Skip to main content
CVE-2025-9377 HIGH KEV THREAT Act Now

TP-Link Archer C7 and TL-WR841N routers contain an authenticated remote command execution vulnerability in the Parental Control page, affecting end-of-life devices with no patch available.

RCE TP-Link
NVD
CVSS 4.0
8.6
EPSS
15.6%
CVE-2025-9605 HIGH POC This Week

A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac21 Firmware Ac23 Firmware
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.5%
CVE-2025-55763 HIGH POC This Week

Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow RCE Civetweb +1
NVD GitHub
CVSS 3.1
7.5
EPSS
5.8%
CVE-2024-46917 HIGH POC This Week

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Microsoft Vynamic Security Suite Windows
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2023-41471 HIGH POC This Week

Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Copyparty
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58157 HIGH POC PATCH This Week

gnark is a zero-knowledge proof system framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Gnark Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-9639 HIGH This Week

The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-8858 HIGH This Week

Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-43187 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43268 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-5808 HIGH This Week

Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.8 patch 3. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-40927 HIGH PATCH This Week

CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect XSS Suse
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-56577 HIGH This Month

An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evope Core
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-58158 HIGH PATCH This Month

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-52861 HIGH This Month

A path traversal vulnerability has been reported to affect VioStor. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
7.0
EPSS
0.4%
CVE-2025-33038 HIGH This Month

A path traversal vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-33037 HIGH This Month

A path traversal vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-33036 HIGH This Month

A path traversal vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-33033 HIGH This Month

A path traversal vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-30278 HIGH This Month

An improper certificate validation vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Qsync Central
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-30277 HIGH This Month

An improper certificate validation vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Qsync Central
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-30273 HIGH This Month

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-30264 HIGH This Month

A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero
NVD
CVSS 4.0
7.7
EPSS
0.3%
CVE-2025-30261 HIGH This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qsync Central
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-30260 HIGH This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qsync Central
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-29900 HIGH This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-29899 HIGH This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-29894 HIGH This Month

An SQL injection vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qsync Central
NVD
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-29893 HIGH This Month

An SQL injection vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qsync Central
NVD
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-29890 HIGH This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-29887 HIGH This Month

A command injection vulnerability has been reported to affect QuRouter 2.5.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Qurouter
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-29875 HIGH This Month

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-22483 HIGH This Month

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap XSS License Center
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-47909 HIGH PATCH This Month

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-46916 HIGH POC This Week

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Microsoft Privilege Escalation Vynamic Security Suite Windows
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-13342 HIGH PATCH This Month

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress RCE File Upload Booster For Woocommerce
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-53508 HIGH This Month

Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-53507 HIGH This Month

Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-58323 HIGH This Month

NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Mybox Windows
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-39247 HIGH This Month

There is an Access Control Vulnerability in some HikCentral Professional versions. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy