Skip to main content
CVE-2025-20237 MEDIUM This Month

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20225 MEDIUM This Month

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Microsoft
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-20224 MEDIUM This Month

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Microsoft
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-20222 HIGH This Month

A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20220 MEDIUM This Month

A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20219 MEDIUM This Month

A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20218 MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Secure Firewall Management Center
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-20217 HIGH This Month

A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20148 HIGH This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SSRF Secure Firewall Management Center
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-20136 HIGH This Month

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20135 MEDIUM Monitor

A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20134 HIGH This Month

A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20133 HIGH This Month

A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20127 HIGH This Month

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-54409 MEDIUM POC PATCH This Month

AIDE is an advanced intrusion detection environment. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Advanced Intrusion Detection Environment Red Hat Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-53631 MEDIUM This Month

flaskBlog is a blog app built with Flask. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python XSS Flaskblog
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-8875 CRITICAL KEV THREAT Act Now

N-able N-central before 2025.3.1 contains a deserialization vulnerability allowing local code execution through crafted serialized data.

Deserialization N Central
NVD
CVSS 4.0
9.4
EPSS
2.6%
CVE-2025-7972 HIGH This Month

A security issue exists within the FactoryTalk Linx Network Browser. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Factorytalk Linx
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-36613 LOW Monitor

SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Supportassist For Business Pcs Supportassist For Home Pcs
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2025-36612 MEDIUM This Month

SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Supportassist For Business Pcs
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-27847 MEDIUM Monitor

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27846 MEDIUM Monitor

In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27845 CRITICAL This Week

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-26484 MEDIUM This Month

Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service XXE Cloudlink D-Link
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-9036 HIGH This Month

A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-7973 HIGH This Month

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-7353 CRITICAL This Week

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2025-55675 MEDIUM PATCH This Month

Apache Superset contains an improper access control vulnerability in its /explore endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Apache Superset
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-55674 MEDIUM PATCH This Month

A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Superset
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-55673 MEDIUM PATCH This Month

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-55672 MEDIUM PATCH This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-43984 CRITICAL This Week

An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-36581 LOW Monitor

Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Amd Information Disclosure Poweredge R6415 Firmware Poweredge R7415 Firmware +1
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2024-53946 HIGH This Month

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection CSRF
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-53945 HIGH This Month

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-8963 MEDIUM POC This Month

A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Jimureport
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-8715 HIGH PATCH This Month

Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PostgreSQL SQLi Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-8714 HIGH PATCH This Month

Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PostgreSQL Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-8713 LOW Monitor

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

PostgreSQL Information Disclosure
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-8958 HIGH POC This Month

A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-8047 CRITICAL This Week

The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD WPScan
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-7761 MEDIUM This Month

Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-55346 CRITICAL This Week

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-5998 MEDIUM POC This Week

The PPWP - Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Password Protect Wordpress PHP
NVD WPScan
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54472 HIGH PATCH This Month

Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Denial Of Service Apache Integer Overflow Brpc
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-48862 HIGH This Month

Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-48861 MEDIUM This Month

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-48860 HIGH This Month

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-27388 HIGH This Month

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-8949 HIGH POC This Month

A vulnerability was identified in D-Link DIR-825 2.10. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 825 Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.4%
Prev Page 6 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy