THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — August 18, 2025

75 CVEs tracked today. 10 Critical, 24 High, 37 Medium, 4 Low.

CVE-2025-55591 CRITICAL CVSS 9.8
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
CVE-2025-54117 CRITICAL CVSS 9.0
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nameless
CVE-2025-55299 CRITICAL CVSS 9.4
VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
CVE-2025-55293 CRITICAL CVSS 9.4
Meshtastic is an open source mesh networking solution. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Meshtastic Firmware Suse
CVE-2025-55283 CRITICAL CVSS 9.1
aiven-db-migrate is an Aiven database migration tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection PostgreSQL Privilege Escalation Aiven Db Migrate
CVE-2025-55282 CRITICAL CVSS 9.1
aiven-db-migrate is an Aiven database migration tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation PostgreSQL Path Traversal Aiven Db Migrate
CVE-2025-55205 CRITICAL CVSS 9.0
Capsule is a multi-tenancy and policy-based framework for Kubernetes. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Kubernetes
CVE-2025-54156 CRITICAL CVSS 9.1
The Sante PACS Server Web Portal sends credential information without encryption. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Sante Pacs Server
CVE-2025-31715 CRITICAL CVSS 9.8
In vowifi service, there is a possible command injection due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
CVE-2025-7693 CRITICAL CVSS 9.3
A security issue exists due to improper handling of malformed CIP Forward Close packets during fuzzing. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-57700 HIGH CVSS 7.0
DIAEnergie - Stored Cross-site Scripting. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
CVE-2025-55588 HIGH CVSS 7.5
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow A3002r Firmware TOTOLINK
CVE-2025-55587 HIGH CVSS 7.5
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow A3002r Firmware TOTOLINK
CVE-2025-55586 HIGH CVSS 7.5
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow A3002r Firmware TOTOLINK
CVE-2025-55300 HIGH CVSS 8.6
Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
CVE-2025-55291 HIGH CVSS 7.1
Shaarli is a minimalist bookmark manager and link sharing service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS
CVE-2025-55201 HIGH CVSS 8.5
Copier library and CLI app for rendering project templates. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
CVE-2025-54421 HIGH CVSS 7.2
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nameless
CVE-2025-53948 HIGH CVSS 8.7
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sante Pacs Server
CVE-2025-53705 HIGH CVSS 8.4
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Argon Cobalt
CVE-2025-53192 HIGH CVSS 8.8
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Commons Ognl Redhat Suse
CVE-2025-52584 HIGH CVSS 8.4
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Argon Cobalt
CVE-2025-47206 HIGH CVSS 7.1
An out-of-bounds write vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow File Station
CVE-2025-46269 HIGH CVSS 8.4
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Argon Cobalt
CVE-2025-41392 HIGH CVSS 8.4
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Argon Cobalt
CVE-2025-36120 HIGH CVSS 8.8
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Storage Virtualize
CVE-2025-33090 HIGH CVSS 7.5
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Concert
CVE-2025-32992 HIGH CVSS 8.5
Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2025-31713 HIGH CVSS 8.4
In engineer mode service, there is a possible command injection due to improper input validation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
CVE-2025-8098 HIGH CVSS 8.5
An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Pcmanager
CVE-2025-6625 HIGH CVSS 8.7
crafted FTP command is sent to the device. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
CVE-2025-5296 HIGH CVSS 7.0
arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation
CVE-2025-4962 HIGH CVSS 7.7
An Insecure Direct Object Reference (IDOR) vulnerability was identified in the `POST /v1/templates` endpoint of the Lunary API, affecting versions up to 0.8.8. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2025-4371 HIGH CVSS 7.0
A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Jwt Attack
CVE-2025-57703 MEDIUM CVSS 5.9
DIAEnergie - Reflected Cross-site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Diaenergie
CVE-2025-57702 MEDIUM CVSS 5.9
DIAEnergie - Reflected Cross-site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Diaenergie
CVE-2025-57701 MEDIUM CVSS 5.9
DIAEnergie - Reflected Cross-site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Diaenergie
CVE-2025-55590 MEDIUM CVSS 6.5
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
CVE-2025-55589 MEDIUM CVSS 6.5
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
CVE-2025-55585 MEDIUM CVSS 6.5
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection A3002r Firmware TOTOLINK
CVE-2025-55584 MEDIUM CVSS 5.3
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3002r Firmware TOTOLINK
CVE-2025-55296 MEDIUM CVSS 5.5
librenms is a community-based GPL-licensed network monitoring system. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
CVE-2025-55288 MEDIUM CVSS 5.5
Genealogy is a family tree PHP application. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Genealogy
CVE-2025-55287 MEDIUM CVSS 5.4
Genealogy is a family tree PHP application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Genealogy
CVE-2025-55214 MEDIUM CVSS 6.9
Copier library and CLI app for rendering project templates. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
CVE-2025-55213 MEDIUM CVSS 5.8
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Docker Google Helm Charts Openfga
CVE-2025-54862 MEDIUM CVSS 4.8
Sante PACS Server web portal is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sante Pacs Server
CVE-2025-54759 MEDIUM CVSS 5.1
Sante PACS Server is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sante Pacs Server
CVE-2025-54118 MEDIUM CVSS 5.3
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nameless
CVE-2025-43732 MEDIUM CVSS 4.8
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Digital Experience Platform Liferay Portal
CVE-2025-43731 MEDIUM CVSS 6.9
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
CVE-2025-41242 MEDIUM CVSS 5.9
Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tomcat Java Path Traversal Apache Spring
CVE-2025-33100 MEDIUM CVSS 6.2
IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Concert
CVE-2025-31714 MEDIUM CVSS 6.8
In Developer Tools, there is a possible missing verification incorrect input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
CVE-2025-27909 MEDIUM CVSS 5.4
IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration IBM Information Disclosure Concert
CVE-2025-9119 MEDIUM CVSS 4.8
A vulnerability was determined in Netis WF2419 1.2.29433. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
CVE-2025-9109 MEDIUM CVSS 6.3
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure I Diario
CVE-2025-9108 MEDIUM CVSS 5.3
Affected is an unknown function of the component Login Page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
CVE-2025-9107 MEDIUM CVSS 5.3
A vulnerability was determined in Portabilis i-Diario up to 1.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Diario
CVE-2025-9106 MEDIUM CVSS 5.1
A vulnerability was found in Portabilis i-Diario up to 1.5.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Diario
CVE-2025-9105 MEDIUM CVSS 5.1
A vulnerability has been found in Portabilis i-Diario up to 1.5.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Diario
CVE-2025-9104 MEDIUM CVSS 5.1
A flaw has been found in Portabilis i-Diario up to 1.5.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Diario
CVE-2025-9103 MEDIUM CVSS 4.8
A vulnerability was detected in ZenCart 2.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
CVE-2025-9102 MEDIUM CVSS 4.8
A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Mail Com Android
CVE-2025-9101 MEDIUM CVSS 5.1
A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Blog
CVE-2025-9100 MEDIUM CVSS 5.5
A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass My Blog
CVE-2025-9099 MEDIUM CVSS 5.3
A vulnerability was identified in Acrel Environmental Monitoring Cloud Platform up to 20250804. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass File Upload
CVE-2025-9098 MEDIUM CVSS 4.8
A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
CVE-2025-9097 MEDIUM CVSS 4.8
A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
CVE-2025-9096 MEDIUM CVSS 5.1
A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
CVE-2025-1759 MEDIUM CVSS 5.9
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
CVE-2025-54234 LOW CVSS 2.7
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Coldfusion
CVE-2025-43733 LOW CVSS 2.3
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
CVE-2025-3639 LOW CVSS 2.0
Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
CVE-2024-49827 LOW CVSS 3.7
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert

Today's Vulnerabilities Vulnerabilities