Skip to main content
CVE-2025-50233 MEDIUM POC This Week

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Qcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-36020 MEDIUM This Month

IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Guardium Data Protection
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-2028 MEDIUM This Month

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Log Server
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-52885 MEDIUM This Month

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mobile Access Remote Access Vpn
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-8616 MEDIUM This Month

A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication.5.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.1
EPSS
0.0%
CVE-2025-3354 HIGH This Month

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow IBM RCE Tivoli Monitoring
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-3320 HIGH This Month

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow IBM RCE Tivoli Monitoring
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-23335 MEDIUM Monitor

NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Nvidia Microsoft Integer Overflow Triton Inference Server +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-23334 MEDIUM This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow Microsoft Python Information Disclosure +2
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-23333 MEDIUM This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow Microsoft Python Information Disclosure +2
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-23331 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23327 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Nvidia Microsoft Integer Overflow Triton Inference Server +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23326 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23325 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-23324 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Integer Overflow Triton Inference Server +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23323 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Integer Overflow Triton Inference Server +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23322 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23321 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23320 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Microsoft Python Information Disclosure Triton Inference Server +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23319 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Nvidia RCE Buffer Overflow Microsoft +4
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2025-23318 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Nvidia RCE Buffer Overflow Microsoft +4
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-23317 CRITICAL This Week

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Buffer Overflow RCE Heap Overflow Denial Of Service +2
NVD
CVSS 3.1
9.1
EPSS
3.0%
CVE-2025-23311 CRITICAL This Week

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Nvidia Buffer Overflow RCE Denial Of Service +2
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-23310 CRITICAL This Week

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Nvidia Buffer Overflow RCE Microsoft +4
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-5197 MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers Tensorflow AI / ML Pytorch +3
NVD GitHub
CVSS 3.0
5.3
EPSS
0.0%
CVE-2025-46391 MEDIUM This Month

CWE-284: Improper Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46390 HIGH This Month

CWE-204: Observable Response Discrepancy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-46389 MEDIUM This Month

CWE-620: Unverified Password Change. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46388 MEDIUM Monitor

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-46387 HIGH This Month

CWE-639 Authorization Bypass Through User-Controlled Key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-46386 HIGH This Month

CWE-639 Authorization Bypass Through User-Controlled Key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-6013 MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-22470 CRITICAL This Week

CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-22469 MEDIUM This Month

OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-8556 LOW PATCH Monitor

A flaw was found in CIRCL's implementation of the FourQ elliptic curve. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Code Injection
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-7202 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light products allows an attacker to host a malicious webpage that remotely controlles the victim's lights. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-7954 MEDIUM POC This Month

A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Race Condition Shopware
NVD GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-47324 HIGH This Month

Information disclosure while accessing and modifying the PIB file of a remote device via powerline. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qca7005 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-27076 HIGH This Month

Memory corruption while processing simultaneous requests via escape path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27075 HIGH This Month

Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +32
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27073 HIGH This Month

Transient DOS while creating NDP instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Immersive Home 214 Platform Firmware Immersive Home 216 Platform Firmware Immersive Home 316 Platform Firmware Immersive Home 318 Platform Firmware +165
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-27072 MEDIUM This Month

Information disclosure while processing a packet at EAVB BE side with invalid header length. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware +33
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27071 HIGH This Month

Memory corruption while processing specific files in Powerline Communication Firmware. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6391 Firmware +30
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-27069 HIGH This Month

Memory corruption while processing DDI command calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sc8380xp Firmware Wcd9380 Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27068 HIGH This Month

Memory corruption while processing an IOCTL command with an arbitrary address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6200 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sc8380xp Firmware +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27066 HIGH This Month

Transient DOS while processing an ANQP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +366
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-27065 HIGH This Month

Transient DOS while processing a frame with malformed shared-key descriptor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +145
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-27062 HIGH This Month

Memory corruption while handling client exceptions, allowing unauthorized channel access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Buffer Overflow 315 5g Iot Modem Firmware Apq8064au Firmware Ar8035 Firmware +149
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21477 HIGH This Month

Transient DOS while processing CCCH data when NW sends data with invalid length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +83
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-21474 HIGH This Month

Memory corruption while processing commands from A2dp sink command queue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Fastconnect 6800 Firmware Fastconnect 6900 Firmware +43
NVD
CVSS 3.1
7.8
EPSS
0.0%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy