Skip to main content
CVE-2025-57105 CRITICAL POC Act Now

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Di 7400G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-52095 CRITICAL POC Act Now

An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Smart Deploy
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-50674 HIGH POC This Week

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Openmediavault
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-52094 HIGH POC This Week

Insecure Permissions vulnerability in PDQ Smart Deploy V.3.0.2040 allows a local attacker to execute arbtirary code via the \HKLM\SYSTEM\Setup\SmartDeploy component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smart Deploy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-55625 MEDIUM POC This Month

An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Reolink
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2022-31491 CRITICAL Act Now

Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2022-45134 CRITICAL Act Now

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Mahara
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-43110 CRITICAL Act Now

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-51092 CRITICAL Act Now

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Login Signup
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-26496 CRITICAL Act Now

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.1.3,. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption File Upload Microsoft Tableau Server Windows +1
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-38627 HIGH PATCH This Week

Use-after-free in the Linux kernel f2fs compression subsystem allows local authenticated attackers to achieve high confidentiality, integrity, and availability impact (CVSS 7.8). The vulnerability permits exploitation through a race condition where an inode can be freed while still referenced by asynchronous decompression work queues, leading to potential arbitrary code execution, information disclosure, or denial of service. With an EPSS score of 0.02% (5th percentile) and no public exploit identified at time of analysis, real-world exploitation risk remains relatively low despite the high severity score.

Linux Use After Free Information Disclosure Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26498 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Absolute Path Traversal.1.3, before. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Path Traversal Tableau Server Windows
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-26497 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Traversal.1.3, before 2024.2.12, before. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Path Traversal Tableau Server Windows
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-38670 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Linux Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2022-45133 MEDIUM This Month

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mahara
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-57887 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster allows Stored XSS.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-8678 MEDIUM PATCH This Month

The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wp_remote_request' function. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

WordPress SSRF PHP
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-57891 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-57890 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy Sessions allows Stored XSS.2.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-38641 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Fix potential NULL dereference on kmalloc failure Avoid potential NULL pointer dereference by checking the return. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38659 MEDIUM PATCH This Month

Linux kernel GFS2 filesystem can be forced into denial of service through a NULL pointer dereference when a node withdraws from a cluster filesystem and is the only node with the filesystem mounted. The vulnerability affects all Linux kernel versions with GFS2 support (CPE: cpe:2.3:o:linux:linux_kernel) and requires local access with unprivileged user privileges to trigger. An authenticated local attacker can crash the kernel by inducing specific GFS2 recovery conditions, causing system unavailability. No public exploit code has been identified, with an EPSS score of 0.02% indicating very low real-world exploitation likelihood despite the moderate CVSS 5.5 rating.

Null Pointer Dereference Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38648 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32_spi_probe The stm32_spi_probe function now includes a check to ensure that the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38643 MEDIUM PATCH This Month

A missing lock protection in the Linux kernel's cfg80211 wireless configuration subsystem causes a race condition when the cfg80211_propagate_cac_done_wk worker function attempts to access wireless device channel definitions without holding the required wiphy mutex. This allows a local attacker with limited privileges to trigger a kernel warning and cause a denial of service condition. The vulnerability affects Linux kernel versions from 5.5 onwards across multiple stable releases, with patches available from the vendor and deployed via Ubuntu security advisories USN-8095-2, USN-8095-3, and USN-8100-1. The EPSS score of 0.02% indicates very low actual exploitation probability despite the moderate CVSS score.

Linux Race Condition Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38626 MEDIUM PATCH This Month

Linux kernel f2fs file system denial of service via out-of-space panic in LFS mode allows local authenticated users to crash the system by triggering excessive block allocation during parallel asynchronous I/O operations. The vulnerability affects systems mounted with the 'mode=lfs' option and causes a kernel BUG panic in new_curseg() when foreground garbage collection is not triggered proactively during f2fs_map_blocks(). EPSS exploitation probability is low at 0.02% (4th percentile), indicating limited real-world exploitation likelihood despite CVSS 5.5 availability impact rating. Vendor-released patches are available across multiple kernel stable branches.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-57886 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-57896 MEDIUM This Month

Missing Authorization vulnerability in andy_moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.0.26. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-57888 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NooTheme Jobmonster allows Retrieve Embedded Sensitive Data.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53363 MEDIUM This Month

dpanel is an open source server management panel written in Go. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-38617 MEDIUM PATCH This Month

A race condition exists in the Linux kernel's packet socket implementation between the packet_set_ring() and packet_notifier() functions, where a temporary lock release allows a NETDEV_UP event to be processed while the socket is in an inconsistent state. This vulnerability affects all Linux kernel versions from 2.6.12 onwards and requires local privilege (non-root user) with moderately high attack complexity to exploit, resulting in a denial of service through resource exhaustion or system crash. The EPSS score of 0.01% indicates extremely low real-world exploitation probability despite the availability of patches and detailed technical analysis from Google security research.

Linux Race Condition Debian Linux Linux Kernel Red Hat +1
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-57894 MEDIUM This Month

Missing Authorization vulnerability in ollybach WPPizza allows Exploiting Incorrectly Configured Access Control Security Levels.19.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57884 MEDIUM This Month

Missing Authorization vulnerability in wpsoul Greenshift allows Exploiting Incorrectly Configured Access Control Security Levels.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-9331 MEDIUM This Month

The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcome_notice_import_handler' function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57895 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57893 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery.79.270. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57892 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Starr Simple Statistics for Feeds allows Cross Site Request Forgery. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57885 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Fluent Support allows Cross Site Request Forgery.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-54812 LOW PATCH Monitor

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required.

Apache XSS Log4Cxx
NVD GitHub
CVSS 4.0
2.1
EPSS
0.3%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-9356 HIGH POC This Month

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware +3
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-9355 HIGH POC This Month

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware +3
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-55455 LOW POC Monitor

DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dootask
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-52451 HIGH This Month

Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.1.3, before 2024.2.12,. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Tableau Server Windows
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-52450 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create-data-source-from-file-upload modules). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal Tableau Server Windows
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4609 CRITICAL POC PATCH Act Now

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Information Disclosure Chrome Windows +1
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-43761 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-57801 HIGH POC PATCH This Week

gnark is a zero-knowledge proof system framework. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Gnark
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-6791 HIGH This Month

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-55454 HIGH POC This Week

An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask v1.0.51 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dootask
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54813 MEDIUM PATCH This Month

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apache Log4Cxx Red Hat Suse
NVD GitHub
CVSS 4.0
6.3
EPSS
0.2%
CVE-2025-50859 MEDIUM POC This Month

Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easy Hosting Control Panel
NVD
CVSS 3.1
6.1
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy