Skip to main content
CVE-2025-9380 HIGH This Week

Hard-coded root credentials in FNKvision Y215 CCTV Camera firmware (version 10.194.120.40) allow local authenticated attackers with low privileges to escalate to root access, achieving complete system compromise. Public exploit code demonstrates credential extraction from firmware binaries. EPSS score of 0.01% (2nd percentile) indicates minimal observed scanning activity despite public POC availability, likely due to the local access requirement limiting remote mass exploitation. CISA KEV does not list this CVE, suggesting no confirmed widespread active exploitation targeting these IoT cameras.

Authentication Bypass
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-9387 LOW POC Monitor

A vulnerability was found in DCN DCME-720 9.1.5.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2025-9397 LOW POC Monitor

A weakness has been identified in givanz Vvveb up to 1.0.7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-9395 LOW POC Monitor

A vulnerability was identified in wangsongyan wblog 0.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-9391 LOW POC Monitor

A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-9388 LOW POC Monitor

A vulnerability was determined in Scada-LTS up to 2.7.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9390 LOW POC PATCH Monitor

A security flaw has been discovered in vim up to 9.1.1615. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9394 LOW POC PATCH Monitor

A flaw has been found in PoDoFo 1.1.0-dev.cpp of the component PDF Dictionary Parser. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9389 LOW POC PATCH Monitor

A vulnerability was identified in vim 9.1.0000. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9396 LOW POC Monitor

A security flaw has been discovered in ckolivas lrzip up to 0.651. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9386 LOW POC PATCH Monitor

A vulnerability has been found in appneta tcpreplay up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9384 LOW POC PATCH Monitor

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9385 LOW POC PATCH Monitor

A flaw has been found in appneta tcpreplay up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9382 MEDIUM This Month

A weakness has been identified in FNKvision Y215 CCTV Camera 10.194.120.40. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
4.5
EPSS
0.0%
CVE-2025-9383 LOW Monitor

A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. Rated low severity (CVSS 2.0). No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-9381 LOW Monitor

A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. Rated low severity (CVSS 1.0). No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
0.3
EPSS
0.0%
CVE-2025-9393 HIGH POC This Month

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware +2
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-9392 HIGH POC This Month

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware +3
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-9379 HIGH This Month

A vulnerability was determined in Belkin AX1800 1.1.00.016. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-8208 MEDIUM This Month

The Spexo Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.0.23 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-36174 HIGH This Month

IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Integrated Analytics System
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-36157 CRITICAL PATCH This Week

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Jazz Foundation
NVD
CVSS 3.1
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy