Skip to main content
CVE-2025-58203 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery.3.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-58193 MEDIUM This Month

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.7.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58192 MEDIUM This Month

Missing Authorization vulnerability in Xylus Themes WP Bulk Delete allows Exploiting Incorrectly Configured Access Control Security Levels.3.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58202 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction allows Cross Site Request Forgery.0.32. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49040 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt allows Cross Site Request Forgery.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-34522 CRITICAL This Week

A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE Udp
NVD
CVSS 4.0
9.2
EPSS
0.7%
CVE-2025-34521 MEDIUM Monitor

A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is improperly reflected in HTTP responses. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Udp
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-34520 HIGH This Month

An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Udp
NVD
CVSS 4.0
7.7
EPSS
0.3%
CVE-2025-34160 CRITICAL This Week

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
10.0
EPSS
1.1%
CVE-2024-13985 CRITICAL This Week

A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handle.action interface. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dahua Command Injection
NVD GitHub
CVSS 4.0
10.0
EPSS
0.3%
CVE-2024-13984 CRITICAL This Week

QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 4.0
10.0
EPSS
1.1%
CVE-2024-13982 HIGH This Month

SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD
CVSS 4.0
8.7
EPSS
2.3%
CVE-2024-13981 CRITICAL POC Act Now

LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Path Traversal
NVD GitHub
CVSS 4.0
10.0
EPSS
1.1%
CVE-2024-13980 CRITICAL This Week

H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub
CVSS 4.0
10.0
EPSS
2.8%
CVE-2025-55582 MEDIUM POC This Week

D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity,. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE D-Link Privilege Escalation Dcs 825L Firmware
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-4225 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-3601 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2246 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2024-37777 HIGH POC This Week

O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE O2oa
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-58050 MEDIUM POC PATCH This Week

The PCRE2 library is a set of C functions that implement regular expression pattern matching. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Information Disclosure Pcre2 Red Hat +1
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-55495 MEDIUM POC This Week

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-51667 HIGH POC PATCH This Month

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Simple Admin Suse
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-50979 HIGH POC This Week

NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PostgreSQL SQLi Nodebb
NVD GitHub
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-5187 MEDIUM PATCH This Month

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Red Hat Suse
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-57821 MEDIUM PATCH Monitor

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Open Redirect
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-50977 MEDIUM POC This Month

A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Gitblit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-50428 CRITICAL POC PATCH Act Now

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection PHP Raspap Webgui
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2025-20348 MEDIUM This Month

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-20347 MEDIUM This Month

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-20344 MEDIUM This Month

A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Nexus Dashboard
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20342 MEDIUM This Month

A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-20317 HIGH This Month

A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-20296 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS
NVD
CVSS 3.0
5.4
EPSS
0.0%
CVE-2025-20295 MEDIUM This Month

A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20294 MEDIUM This Month

Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20292 MEDIUM Monitor

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2025-20290 MEDIUM This Month

A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20262 MEDIUM This Month

A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Cisco
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2025-20241 HIGH This Month

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-54598 MEDIUM POC This Week

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bevy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50984 MEDIUM POC This Month

diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Elastic SQLi Diskover
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-50983 HIGH POC This Week

SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Readarr
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-50978 MEDIUM POC This Month

In Gitblit v1.7.1, a reflected cross-site scripting (XSS) vulnerability exists in the way repository path names are handled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitblit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-53105 HIGH This Month

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52122 CRITICAL POC PATCH Act Now

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Freeform
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-50989 CRITICAL POC Act Now

OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Opnsense
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2025-50986 MEDIUM POC This Month

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting (XSS) vulnerabilities in its administrative settings interface. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Diskover
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-50985 MEDIUM POC This Month

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting (XSS) flaws in its web interface. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Diskover
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-50972 CRITICAL POC Act Now

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmpl_id parameter to index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Abantecart
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-9527 HIGH POC This Month

A vulnerability was found in Linksys E1700 1.0.0.4.003. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys E1700 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy