Skip to main content
CVE-2025-41242 MEDIUM POC PATCH This Month

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tomcat Java Path Traversal Apache Spring +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-6625 HIGH This Week

crafted FTP command is sent to the device. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-9107 LOW POC Monitor

A vulnerability was determined in Portabilis i-Diario up to 1.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-9106 LOW POC Monitor

A vulnerability was found in Portabilis i-Diario up to 1.5.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9105 LOW POC Monitor

A vulnerability has been found in Portabilis i-Diario up to 1.5.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9104 LOW POC Monitor

A flaw has been found in Portabilis i-Diario up to 1.5.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9101 LOW POC Monitor

A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-57703 MEDIUM This Month

DIAEnergie - Reflected Cross-site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Diaenergie
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-57702 MEDIUM This Month

DIAEnergie - Reflected Cross-site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Diaenergie
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-57701 MEDIUM This Month

DIAEnergie - Reflected Cross-site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Diaenergie
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-9102 LOW POC Monitor

A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9109 LOW Monitor

A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-9099 LOW Monitor

A vulnerability was identified in Acrel Environmental Monitoring Cloud Platform up to 20250804. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass File Upload
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-9108 LOW Monitor

Affected is an unknown function of the component Login Page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-9096 LOW Monitor

A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9103 LOW Monitor

A vulnerability was detected in ZenCart 2.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9119 LOW Monitor

A vulnerability was determined in Netis WF2419 1.2.29433. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9098 LOW Monitor

A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9097 LOW Monitor

A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-54862 MEDIUM Monitor

Sante PACS Server web portal is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sante Pacs Server
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-54759 MEDIUM This Month

Sante PACS Server is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sante Pacs Server
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-54156 CRITICAL This Week

The Sante PACS Server Web Portal sends credential information without encryption. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Sante Pacs Server
NVD
CVSS 4.0
9.1
EPSS
0.0%
CVE-2025-53948 HIGH This Month

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sante Pacs Server
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-52584 HIGH This Month

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Argon Cobalt +3
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-46269 HIGH This Month

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Argon Cobalt +3
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-53705 HIGH This Month

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Argon Cobalt +3
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-41392 HIGH This Month

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Argon Cobalt +3
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-8098 HIGH This Month

An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Pcmanager
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-55591 CRITICAL POC Act Now

TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
6.9%
CVE-2025-55590 MEDIUM POC This Week

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
3.2%
CVE-2025-55589 MEDIUM POC This Week

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
3.2%
CVE-2025-55588 HIGH POC This Month

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-55587 HIGH POC This Month

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-55586 HIGH POC This Month

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-55585 MEDIUM POC This Week

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55584 MEDIUM POC This Month

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55213 MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Docker Google Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-53192 HIGH PATCH This Month

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Commons Ognl Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-4371 HIGH This Month

A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Jwt Attack
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-32992 HIGH This Month

Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-43731 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-7693 CRITICAL This Week

A security issue exists due to improper handling of malformed CIP Forward Close packets during fuzzing. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-55300 HIGH PATCH This Month

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 4.0
8.6
EPSS
0.6%
CVE-2025-55299 CRITICAL This Week

VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD GitHub
CVSS 3.1
9.4
EPSS
0.0%
CVE-2025-55296 MEDIUM POC PATCH This Month

librenms is a community-based GPL-licensed network monitoring system. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-55293 CRITICAL PATCH This Week

Meshtastic is an open source mesh networking solution. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Meshtastic Firmware Suse
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2025-55291 HIGH This Month

Shaarli is a minimalist bookmark manager and link sharing service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-55288 MEDIUM PATCH This Month

Genealogy is a family tree PHP application. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Genealogy
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-55287 MEDIUM PATCH This Month

Genealogy is a family tree PHP application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Genealogy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-55283 CRITICAL PATCH This Week

aiven-db-migrate is an Aiven database migration tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection PostgreSQL Privilege Escalation Aiven Db Migrate
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy