Skip to main content
CVE-2025-50286 HIGH POC Act Now

A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP File Upload RCE Grav
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
1.1%
CVE-2025-54125 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-51055 HIGH POC This Week

Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vedo Suite
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-51056 HIGH POC This Week

An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()'. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Vedo Suite
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-54884 HIGH This Week

Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-7771 HIGH POC This Week

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. Rated high severity (CVSS 8.7). No vendor patch available.

RCE Microsoft Privilege Escalation Windows
NVD GitHub Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-54653 HIGH This Week

Path traversal vulnerability in the virtualization file module. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-54652 HIGH This Week

Path traversal vulnerability in the virtualization base module. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-8420 HIGH This Week

The Request a Quote Form plugin for WordPress is vulnerable to Remote Code Execution in version less than, or equal to, 2.5.2 via the emd_form_builder_lite_pagenum function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress RCE Code Injection
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-54655 HIGH This Week

Race condition vulnerability in the virtualization base module. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-53786 HIGH CERT-EU This Week

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Microsoft Exchange Server
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-54634 HIGH This Week

Vulnerability of improper processing of abnormal conditions in huge page separation. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-27067 HIGH This Week

Memory corruption while processing DDI call with invalid buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wsa8840 Firmware Wsa8845 Firmware Wsa8845h Firmware Fastconnect 6900 Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54607 HIGH This Week

Authentication management vulnerability in the ArkWeb module. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-51624 HIGH This Week

Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-7036 HIGH This Week

The CleverReach® WP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘title’ parameter in all versions up to, and including, 1.5.20 due to insufficient escaping on the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-46659 HIGH This Week

An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Exonaut
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-54611 HIGH This Week

EXTRA_REFERRER resource read vulnerability in the Gallery module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-7770 HIGH This Month

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-7769 HIGH POC This Week

Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Command Injection RCE Information Disclosure
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
3.6%
CVE-2025-6634 HIGH This Month

A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE 3ds Max
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-6633 HIGH This Month

A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE 3ds Max
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47908 HIGH PATCH This Month

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-45766 HIGH POC This Month

poco v1.14.1-release was discovered to contain weak encryption. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Poco Suse
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-38747 HIGH This Month

Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Supportassist Os Recovery
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-51532 HIGH POC This Month

Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sage Dpw
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-51040 HIGH POC This Month

Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Fm Dab Tv Transmitter Web Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-3354 HIGH This Month

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow IBM RCE Tivoli Monitoring
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-3320 HIGH This Month

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow IBM RCE Tivoli Monitoring
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-23331 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23327 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Nvidia Microsoft Integer Overflow Triton Inference Server +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23326 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23325 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-23324 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Integer Overflow Triton Inference Server +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23323 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Integer Overflow Triton Inference Server +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23322 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23321 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23320 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Microsoft Python Information Disclosure Triton Inference Server +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23319 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Nvidia RCE Buffer Overflow Microsoft +4
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2025-23318 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Nvidia RCE Buffer Overflow Microsoft +4
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-46390 HIGH This Month

CWE-204: Observable Response Discrepancy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-46387 HIGH This Month

CWE-639 Authorization Bypass Through User-Controlled Key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-46386 HIGH This Month

CWE-639 Authorization Bypass Through User-Controlled Key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-47324 HIGH This Month

Information disclosure while accessing and modifying the PIB file of a remote device via powerline. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qca7005 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-27076 HIGH This Month

Memory corruption while processing simultaneous requests via escape path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27075 HIGH This Month

Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +32
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27073 HIGH This Month

Transient DOS while creating NDP instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Immersive Home 214 Platform Firmware Immersive Home 216 Platform Firmware Immersive Home 316 Platform Firmware Immersive Home 318 Platform Firmware +165
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-27071 HIGH This Month

Memory corruption while processing specific files in Powerline Communication Firmware. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6391 Firmware +30
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-27069 HIGH This Month

Memory corruption while processing DDI command calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sc8380xp Firmware Wcd9380 Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27068 HIGH This Month

Memory corruption while processing an IOCTL command with an arbitrary address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6200 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sc8380xp Firmware +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy