Skip to main content
CVE-2025-57808 HIGH POC PATCH This Week

ESPHome is a system to control microcontrollers remotely through Home Automation systems. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Esphome Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
6.2%
CVE-2024-48705 MEDIUM POC This Month

Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn531P3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
9.1%
CVE-2025-50757 MEDIUM POC This Month

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the username parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn535K3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
6.4%
CVE-2025-50755 MEDIUM POC This Month

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_cmd function via the command parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn535K3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
6.4%
CVE-2025-57614 HIGH POC This Week

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of service or potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Rust Ffmpeg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-57616 HIGH POC This Week

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Use After Free Rust Ffmpeg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57615 HIGH POC This Week

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Rust Ffmpeg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57612 HIGH POC This Week

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Rust Ffmpeg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9815 HIGH POC This Week

Missing authentication in the NSXPCListener implementation of batteryKid for macOS allows local authenticated attackers to achieve high-impact privilege escalation. An unprivileged local user can exploit the PrivilegeHelper.swift component to bypass authentication controls and execute privileged operations, potentially gaining root-level access. Publicly available exploit code exists on GitHub (SwayZGl1tZyyy/n-days), lowering the skill barrier for exploitation. EPSS score is 5% (17th percentile), indicating relatively low widespread exploitation probability despite POC availability, likely due to the local attack vector and limited user base of this open-source macOS utility.

Authentication Bypass Apple
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-55476 MEDIUM POC This Month

FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fireshare
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46047 MEDIUM POC PATCH This Month

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Silverpeas
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-51423 MEDIUM POC This Month

Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Global Human Resources
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-51966 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure XSS Utools
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-55474 MEDIUM POC This Month

Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS), which allows malicious Markdown files to execute JavaScript when viewed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Many Notes
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-9276 CRITICAL Act Now

Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Cockroach K8S Request Cert CockroachDB
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2025-26416 CRITICAL Act Now

In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-22429 CRITICAL Act Now

In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Android Google
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-22435 CRITICAL Act Now

In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-9832 MEDIUM POC This Month

A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9829 MEDIUM POC This Month

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9814 MEDIUM POC This Month

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9811 MEDIUM POC This Month

A vulnerability was found in Campcodes Farm Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9839 MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Student Information Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9838 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Student Information Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9837 MEDIUM POC This Month

A vulnerability was determined in itsourcecode Student Information Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9833 MEDIUM POC This Month

A vulnerability was detected in SourceCodester Online Farm Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9831 MEDIUM POC This Month

A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9830 MEDIUM POC This Month

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-57611 MEDIUM POC This Month

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the dump() method allows an attacker to cause a denial of service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Rust Ffmpeg
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-6519 CRITICAL Act Now

E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily generated password. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E3 Supervisory Controller Firmware
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-52551 CRITICAL Act Now

E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-8302 HIGH This Week

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Wi Fi Usb Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2025-52547 HIGH This Week

E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input validation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service E3 Supervisory Controller Firmware
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-2413 HIGH This Week

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.02.08 before v1.02.08. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-2414 HIGH This Week

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.09.03 before v1.11.01. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-52550 HIGH This Week

E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack E3 Supervisory Controller Firmware
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-9188 HIGH This Week

There is a deserialization of untrusted data vulnerability in Digilent DASYLab. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Dasylab
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2025-57777 HIGH This Week

There is an out of bounds write vulnerability due to improper bounds checking in displ2.dll when parsing a DSB file with Digilent DASYLab. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dasylab
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-57776 HIGH This Week

There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid address when parsing a DSB file with Digilent DASYLab. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dasylab
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-57775 HIGH This Week

There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing a DSB file with Digilent DASYLab. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dasylab
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-57774 HIGH This Week

There is an out of bounds write vulnerability due to improper bounds checking resulting in invalid data when parsing a DSB file with Digilent DASYLab. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dasylab
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-58259 HIGH PATCH This Week

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-9329 HIGH This Week

Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-9328 HIGH This Week

Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-58178 HIGH This Week

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22422 HIGH This Week

In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-8301 HIGH This Week

Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Wi Fi Usb Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-22433 HIGH This Week

In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9330 HIGH This Week

Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-22437 HIGH This Week

In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy