THREAT ALERT

ACT NOW CVE-2025-8088 8.4 WinRAR for Windows contains a path traversal vulnerability allowing crafted archives to execute arbitrary code, discovered by ESET and exploited in the wild for targeted attacks. | EMERGENCY CVE-2025-54253 10.0 Adobe Experience Manager versions 6.5.23 and earlier contain a misconfiguration vulnerability enabling unauthenticated remote code execution with changed scope (CVSS 10.0). | ACT NOW CVE-2025-54948 9.4 Trend Micro Apex One on-premise management console allows pre-authenticated remote attackers to upload malicious code and execute commands, enabling complete server compromise. | ACT NOW CVE-2025-6205 9.1 DELMIA Apriso contains a missing authorization vulnerability allowing attackers to gain privileged access to the manufacturing execution system application. | ACT NOW CVE-2025-6204 8.0 DELMIA Apriso from Release 2020 through 2025 contains a code injection vulnerability allowing attackers to execute arbitrary code on the manufacturing execution system. | ACT NOW CVE-2025-54782 9.4 Nest is a framework for building scalable Node.js server-side applications. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%. | ACT NOW CVE-2025-31277 8.8 WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing maliciously crafted web content, exploited in the wild as a zero-day. | EMERGENCY CVE-2025-53770 9.8 Microsoft SharePoint Server contains a deserialization vulnerability allowing unauthenticated remote code execution over the network, with active exploitation confirmed and patches pending full release. | ACT NOW CVE-2025-54068 9.8 Laravel Livewire v3 through v3.6.3 contains a critical remote code execution vulnerability (CVE-2025-54068, CVSS 9.8) that allows unauthenticated attackers to execute commands through improper hydration of component property updates. KEV-listed with EPSS 16%, this vulnerability affects one of the most popular PHP frameworks, potentially compromising thousands of Laravel applications using Livewire for reactive server-side rendering. | EMERGENCY CVE-2020-36849 9.8 The AIT CSV Import/Export WordPress plugin through version 3.0.3 allows unauthorized arbitrary file uploads without file type validation. The upload handler in upload-handler.php is accessible without authentication, enabling remote attackers to deploy PHP webshells and achieve code execution on the WordPress server. | ACT NOW CVE-2020-36848 7.5 The Total Upkeep WordPress backup plugin through version 1.14.9 exposes backup file locations via env-info.php and restore-info.json. Unauthenticated attackers can discover and download complete site backups containing the database, wp-config.php with credentials, and all uploaded files. | ACT NOW CVE-2020-36847 9.8 The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulnerability. Attackers can upload PHP files disguised with image extensions and then rename them back to .php using the plugin's built-in rename functionality, bypassing all upload restrictions. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — August 11, 2025

93 CVEs tracked today. 5 Critical, 30 High, 24 Medium, 30 Low.

CVE-2025-45146 CRITICAL CVSS 9.8
ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Modelcache
CVE-2024-32640 CRITICAL CVSS 9.8
MASA CMS versions prior to 7.4.5 contain a critical SQL injection vulnerability in the processAsyncObject method that enables unauthenticated remote code execution. The flaw allows attackers to extract database contents and leverage database-specific features to execute OS commands on the underlying server.

RCE SQLi
CVE-2025-53187 CRITICAL CVSS 9.3
Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2025-8853 CRITICAL CVSS 9.3
Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2025-7679 CRITICAL CVSS 9.2
The ASPECT system allows users to bypass authentication. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
CVE-2025-55161 HIGH CVSS 8.6
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Stirling Pdf
CVE-2025-55156 HIGH CVSS 7.8
pyLoad is the free and open-source Download Manager written in pure Python. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python SQLi
CVE-2025-55151 HIGH CVSS 8.6
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Stirling Pdf
CVE-2025-55150 HIGH CVSS 8.6
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Stirling Pdf
CVE-2025-55012 HIGH CVSS 8.5
Zed is a multiplayer code editor. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE
CVE-2025-54878 HIGH CVSS 8.6
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Heap Overflow Cryptolib
CVE-2025-54525 HIGH CVSS 7.5
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlassian Confluence Suse
CVE-2025-54478 HIGH CVSS 7.2
Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
CVE-2025-54063 HIGH CVSS 8.0
Cherry Studio is a desktop client that supports for multiple LLM providers. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Cherry Studio
CVE-2025-52931 HIGH CVSS 7.5
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlassian Confluence Suse
CVE-2025-44004 HIGH CVSS 7.2
Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
CVE-2025-40920 HIGH CVSS 8.6
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-27577 HIGH CVSS 8.4
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Race Condition Openharmony
CVE-2025-27128 HIGH CVSS 8.4
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Denial Of Service Use After Free Memory Corruption Openharmony
CVE-2025-25278 HIGH CVSS 8.4
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Race Condition Openharmony
CVE-2025-25235 HIGH CVSS 8.6
Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Windows SSRF Microsoft
CVE-2025-25231 HIGH CVSS 7.5
Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
CVE-2025-24298 HIGH CVSS 8.4
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Denial Of Service Use After Free Memory Corruption Openharmony
CVE-2025-8863 HIGH CVSS 7.0
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Red Hat
CVE-2025-8862 HIGH CVSS 7.0
YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Red Hat
CVE-2025-8854 HIGH CVSS 8.4
Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Pybullet
CVE-2025-8833 HIGH CVSS 7.4
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware
CVE-2025-8832 HIGH CVSS 7.4
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware
CVE-2025-8831 HIGH CVSS 7.4
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware
CVE-2025-8826 HIGH CVSS 7.4
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware
CVE-2025-8824 HIGH CVSS 7.4
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware
CVE-2025-8822 HIGH CVSS 7.4
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware
CVE-2025-8820 HIGH CVSS 7.4
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware
CVE-2025-8747 HIGH CVSS 8.6
A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Deserialization Keras
CVE-2025-7677 HIGH CVSS 8.2
A denial-of-service (DoS) attack is possible if access to the local network is provided to unauthorized users. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
CVE-2025-55159 MEDIUM CVSS 5.1
slab is a pre-allocated storage for a uniform data type. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Red Hat Suse
CVE-2025-55158 MEDIUM CVSS 6.9
Vim is an open source, command line text editor. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Red Hat Vim Suse
CVE-2025-55157 MEDIUM CVSS 6.9
Vim is an open source, command line text editor. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Use After Free Memory Corruption Red Hat Vim
CVE-2025-54992 MEDIUM CVSS 6.9
OpenKilda is an open-source OpenFlow controller. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE
CVE-2025-54463 MEDIUM CVSS 5.9
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Atlassian Confluence Suse
CVE-2025-54458 MEDIUM CVSS 5.0
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
CVE-2025-53910 MEDIUM CVSS 4.0
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
CVE-2025-53514 MEDIUM CVSS 5.9
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Atlassian Confluence Suse
CVE-2025-51824 MEDIUM CVSS 6.5
libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libcsp
CVE-2025-51823 MEDIUM CVSS 6.5
libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libcsp
CVE-2025-48731 MEDIUM CVSS 6.4
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
CVE-2025-44001 MEDIUM CVSS 4.0
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
CVE-2025-38499 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
CVE-2025-25229 MEDIUM CVSS 5.4
Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
CVE-2025-8866 MEDIUM CVSS 5.1
YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Red Hat
CVE-2025-8865 MEDIUM CVSS 4.1
The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. Rated medium severity (CVSS 4.1). No vendor patch available.

Denial Of Service Null Pointer Dereference Red Hat
CVE-2025-8864 MEDIUM CVSS 6.8
Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs. Rated medium severity (CVSS 6.8). No vendor patch available.

Information Disclosure Red Hat
CVE-2025-8851 MEDIUM CVSS 4.8
A vulnerability was determined in LibTIFF up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Red Hat Libtiff Suse
CVE-2025-8838 MEDIUM CVSS 5.5
A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
CVE-2025-8672 MEDIUM CVSS 4.8
MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Python Apple macOS Gimp
CVE-2025-8661 MEDIUM CVSS 4.6
A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Symantec Pgp Encryption
CVE-2025-8660 MEDIUM CVSS 5.6
Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Symantec Pgp Encryption
CVE-2025-8285 MEDIUM CVSS 4.0
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
CVE-2025-7965 MEDIUM CVSS 4.3
The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress CSRF
CVE-2025-53857 LOW CVSS 3.7
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence
CVE-2025-53191 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
CVE-2025-53190 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
CVE-2025-53189 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
CVE-2025-53188 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
CVE-2025-49221 LOW CVSS 3.7
Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence
CVE-2025-27562 LOW CVSS 3.3
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
CVE-2025-27536 LOW CVSS 3.3
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Openharmony
CVE-2025-26690 LOW CVSS 3.3
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openharmony
CVE-2025-25212 LOW CVSS 3.3
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
CVE-2025-24925 LOW CVSS 3.3
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
CVE-2025-24844 LOW CVSS 3.3
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
CVE-2025-8859 LOW CVSS 2.1
A vulnerability was identified in code-projects eBlog Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload
CVE-2025-8852 LOW CVSS 2.1
A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
CVE-2025-8847 LOW CVSS 2.0
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
CVE-2025-8846 LOW CVSS 1.9
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
CVE-2025-8845 LOW CVSS 1.9
A vulnerability was identified in NASM Netwide Assember 2.17rc0.c. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
CVE-2025-8844 LOW CVSS 1.9
A vulnerability was determined in NASM Netwide Assember 2.17rc0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
CVE-2025-8843 LOW CVSS 1.9
A vulnerability was found in NASM Netwide Assember 2.17rc0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
CVE-2025-8842 LOW CVSS 1.9
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service
CVE-2025-8841 LOW CVSS 2.1
A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java File Upload
CVE-2025-8840 LOW CVSS 2.1
A vulnerability was determined in jshERP up to 3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
CVE-2025-8839 LOW CVSS 2.1
A vulnerability was found in jshERP up to 3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
CVE-2025-8837 LOW CVSS 1.9
A vulnerability was identified in JasPer up to 4.2.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service
CVE-2025-8836 LOW CVSS 1.9
A vulnerability was determined in JasPer up to 4.2.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service
CVE-2025-8835 LOW CVSS 1.9
A vulnerability was found in JasPer up to 4.2.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service
CVE-2025-8834 LOW CVSS 1.9
A vulnerability has been found in JCG Link-net LW-N915R 17s.20.001.908. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
CVE-2025-8830 LOW CVSS 2.1
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
CVE-2025-8829 LOW CVSS 2.1
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
CVE-2025-8828 LOW CVSS 2.1
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
CVE-2025-8827 LOW CVSS 2.1
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
CVE-2025-8825 LOW CVSS 2.1
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
CVE-2025-8823 LOW CVSS 2.1
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
CVE-2025-8821 LOW CVSS 2.1
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities