Skip to main content
CVE-2025-6015 MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault Red Hat Suse
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-6004 MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-41376 MEDIUM This Month

CRLF Injection vulnerability in Limesurvey v2.65.1+170522. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Code Injection Limesurvey
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-6011 LOW PATCH Monitor

A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2023-44976 LOW Monitor

Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-54792 CRITICAL POC PATCH Act Now

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Localsend
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-54424 HIGH POC PATCH This Week

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Command Injection RCE 1panel Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-54132 MEDIUM Monitor

Cursor is a code editor built for programming with AI. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Cursor
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-54131 MEDIUM This Month

Cursor is a code editor built for programming with AI. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Cursor
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13978 LOW POC PATCH Monitor

A vulnerability was found in LibTIFF up to 4.7.0. Rated low severity (CVSS 2.0). Public exploit code available.

Denial Of Service Libtiff
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-8480 HIGH This Month

Alpine iLX-507 Command Injection Remote Code Execution. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Path Traversal Ilx 507 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2025-8477 HIGH This Month

Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Ilx 507 Firmware
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2025-8476 HIGH This Month

Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ilx 507 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-8475 HIGH This Month

Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Ilx 507 Firmware
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2025-8474 MEDIUM This Month

Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Stack Overflow RCE Ilx 507 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2025-8473 MEDIUM This Month

Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Ilx 507 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-6000 CRITICAL POC PATCH This Week

A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Hashicorp Code Injection Vault Red Hat +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-5999 HIGH PATCH This Month

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault Red Hat Suse
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-54595 HIGH This Month

Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-54593 HIGH POC PATCH This Month

FreshRSS is a free, self-hostable RSS aggregator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Freshrss
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-54590 MEDIUM PATCH This Month

webfinger.js is a TypeScript-based WebFinger client that runs in both browsers and Node.js environments. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Node.js
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-54574 CRITICAL PATCH This Week

Squid is a caching proxy for the Web. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Squid Red Hat +1
NVD GitHub VulDB
CVSS 3.1
9.3
EPSS
3.0%
CVE-2025-54564 HIGH This Month

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-53012 MEDIUM POC PATCH This Month

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Microsoft Materialx
NVD GitHub
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-53011 LOW POC PATCH Monitor

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Rated low severity (CVSS 2.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Microsoft Materialx
NVD GitHub
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-53010 LOW POC PATCH Monitor

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Rated low severity (CVSS 2.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Microsoft Materialx
NVD GitHub
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-53009 MEDIUM POC PATCH This Month

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Stack Overflow Materialx
NVD GitHub
CVSS 4.0
5.5
EPSS
0.4%
CVE-2025-50869 MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-50868 MEDIUM This Month

A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-49832 MEDIUM POC This Week

Asterisk is an open source private branch exchange and telephony toolkit. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Asterisk Certified Asterisk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-33118 MEDIUM This Month

IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-2824 HIGH This Month

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Operational Decision Manager
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-51504 HIGH POC This Month

Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microweber
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-52361 HIGH This Month

Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-50472 CRITICAL This Week

The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function of the `ModelFileSystemCache()`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-50460 CRITICAL PATCH This Week

A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE Deserialization
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2025-46018 MEDIUM This Month

CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pay Mobile
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-41373 HIGH POC This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gandia Integra Total
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41372 HIGH This Month

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-41371 CRITICAL This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-41370 CRITICAL This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-6228 MEDIUM This Month

The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-4684 MEDIUM This Month

The BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites - Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-6398 MEDIUM This Month

A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference
NVD
CVSS 4.0
6.7
EPSS
0.0%
CVE-2025-7646 MEDIUM This Month

The The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8454 CRITICAL PATCH This Week

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Debian Devscripts Suse
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-5921 MEDIUM This Month

The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress XSS Sureforms PHP
NVD WPScan
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-54939 MEDIUM POC This Month

LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Litespeed Web Adc Litespeed Web Server Lsquic Openlitespeed
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-31716 MEDIUM This Month

In bootloader, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-4523 MEDIUM PATCH This Month

The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Authentication Bypass WordPress Information Disclosure Idonate PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy