THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — August 29, 2025

171 CVEs tracked today. 6 Critical, 39 High, 106 Medium, 12 Low.

CVE-2025-58159 CRITICAL CVSS 9.9
WeGIA is a Web manager for charitable institutions. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Wegia
CVE-2025-55177 MEDIUM CVSS 5.4
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Authentication Bypass Apple Whatsapp Whatsapp Business iOS
CVE-2025-52856 CRITICAL CVSS 9.3
An improper authentication vulnerability has been reported to affect VioStor. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qvr
CVE-2025-44033 CRITICAL CVSS 9.8
SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE SQLi Oa System
CVE-2025-9377 HIGH CVSS 8.6
TP-Link Archer C7 and TL-WR841N routers contain an authenticated remote command execution vulnerability in the Parental Control page, affecting end-of-life devices with no patch available.

RCE TP-Link
CVE-2025-8861 CRITICAL CVSS 9.3
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2024-46484 CRITICAL CVSS 9.8
TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tv Ip410 Firmware
CVE-2025-8857 CRITICAL CVSS 9.3
Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2025-58323 HIGH CVSS 7.7
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Mybox Windows
CVE-2025-58158 HIGH CVSS 8.8
Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Suse
CVE-2025-58157 HIGH CVSS 7.5
gnark is a zero-knowledge proof system framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Gnark Suse
CVE-2025-56577 HIGH CVSS 8.4
An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evope Core
CVE-2025-55763 HIGH CVSS 7.5
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow RCE Civetweb
CVE-2025-53508 HIGH CVSS 8.6
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
CVE-2025-53507 HIGH CVSS 7.1
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-52861 HIGH CVSS 7.0
A path traversal vulnerability has been reported to affect VioStor. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
CVE-2025-47909 HIGH CVSS 7.3
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Suse
CVE-2025-43268 HIGH CVSS 7.8
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
CVE-2025-43187 HIGH CVSS 7.8
This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple
CVE-2025-40927 HIGH CVSS 7.3
CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect XSS Suse
CVE-2025-39247 HIGH CVSS 8.6
There is an Access Control Vulnerability in some HikCentral Professional versions. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2025-33038 HIGH CVSS 7.2
A path traversal vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
CVE-2025-33037 HIGH CVSS 7.2
A path traversal vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
CVE-2025-33036 HIGH CVSS 7.2
A path traversal vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
CVE-2025-33033 HIGH CVSS 7.2
A path traversal vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
CVE-2025-30278 HIGH CVSS 8.3
An improper certificate validation vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Qsync Central
CVE-2025-30277 HIGH CVSS 8.3
An improper certificate validation vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Qsync Central
CVE-2025-30273 HIGH CVSS 7.1
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Qnap Qts Quts Hero
CVE-2025-30264 HIGH CVSS 7.7
A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero
CVE-2025-30261 HIGH CVSS 7.1
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qsync Central
CVE-2025-30260 HIGH CVSS 7.1
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qsync Central
CVE-2025-29900 HIGH CVSS 7.1
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
CVE-2025-29899 HIGH CVSS 7.1
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
CVE-2025-29894 HIGH CVSS 7.5
An SQL injection vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qsync Central
CVE-2025-29893 HIGH CVSS 7.5
An SQL injection vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qsync Central
CVE-2025-29890 HIGH CVSS 7.1
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
CVE-2025-29887 HIGH CVSS 7.1
A command injection vulnerability has been reported to affect QuRouter 2.5.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Qurouter
CVE-2025-29875 HIGH CVSS 7.1
A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
CVE-2025-22483 HIGH CVSS 7.1
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap XSS License Center
CVE-2025-9639 HIGH CVSS 8.7
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
CVE-2025-9605 HIGH CVSS 8.9
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac21 Firmware Ac23 Firmware
CVE-2025-8858 HIGH CVSS 8.7
Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
CVE-2025-5808 HIGH CVSS 7.3
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.8 patch 3. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2024-46917 HIGH CVSS 8.1
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Microsoft Vynamic Security Suite Windows
CVE-2024-46916 HIGH CVSS 8.1
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Microsoft Privilege Escalation Vynamic Security Suite Windows
CVE-2024-13342 HIGH CVSS 8.1
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress RCE File Upload Booster For Woocommerce
CVE-2025-58068 MEDIUM CVSS 6.3
Eventlet is a concurrent networking library for Python. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Authentication Bypass Request Smuggling Python Eventlet Redhat
CVE-2025-58067 MEDIUM CVSS 4.2
Basecamp's Google Sign-In adds Google sign-in to Rails applications. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Open Redirect
CVE-2025-58066 MEDIUM CVSS 5.3
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
CVE-2025-57822 MEDIUM CVSS 6.5
Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Next Js
CVE-2025-57752 MEDIUM CVSS 6.2
Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Next Js Redhat
CVE-2025-55750 MEDIUM CVSS 6.5
Gitpod is a developer platform for cloud development environments. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
CVE-2025-55580 MEDIUM CVSS 5.4
SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Solidinvoice
CVE-2025-55579 MEDIUM CVSS 5.4
SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Solidinvoice
CVE-2025-55173 MEDIUM CVSS 4.3
Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Next Js Redhat
CVE-2025-54877 MEDIUM CVSS 5.3
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Tuleap
CVE-2025-54777 MEDIUM CVSS 5.3
Uncaught exception issue exists in Multiple products in bizhub series. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-54142 MEDIUM CVSS 4.0
Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Request Smuggling Information Disclosure
CVE-2025-43773 MEDIUM CVSS 4.6
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Digital Experience Platform Liferay Portal
CVE-2025-43284 MEDIUM CVSS 5.5
An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure
CVE-2025-40709 MEDIUM CVSS 5.1
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
CVE-2025-40708 MEDIUM CVSS 5.1
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
CVE-2025-40707 MEDIUM CVSS 5.1
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
CVE-2025-40706 MEDIUM CVSS 5.1
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
CVE-2025-40705 MEDIUM CVSS 5.1
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
CVE-2025-40704 MEDIUM CVSS 5.1
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
CVE-2025-40703 MEDIUM CVSS 5.1
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
CVE-2025-40702 MEDIUM CVSS 5.1
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
CVE-2025-39246 MEDIUM CVSS 5.3
There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
CVE-2025-39245 MEDIUM CVSS 4.7
There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
CVE-2025-33032 MEDIUM CVSS 5.1
A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts Quts Hero
CVE-2025-30275 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Qsync Central
CVE-2025-30274 MEDIUM CVSS 5.1
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
CVE-2025-30272 MEDIUM CVSS 5.1
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
CVE-2025-30271 MEDIUM CVSS 5.3
A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts Quts Hero
CVE-2025-30270 MEDIUM CVSS 5.3
A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts Quts Hero
CVE-2025-30268 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
CVE-2025-30267 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
CVE-2025-30263 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Qsync Central
CVE-2025-30262 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Qsync Central
CVE-2025-29898 MEDIUM CVSS 6.0
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qsync Central
CVE-2025-29889 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
CVE-2025-29888 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
CVE-2025-29886 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
CVE-2025-29882 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
CVE-2025-29879 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
CVE-2025-29878 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
CVE-2025-29874 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
CVE-2025-9678 MEDIUM CVSS 6.9
A weakness has been identified in Campcodes Online Loan Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Loan Management System
CVE-2025-9677 MEDIUM CVSS 4.8
A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Legend Of The Phoenix Android
CVE-2025-9676 MEDIUM CVSS 4.8
A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Universe Android
CVE-2025-9675 MEDIUM CVSS 4.8
A vulnerability was determined in Voice Changer App up to 1.1.0.xml of the component com.tuyangkeji.changevoice. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Voice Changer Android
CVE-2025-9674 MEDIUM CVSS 4.8
A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Scooper News Android
CVE-2025-9673 MEDIUM CVSS 4.8
A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
CVE-2025-9672 MEDIUM CVSS 4.8
A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
CVE-2025-9671 MEDIUM CVSS 4.8
A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
CVE-2025-9670 MEDIUM CVSS 5.5
A security flaw has been discovered in mixmark-io turndown up to 7.2.1. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
CVE-2025-9669 MEDIUM CVSS 6.9
A vulnerability has been found in Jinher OA 1.0.aspx. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jinher Oa
CVE-2025-9667 MEDIUM CVSS 5.3
A vulnerability was detected in code-projects Simple Grading System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Grading System
CVE-2025-9666 MEDIUM CVSS 5.3
A security vulnerability has been detected in code-projects Simple Grading System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Grading System
CVE-2025-9665 MEDIUM CVSS 5.3
A weakness has been identified in code-projects Simple Grading System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Grading System
CVE-2025-9664 MEDIUM CVSS 5.3
A security flaw has been discovered in code-projects Simple Grading System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Grading System
CVE-2025-9663 MEDIUM CVSS 5.3
A vulnerability was identified in code-projects Simple Grading System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Grading System
CVE-2025-9662 MEDIUM CVSS 6.9
A vulnerability was determined in code-projects Simple Grading System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Grading System
CVE-2025-9660 MEDIUM CVSS 6.9
A vulnerability was found in SourceCodester Bakeshop Online Ordering System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bakeshop Online Ordering System
CVE-2025-9659 MEDIUM CVSS 5.1
A vulnerability has been found in O2OA up to 10.0-410. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS O2oa
CVE-2025-9658 MEDIUM CVSS 5.1
A flaw has been found in O2OA up to 10.0-410. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS O2oa
CVE-2025-9657 MEDIUM CVSS 5.1
A vulnerability was detected in O2OA up to 10.0-410. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS O2oa
CVE-2025-9656 MEDIUM CVSS 5.3
A security vulnerability has been detected in PHPGurukul Directory Management System 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Directory Management System
CVE-2025-9655 MEDIUM CVSS 5.1
A weakness has been identified in O2OA up to 10.0-410. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS O2oa
CVE-2025-9654 MEDIUM CVSS 5.3
A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
CVE-2025-9653 MEDIUM CVSS 5.1
A vulnerability was identified in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS I Educar
CVE-2025-9652 MEDIUM CVSS 5.1
A vulnerability was determined in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS I Educar
CVE-2025-9651 MEDIUM CVSS 5.3
A vulnerability was found in shafhasan chatbox up to 156a39cde62f78532c3265a70eda12c70907e56f. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
CVE-2025-9650 MEDIUM CVSS 5.3
A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java
CVE-2025-9649 MEDIUM CVSS 4.8
A security vulnerability has been detected in appneta tcpreplay 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcpreplay Suse
CVE-2025-9647 MEDIUM CVSS 5.3
A weakness has been identified in mtons mblog up to 3.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mblog
CVE-2025-9646 MEDIUM CVSS 5.1
A security flaw has been discovered in O2OA up to 10.0-410. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS O2oa
CVE-2025-9645 MEDIUM CVSS 6.9
A vulnerability was identified in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Management System
CVE-2025-9644 MEDIUM CVSS 6.9
A vulnerability was determined in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Management System
CVE-2025-9643 MEDIUM CVSS 6.9
A vulnerability was found in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Management System
CVE-2025-9619 MEDIUM CVSS 6.9
A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-9610 MEDIUM CVSS 6.9
A vulnerability was determined in code-projects Online Event Judging System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Event Judging System
CVE-2025-9609 MEDIUM CVSS 5.3
A vulnerability was found in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I Educar
CVE-2025-9608 MEDIUM CVSS 5.3
A vulnerability has been found in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi I Educar
CVE-2025-9607 MEDIUM CVSS 5.3
A flaw has been found in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi I Educar
CVE-2025-9606 MEDIUM CVSS 5.3
A vulnerability was detected in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi I Educar
CVE-2025-9604 MEDIUM CVSS 6.3
A vulnerability was identified in coze-studio up to 0.2.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
CVE-2025-9603 MEDIUM CVSS 5.3
A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tlr 2005Ksh Firmware
CVE-2025-9602 MEDIUM CVSS 5.3
A vulnerability was found in Xinhu RockOA up to 2.6.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Rockoa
CVE-2025-9601 MEDIUM CVSS 6.9
A vulnerability was detected in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Management System
CVE-2025-9600 MEDIUM CVSS 6.9
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Management System
CVE-2025-9599 MEDIUM CVSS 6.9
A weakness has been identified in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Management System
CVE-2025-9598 MEDIUM CVSS 6.9
A security flaw has been discovered in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Management System
CVE-2025-9597 MEDIUM CVSS 6.9
A vulnerability was identified in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Management System
CVE-2025-9596 MEDIUM CVSS 6.9
A vulnerability was determined in itsourcecode Sports Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sports Management System
CVE-2025-9595 MEDIUM CVSS 5.3
A vulnerability was found in code-projects Student Information Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Student Information Management System
CVE-2025-9441 MEDIUM CVSS 6.5
The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order' parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
CVE-2025-9374 MEDIUM CVSS 4.3
The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
CVE-2025-9217 MEDIUM CVSS 6.5
The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'used_svg' and 'used_images' parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP
CVE-2025-8619 MEDIUM CVSS 6.4
The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map Block URL in all versions up to, and including, 1.3.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
CVE-2025-8290 MEDIUM CVSS 6.4
The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
CVE-2025-8150 MEDIUM CVSS 6.4
The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter and Countdown widgets in all versions up to, and including, 2.2.9 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
CVE-2025-8147 MEDIUM CVSS 4.3
The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscache_activatePlugin() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
CVE-2025-7383 MEDIUM CVSS 5.9
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Oracle Information Disclosure
CVE-2025-7071 MEDIUM CVSS 5.9
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Oracle Information Disclosure
CVE-2025-4644 MEDIUM CVSS 5.3
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure
CVE-2025-4643 MEDIUM CVSS 6.3
Payload uses JSON Web Tokens (JWT) for authentication. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
CVE-2024-54568 MEDIUM CVSS 4.3
The issue was addressed with improved memory handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple macOS
CVE-2024-54554 MEDIUM CVSS 5.5
This issue was addressed with improved handling of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
CVE-2024-13987 MEDIUM CVSS 5.9
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology XSS
CVE-2025-58333 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-58332 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-58331 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-58330 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-58329 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-58328 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-58327 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-58326 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-58160 LOW CVSS 2.3
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
CVE-2025-58156 LOW CVSS 1.9
Centurion ERP is an ERP with a focus on ITSM and automation. Rated low severity (CVSS 1.9), this vulnerability is low attack complexity.

Authentication Bypass Centurion Erp
CVE-2025-55304 LOW CVSS 1.8
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Rated low severity (CVSS 1.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Exiv2
CVE-2025-55202 LOW CVSS 2.7
Opencast is a free, open-source platform to support the management of educational audio and video content. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Opencast
CVE-2025-54080 LOW CVSS 1.8
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Rated low severity (CVSS 1.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Exiv2
CVE-2025-48979 LOW CVSS 3.4
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
CVE-2025-44015 LOW CVSS 2.3
A command injection vulnerability has been reported to affect HybridDesk Station. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Hybriddesk Station
CVE-2025-43255 LOW CVSS 3.3
An out-of-bounds read was addressed with improved bounds checking. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure
CVE-2025-30265 LOW CVSS 2.3
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Buffer Overflow Qts Quts Hero
CVE-2025-9071 LOW CVSS 2.3
Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
CVE-2024-44271 LOW CVSS 3.3
The issue was addressed with improved checks. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
CVE-2024-12923 LOW CVSS 2.0
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable. No vendor patch available.

XSS Photo Station

Today's Vulnerabilities Vulnerabilities