a CVSS score of 7.5 (High) and is unauthenticated, network-accessible, and requires no user interaction.

Python Authentication Bypass Aiohttp Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-51767 HIGH PATCH This Week

CVE-2024-51767 is an authentication bypass vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated remote attackers to gain unauthorized access to the application with limited impact on confidentiality, integrity, and availability. The vulnerability has a CVSS score of 7.3 (High) with a network-accessible attack vector requiring no privileges or user interaction, making it trivially exploitable. While specific KEV status and EPSS data are not provided in the available intelligence, the authentication bypass nature combined with the low attack complexity indicates this vulnerability likely poses a moderate-to-high real-world risk to unpatched HPE APLS installations.

Authentication Bypass Autopass License Server
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-26292 HIGH PATCH This Week

A arbitrary file access vulnerability (CVSS 7.1) that allows an attacker. High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-1384 HIGH This Week

CVE-2025-1384 is a least privilege violation (CWE-272) in the communication protocol between Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio software that allows unauthenticated remote attackers to execute arbitrary code on affected controllers. The vulnerability affects industrial automation environments and enables complete compromise of controller functionality through unauthorized remote code execution. While the CVSS score of 7.0 indicates moderate-to-high severity, the network-accessible attack vector and lack of required privileges make this a significant threat to operational technology (OT) environments, particularly in manufacturing and critical infrastructure sectors.

Authentication Bypass Siemens RCE Privilege Escalation
NVD
CVSS 3.1
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy