Skip to main content
CVE-2025-53857 LOW PATCH Monitor

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-53514 MEDIUM PATCH This Month

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Denial Of Service Confluence Suse
NVD
CVSS 3.1
5.9
EPSS
0.1%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52931 HIGH PATCH This Month

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Confluence Suse
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-51824 MEDIUM PATCH This Month

libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libcsp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-51823 MEDIUM PATCH This Month

libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libcsp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-49221 LOW PATCH Monitor

Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-48731 MEDIUM PATCH This Month

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-44004 HIGH PATCH This Month

Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-44001 MEDIUM PATCH Monitor

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-25229 MEDIUM This Month

Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-54063 HIGH POC PATCH This Week

Cherry Studio is a desktop client that supports for multiple LLM providers. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Cherry Studio
NVD GitHub
CVSS 3.1
8.0
EPSS
0.4%
CVE-2025-53187 CRITICAL This Week

Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-8866 MEDIUM This Month

YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-45146 CRITICAL POC Act Now

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Modelcache
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-8865 MEDIUM Monitor

The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. Rated medium severity (CVSS 4.1). No vendor patch available.

Denial Of Service Null Pointer Dereference Red Hat
NVD
CVSS 4.0
4.1
EPSS
0.0%
CVE-2025-8864 MEDIUM This Month

Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs. Rated medium severity (CVSS 6.8). No vendor patch available.

Information Disclosure Red Hat
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-8851 MEDIUM PATCH Monitor

A vulnerability was determined in LibTIFF up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libtiff Red Hat Suse
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-8863 HIGH This Month

YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Red Hat
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-8862 HIGH This Month

YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Red Hat
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-8672 MEDIUM PATCH Monitor

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Python Apple Privilege Escalation Gimp macOS +1
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-8853 CRITICAL This Week

Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-8747 HIGH PATCH GHSA This Month

A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Deserialization Keras
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-8661 MEDIUM Monitor

A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Symantec Pgp Encryption
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-8660 MEDIUM This Month

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Symantec Pgp Encryption
NVD
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-8833 HIGH POC This Month

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware +3
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-8832 HIGH POC This Month

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware +3
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-7965 MEDIUM Monitor

The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8854 HIGH POC This Week

Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Pybullet
NVD GitHub
CVSS 4.0
8.4
EPSS
0.7%
CVE-2025-8831 HIGH POC This Month

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware +3
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-27577 HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Race Condition Openharmony
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-27562 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-27536 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-27128 HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Openharmony
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-26690 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-25278 HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Race Condition Openharmony
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-25212 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-24925 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-24844 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-24298 HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Openharmony
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-8826 HIGH POC This Month

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware +3
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-8824 HIGH POC This Month

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware +3
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-8822 HIGH POC This Month

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware +3
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-8820 HIGH POC This Month

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware +3
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy