Skip to main content
CVE-2025-55282 CRITICAL PATCH This Week

aiven-db-migrate is an Aiven database migration tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation PostgreSQL Path Traversal Aiven Db Migrate
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-55214 MEDIUM PATCH This Month

Copier library and CLI app for rendering project templates. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-55205 CRITICAL PATCH This Week

Capsule is a multi-tenancy and policy-based framework for Kubernetes. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Kubernetes
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-55201 HIGH PATCH This Month

Copier library and CLI app for rendering project templates. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-54234 LOW Monitor

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Coldfusion
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-3639 LOW Monitor

Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-54421 HIGH POC PATCH This Month

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nameless
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-54118 MEDIUM POC PATCH This Month

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nameless
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54117 CRITICAL POC PATCH Act Now

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nameless
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-4962 HIGH This Month

An Insecure Direct Object Reference (IDOR) vulnerability was identified in the `POST /v1/templates` endpoint of the Lunary API, affecting versions up to 0.8.8. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.0
7.7
EPSS
0.0%
CVE-2025-43732 MEDIUM PATCH Monitor

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-36120 HIGH This Month

IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Storage Virtualize
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-33100 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Concert
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-33090 HIGH This Month

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Concert
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-27909 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration IBM Information Disclosure Concert
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-1759 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-49827 LOW Monitor

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-43733 LOW PATCH Monitor

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-47206 HIGH This Month

An out-of-bounds write vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow File Station
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-5296 HIGH This Month

arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-57700 HIGH This Month

DIAEnergie - Stored Cross-site Scripting. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-9100 MEDIUM POC This Month

A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass My Blog
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-31715 CRITICAL This Week

In vowifi service, there is a possible command injection due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-31714 MEDIUM This Month

In Developer Tools, there is a possible missing verification incorrect input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-31713 HIGH This Month

In engineer mode service, there is a possible command injection due to improper input validation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
NVD
CVSS 3.1
8.4
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy