Skip to main content
CVE-2025-6204 HIGH POC KEV THREAT Act Now

DELMIA Apriso from Release 2020 through 2025 contains a code injection vulnerability allowing attackers to execute arbitrary code on the manufacturing execution system.

RCE Code Injection Delmia Apriso
NVD
CVSS 3.1
8.0
EPSS
7.5%
Threat
4.8
CVE-2013-10052 HIGH POC Act Now

ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation
NVD GitHub Exploit-DB
CVSS 4.0
8.5
EPSS
1.6%
CVE-2025-36604 HIGH POC THREAT Act Now

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.3% and no vendor patch available.

Dell Command Injection Unity Operating Environment
NVD GitHub
CVSS 3.1
7.3
EPSS
14.3%
CVE-2025-20701 HIGH This Week

In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-44643 HIGH This Week

Certain Draytek products are affected by Insecure Configuration. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-27211 HIGH This Month

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-51726 HIGH This Month

CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Privilege Escalation Windows
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-53395 HIGH This Month

Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-53394 HIGH This Month

Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-38741 HIGH This Month

Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Enterprise Sonic Os
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-26476 HIGH This Month

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Elastic Cloud Storage Objectscale
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-21120 HIGH This Month

Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Avamar
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-51534 HIGH POC This Week

A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openatlas
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-44960 HIGH This Month

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Ruckus Smartzone Firmware Ruckus Network Director
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-44957 HIGH This Month

Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Ruckus Smartzone Firmware Ruckus Network Director
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-44955 HIGH This Month

RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ruckus Network Director
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-38739 HIGH This Month

Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Digital Delivery
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-30099 HIGH This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26065 HIGH POC This Month

A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rx 1500 Firmware Rx 3000 Firmware
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-8109 HIGH This Month

Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-36607 HIGH This Month

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36606 HIGH This Month

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-41691 HIGH CISA This Month

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-41659 HIGH CISA This Month

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-20702 HIGH This Month

In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-20700 HIGH This Month

In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy