Skip to main content
CVE-2025-50690 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-50635 HIGH POC This Month

A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Wf2780 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-50251 CRITICAL POC Act Now

Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-48500 HIGH This Month

A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Big Ip Access Policy Manager Big Ip Access Policy Manager Client macOS
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-46405 HIGH This Month

When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Big Ip Access Policy Manager
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-55668 MEDIUM PATCH This Month

Session Fixation vulnerability in Apache Tomcat via rewrite valve.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Session Fixation Apache Red Hat +1
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55160 MEDIUM POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-55154 HIGH POC PATCH This Week

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-55005 MEDIUM POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-55004 HIGH POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-54791 MEDIUM PATCH This Month

OMERO.web provides a web based client and plugin infrastructure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Omero Web
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54382 CRITICAL POC Act Now

Cherry Studio is a desktop client that supports for multiple LLM providers. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Cherry Studio
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%
CVE-2025-54074 HIGH POC PATCH This Month

Cherry Studio is a desktop client that supports for multiple LLM providers. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Cherry Studio
NVD GitHub
CVSS 4.0
7.7
EPSS
1.4%
CVE-2025-52392 MEDIUM POC This Month

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.3%
CVE-2025-52386 MEDIUM This Month

CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-32451 HIGH POC This Week

A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8671 HIGH PATCH This Month

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-55280 MEDIUM This Month

This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.2
EPSS
0.0%
CVE-2025-55279 MEDIUM This Month

This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-55345 HIGH This Month

Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-8761 HIGH This Month

A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-8760 CRITICAL This Week

A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-6184 HIGH This Month

The Tutor LMS Pro - eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the get_submitted_assignments() function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-6715 CRITICAL This Week

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Information Disclosure
NVD WPScan
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-8891 MEDIUM POC PATCH Monitor

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Oceanwp PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8901 HIGH PATCH This Month

Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8881 MEDIUM PATCH This Month

Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-8880 HIGH PATCH This Month

Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Google Race Condition Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8879 HIGH PATCH This Month

Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-4410 HIGH This Month

A buffer overflow vulnerability exists in the module SetupUtility. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow RCE
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-4277 HIGH This Month

Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. Rated high severity (CVSS 7.5). No vendor patch available.

RCE
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-4276 HIGH This Month

UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. Rated high severity (CVSS 7.5). No vendor patch available.

RCE
NVD
CVSS 3.1
7.5
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy