Skip to main content
CVE-2025-55422 HIGH POC This Week

In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Foxcms
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-7308 HIGH POC This Week

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Secgate3600 Firmware
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2023-7307 HIGH This Week

Sangfor Behavior Management System (also referred to as DC Management System in Chinese-language documentation) contains an XML external entity (XXE) injection vulnerability in the /src/sangforindex. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SSRF
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-40779 HIGH PATCH This Week

If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55618 HIGH This Week

In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Navigation
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-58218 HIGH This Week

Deserialization of Untrusted Data vulnerability in enituretechnology Small Package Quotes - USPS Edition allows Object Injection.3.9. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-58217 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-34520 HIGH This Month

An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Udp
NVD
CVSS 4.0
7.7
EPSS
0.3%
CVE-2024-13982 HIGH This Month

SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD
CVSS 4.0
8.7
EPSS
2.3%
CVE-2024-37777 HIGH POC This Week

O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE O2oa
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-51667 HIGH POC PATCH This Month

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Simple Admin Suse
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-50979 HIGH POC This Week

NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PostgreSQL SQLi Nodebb
NVD GitHub
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-20317 HIGH This Month

A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-20241 HIGH This Month

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-50983 HIGH POC This Week

SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Readarr
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-53105 HIGH This Month

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9527 HIGH POC This Month

A vulnerability was found in Linksys E1700 1.0.0.4.003. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys E1700 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-43882 HIGH This Month

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Thinos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43730 HIGH This Month

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Thinos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-43729 HIGH This Month

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Thinos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9526 HIGH POC This Month

A vulnerability has been found in Linksys E1700 1.0.0.4.003. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys E1700 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.5%
CVE-2025-9525 HIGH POC This Month

A flaw has been found in Linksys E1700 1.0.0.4.003. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys E1700 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-9523 HIGH POC This Week

A vulnerability was detected in Tenda AC1206 15.03.06.23. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac1206 Firmware
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.6%
CVE-2025-30064 HIGH This Month

An insufficiently secured internal function allows session generation for arbitrary users. Rated high severity (CVSS 8.8). No vendor patch available.

RCE Jwt Attack
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-30038 HIGH This Month

The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-30037 HIGH This Month

The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-30036 HIGH This Month

Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation XSS
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-57846 HIGH This Month

Multiple i-フィルター products contain an issue with incorrect default permissions. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-57797 HIGH This Month

Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy