Skip to main content
CVE-2025-6205 CRITICAL POC KEV THREAT Emergency

DELMIA Apriso contains a missing authorization vulnerability allowing attackers to gain privileged access to the manufacturing execution system application.

Authentication Bypass Delmia Apriso
NVD
CVSS 3.1
9.1
EPSS
56.5%
Threat
6.5
CVE-2013-10054 CRITICAL POC THREAT Emergency

An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.7%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
73.7%
Threat
5.6
CVE-2025-6204 HIGH POC KEV THREAT Act Now

DELMIA Apriso from Release 2020 through 2025 contains a code injection vulnerability allowing attackers to execute arbitrary code on the manufacturing execution system.

RCE Code Injection Delmia Apriso
NVD
CVSS 3.1
8.0
EPSS
7.5%
Threat
4.8
CVE-2013-10052 HIGH POC Act Now

ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation
NVD GitHub Exploit-DB
CVSS 4.0
8.5
EPSS
1.6%
CVE-2025-51390 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2025-36604 HIGH POC THREAT Act Now

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.3% and no vendor patch available.

Dell Command Injection Unity Operating Environment
NVD GitHub
CVSS 3.1
7.3
EPSS
14.3%
CVE-2025-8518 LOW POC PATCH THREAT Monitor

A vulnerability was found in givanz Vvveb 1.0.5. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

PHP Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
16.9%
CVE-2025-46206 MEDIUM POC This Month

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-50420 MEDIUM POC PATCH This Month

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Poppler
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-52239 CRITICAL Act Now

An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Zkeacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-50341 CRITICAL Act Now

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-20701 HIGH This Week

In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-44643 HIGH This Week

Certain Draytek products are affected by Insecure Configuration. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-8528 LOW POC Monitor

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-8517 LOW POC PATCH Monitor

A vulnerability was detected in givanz Vvveb 1.0.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Session Fixation Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8526 LOW POC Monitor

A vulnerability was found in Exrick xboot up to 3.3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8527 LOW POC Monitor

A vulnerability was found in Exrick xboot up to 3.3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8520 LOW POC PATCH Monitor

A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-8519 LOW POC PATCH Monitor

A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-8521 LOW POC PATCH Monitor

A vulnerability, which was classified as problematic, has been found in givanz Vvveb up to 1.0.5.php?module=settings/post-types of the component Add Type Handler. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8522 LOW POC Monitor

A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Path Traversal Node.js
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2025-55014 MEDIUM This Month

The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Debian
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-8529 LOW Monitor

A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8524 LOW Monitor

A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8523 LOW Monitor

A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8515 LOW Monitor

A weakness has been identified in Intelbras InControl 2.21.60.9. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-8530 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eladmin
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-46094 LOW POC Monitor

LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Liquidfiles
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-46093 CRITICAL POC Act Now

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Liquidfiles
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-27212 CRITICAL This Week

An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-27211 HIGH This Month

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-7844 LOW Monitor

Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default `MAX_RSA_KEY_BITS=2048` is used. Rated low severity (CVSS 1.0), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow
NVD GitHub
CVSS 4.0
1.0
EPSS
0.0%
CVE-2025-54554 MEDIUM This Month

tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-4604 MEDIUM PATCH This Month

The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-4599 LOW Monitor

The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-8525 MEDIUM POC This Month

A vulnerability was found in Exrick xboot up to 3.3.4. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Xboot Spring
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-51726 HIGH This Month

CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Privilege Escalation Windows
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-51387 CRITICAL This Week

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Node.js Gitkraken Desktop
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-50754 CRITICAL POC Act Now

Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2025-50340 MEDIUM Monitor

An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53395 HIGH This Month

Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-53394 HIGH This Month

Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-38741 HIGH This Month

Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Enterprise Sonic Os
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-26476 HIGH This Month

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Elastic Cloud Storage Objectscale
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-21120 HIGH This Month

Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Avamar
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-34147 CRITICAL This Week

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
0.1%
CVE-2024-45183 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Buffer Overflow Exynos 2100 Firmware Exynos 2200 Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-51535 CRITICAL POC Act Now

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openatlas
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-51534 HIGH POC This Week

A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openatlas
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-50422 LOW Monitor

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
2.9
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy