Skip to main content
CVE-2025-50466 HIGH POC This Month

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openmetadata
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-50465 HIGH This Month

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Openmetadata
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-47872 MEDIUM This Month

The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-46414 CRITICAL This Week

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2025-8731 HIGH This Month

A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.2%
CVE-2025-8356 CRITICAL This Week

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Freeflow Core
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2025-8355 HIGH This Month

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SSRF Freeflow Core
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52586 HIGH This Month

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. Rated high severity (CVSS 7.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-8730 HIGH POC THREAT This Week

A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Authentication Bypass
NVD GitHub VulDB Exploit-DB
CVSS 4.0
8.9
EPSS
26.5%
CVE-2025-36119 HIGH This Month

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-36023 MEDIUM This Month

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-8749 MEDIUM This Month

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-8088 HIGH KEV THREAT Act Now

WinRAR for Windows contains a path traversal vulnerability allowing crafted archives to execute arbitrary code, discovered by ESET and exploited in the wild for targeted attacks.

RCE Microsoft Path Traversal Winrar Dtsearch +1
NVD
CVSS 4.0
8.4
EPSS
6.8%
CVE-2025-8748 HIGH This Month

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-53606 CRITICAL PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Seata
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-48913 CRITICAL PATCH This Week

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Cxf Red Hat
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-6572 MEDIUM This Month

The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD WPScan
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-54959 MEDIUM This Month

Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-54958 MEDIUM This Month

Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-54940 MEDIUM Monitor

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE Code Injection PHP
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2024-58257 MEDIUM This Month

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2024-58256 MEDIUM Monitor

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 4.5). No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2024-58255 MEDIUM This Month

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.0). No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-54887 CRITICAL PATCH This Week

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-54886 HIGH PATCH This Month

skops is a Python library which helps users share and ship their scikit-learn based models. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python RCE Deserialization Red Hat
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2025-54368 MEDIUM PATCH This Month

uv is a Python package and project manager written in Rust. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Suse
NVD GitHub
CVSS 4.0
6.8
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy