Skip to main content
CVE-2025-43300 CRITICAL POC KEV THREAT Emergency

Apple iOS/iPadOS contain an out-of-bounds write in image processing that allows code execution through malicious images, exploited in extremely sophisticated targeted attacks against specific individuals.

Memory Corruption Buffer Overflow Apple
NVD GitHub
CVSS 3.1
10.0
EPSS
0.5%
Threat
5.0
CVE-2025-55370 HIGH POC This Week

Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Jsherp
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-55368 HIGH POC This Week

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Jsherp
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-55564 HIGH POC This Week

Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9297 HIGH POC This Week

A vulnerability was detected in Tenda i22 1.0.0.3(4687). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda I22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-7969 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Markdown It Red Hat Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-53251 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP allows Upload a Web Shell to a Web Server.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-9311 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9307 MEDIUM POC This Month

A flaw has been found in PHPGurukul Online Course Registration 3.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9305 MEDIUM POC This Month

A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9304 MEDIUM POC This Month

A weakness has been identified in SourceCodester Online Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9302 MEDIUM POC This Month

A vulnerability was identified in PHPGurukul User Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-55371 MEDIUM POC This Month

Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Jsherp
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55367 MEDIUM POC This Month

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Jsherp
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55366 MEDIUM POC This Month

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Java Jsherp
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-27721 HIGH This Week

Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-55230 HIGH This Week

Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-38743 HIGH This Week

Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Emc Idrac Service Module
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-55523 LOW POC Monitor

An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Agent Zero
NVD GitHub
CVSS 3.1
3.5
EPSS
0.3%
CVE-2025-51989 HIGH This Week

HTML injection vulnerability in the registration interface in Evolution Consulting Kft. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-9264 LOW POC PATCH Monitor

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-9296 LOW POC Monitor

A security vulnerability has been detected in Emlog Pro up to 2.5.18. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-9306 LOW POC Monitor

A vulnerability was detected in SourceCodester Advanced School Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9300 LOW POC PATCH Monitor

A vulnerability was found in saitoha libsixel up to 1.10.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-27714 MEDIUM This Month

An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-48355 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof allows Retrieve Embedded Sensitive Data.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-9309 LOW POC Monitor

A vulnerability was found in Tenda AC10 16.03.10.13. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

Authentication Bypass Tenda
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-6465 MEDIUM PATCH This Month

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Path Traversal Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-9301 LOW PATCH Monitor

A vulnerability was determined in cmake 4.1.20250725-gb5cce23. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-43753 LOW PATCH Monitor

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-51606 HIGH POC This Week

hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-43747 MEDIUM Monitor

A server-side request forgery (SSRF) vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Digital Experience Platform
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-55231 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Microsoft Race Condition Windows Server 2012 Windows Server 2016 +4
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55229 MEDIUM This Month

Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Jwt Attack Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55107 MEDIUM Monitor

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 - 11.4 that may allow a remote, authenticated attacker to inject malicious a file with. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-55106 MEDIUM Monitor

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 - 11.4 that may allow a remote, authenticated attacker to inject malicious a file with. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-55105 MEDIUM Monitor

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 - 11.4 that may allow a remote, authenticated attacker to inject malicious a file with. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-55104 MEDIUM Monitor

A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-55103 MEDIUM PATCH Monitor

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 - 11.4 that may allow a remote, authenticated attacker to inject malicious a file with. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-54460 HIGH This Month

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-53795 CRITICAL This Week

Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Pc Manager
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-53763 CRITICAL This Week

Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Purview Data Governance
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-41415 HIGH This Month

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to access publication targets) to retrieve sensitive information that could then be used to gain additional. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-3128 CRITICAL This Week

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-24489 MEDIUM This Month

An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-57751 HIGH PATCH This Month

pyLoad is the free and open-source Download Manager written in pure Python. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-38742 MEDIUM This Month

Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Emc Idrac Service Module
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-7051 HIGH This Month

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass N Central
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-57768 MEDIUM This Month

Phproject is a high performance full-featured project management system. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-55524 HIGH POC This Month

Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Agent Zero
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy