THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — August 08, 2025

61 CVEs tracked today. 9 Critical, 14 High, 19 Medium, 17 Low.

CVE-2025-54952 CRITICAL CVSS 9.8
An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
CVE-2025-8088 HIGH CVSS 8.4
WinRAR for Windows contains a path traversal vulnerability allowing crafted archives to execute arbitrary code, discovered by ESET and exploited in the wild for targeted attacks.

Windows RCE Path Traversal Microsoft Winrar
CVE-2025-54887 CRITICAL CVSS 9.1
jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
CVE-2025-53606 CRITICAL CVSS 9.8
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Seata
CVE-2025-52913 CRITICAL CVSS 9.8
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Node.js
CVE-2025-48913 CRITICAL CVSS 9.8
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Red Hat Cxf
CVE-2025-46414 CRITICAL CVSS 9.2
The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
CVE-2025-8356 CRITICAL CVSS 9.8
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Freeflow Core
CVE-2025-8284 CRITICAL CVSS 9.3
By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2025-5095 CRITICAL CVSS 9.3
Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2025-54886 HIGH CVSS 8.4
skops is a Python library which helps users share and ship their scikit-learn based models. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Python Deserialization Red Hat
CVE-2025-53520 HIGH CVSS 8.6
The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center (remote, cloud-connected interface) or via. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-52914 HIGH CVSS 8.8
A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Micollab
CVE-2025-52586 HIGH CVSS 7.5
The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. Rated high severity (CVSS 7.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-50466 HIGH CVSS 7.1
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openmetadata
CVE-2025-50465 HIGH CVSS 7.1
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Openmetadata
CVE-2025-36119 HIGH CVSS 7.1
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM
CVE-2025-8748 HIGH CVSS 8.8
MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
CVE-2025-8731 HIGH CVSS 8.9
A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-8730 HIGH CVSS 8.9
A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Authentication Bypass
CVE-2025-8393 HIGH CVSS 8.5
A TLS vulnerability exists in the phone application used to manage a connected device. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-8355 HIGH CVSS 7.5
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Freeflow Core
CVE-2025-4796 HIGH CVSS 8.8
The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP WordPress Authentication Bypass Privilege Escalation Eventin
CVE-2025-54959 MEDIUM CVSS 5.3
Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
CVE-2025-54958 MEDIUM CVSS 5.3
Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
CVE-2025-54940 MEDIUM CVSS 4.6
An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress RCE Code Injection
CVE-2025-54793 MEDIUM CVSS 5.5
Astro is a web framework for content-driven websites. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Astro
CVE-2025-54368 MEDIUM CVSS 6.8
uv is a Python package and project manager written in Rust. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Suse
CVE-2025-50928 MEDIUM CVSS 4.8
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Easy Hosting Control Panel
CVE-2025-50927 MEDIUM CVSS 6.3
A reflected cross-site scripting (XSS) vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easy Hosting Control Panel
CVE-2025-50468 MEDIUM CVSS 6.5
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openmetadata
CVE-2025-50467 MEDIUM CVSS 6.5
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Openmetadata
CVE-2025-47872 MEDIUM CVSS 6.9
The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-36023 MEDIUM CVSS 6.5
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Cloud Pak For Business Automation
CVE-2025-8749 MEDIUM CVSS 6.5
Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
CVE-2025-8742 MEDIUM CVSS 6.3
A vulnerability was found in macrozheng mall 1.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mall
CVE-2025-8738 MEDIUM CVSS 5.5
A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
CVE-2025-6572 MEDIUM CVSS 5.9
The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress XSS
CVE-2025-4576 MEDIUM CVSS 6.9
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
CVE-2024-58257 MEDIUM CVSS 5.7
EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Command Injection Enzoh W5611T Firmware
CVE-2024-58256 MEDIUM CVSS 4.5
EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 4.5). No vendor patch available.

Information Disclosure Command Injection Enzoh W5611T Firmware
CVE-2024-58255 MEDIUM CVSS 5.0
EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.0). No vendor patch available.

Information Disclosure Command Injection Enzoh W5611T Firmware
CVE-2025-55188 LOW CVSS 3.6
7-Zip before 25.01 does not always properly handle symbolic links during extraction. Rated low severity (CVSS 3.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 7 Zip
CVE-2025-8743 LOW CVSS 2.0
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
CVE-2025-8741 LOW CVSS 2.9
A vulnerability was found in macrozheng mall up to 1.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure
CVE-2025-8740 LOW CVSS 1.9
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
CVE-2025-8739 LOW CVSS 2.1
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF
CVE-2025-8737 LOW CVSS 2.0
A vulnerability, which was classified as problematic, was found in zlt2000 microservices-platform up to 6.0.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Open Redirect
CVE-2025-8736 LOW CVSS 1.9
A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
CVE-2025-8735 LOW CVSS 1.9
A vulnerability classified as problematic was found in GNU cflow up to 1.8. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
CVE-2025-8734 None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
CVE-2025-8733 None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
CVE-2025-8732 LOW CVSS 1.9
A vulnerability was found in libxml2 up to 2.14.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-8729 LOW CVSS 2.1
A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal
CVE-2025-8708 LOW CVSS 1.3
A vulnerability was found in Antabot White-Jotter 0.22. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Java Deserialization
CVE-2025-8707 LOW CVSS 1.9
A vulnerability was found in Huuge Box App 1.0.3 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google
CVE-2025-8706 LOW CVSS 2.1
A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
CVE-2025-8705 LOW CVSS 2.1
A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
CVE-2025-8704 LOW CVSS 2.1
A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
CVE-2025-8703 LOW CVSS 2.1
A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
CVE-2025-8702 LOW CVSS 2.1
A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities