Skip to main content
CVE-2025-49063 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Reflected XSS.4.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49062 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane allows Reflected XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49058 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search allows Reflected XSS.2.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49057 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting allows Reflected XSS.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49056 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 allows Reflected XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49054 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets allows Reflected XSS.1.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49038 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links allows Reflected XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-47689 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite allows Reflected XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-31007 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 allows Reflected XSS.2.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-30626 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allows Reflected XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-29014 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS.20. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28999 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS.27.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28975 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49037 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Federico Rota Authentication and xmlrpc log writer allows Reflected XSS.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52765 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Stored XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49044 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll allows Stored XSS.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-54867 HIGH PATCH This Week

Youki is a container runtime written in Rust. Rated high severity (CVSS 7.0).

Information Disclosure Youki
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-51986 HIGH This Month

An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-55195 HIGH This Month

@std/toml is the Deno Standard Library. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure Node.js
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-55192 HIGH This Month

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-20263 HIGH This Month

A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20253 HIGH This Month

A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-20251 HIGH This Month

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-20244 HIGH This Month

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-20243 HIGH This Month

A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-20239 HIGH This Month

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Microsoft
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20222 HIGH This Month

A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20217 HIGH This Month

A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20148 HIGH This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SSRF Secure Firewall Management Center
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-20136 HIGH This Month

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20134 HIGH This Month

A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20133 HIGH This Month

A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20127 HIGH This Month

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-7972 HIGH This Month

A security issue exists within the FactoryTalk Linx Network Browser. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Factorytalk Linx
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-9036 HIGH This Month

A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-7973 HIGH This Month

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-53946 HIGH This Month

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection CSRF
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-53945 HIGH This Month

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-8715 HIGH PATCH This Month

Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PostgreSQL SQLi Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-8714 HIGH PATCH This Month

Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PostgreSQL Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-8958 HIGH POC This Month

A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-54472 HIGH PATCH This Month

Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Denial Of Service Apache Integer Overflow Brpc
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-48862 HIGH This Month

Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-48860 HIGH This Month

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-27388 HIGH This Month

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-8949 HIGH POC This Month

A vulnerability was identified in D-Link DIR-825 2.10. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 825 Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.4%
CVE-2025-8940 HIGH POC This Month

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.5%
CVE-2025-8939 HIGH POC This Month

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2024-7402 HIGH This Month

Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle). Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy