Skip to main content
CVE-2025-54370 HIGH PATCH This Month

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SSRF
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-53853 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE Libbiosig
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-53557 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE Libbiosig
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-53511 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE Libbiosig
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-52581 CRITICAL POC Act Now

An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Integer Overflow Libbiosig
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-52461 HIGH POC This Week

An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libbiosig
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-48005 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE Libbiosig
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-46411 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE Libbiosig
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-45968 CRITICAL POC Act Now

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass System Pdv
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-43960 HIGH POC This Week

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Deserialization Adminer Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.5%
CVE-2025-29517 MEDIUM POC This Week

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-29516 HIGH POC This Month

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-29515 CRITICAL POC Act Now

Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-29514 CRITICAL POC Act Now

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8562 MEDIUM This Month

The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the 'lens' parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7426 CRITICAL This Week

Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-5191 HIGH This Month

An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-8997 MEDIUM This Month

An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-54301 HIGH This Month

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-54300 HIGH This Month

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-5514 MEDIUM This Month

Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-9405 MEDIUM POC PATCH This Month

A security flaw has been discovered in Open5GS up to 2.7.5. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-9398 MEDIUM POC This Month

A security vulnerability has been detected in YiFang CMS up to 2.0.5. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Yifang
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy