Skip to main content
CVE-2025-57808 HIGH POC PATCH This Week

ESPHome is a system to control microcontrollers remotely through Home Automation systems. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Esphome Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
6.2%
CVE-2025-57614 HIGH POC This Week

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of service or potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Rust Ffmpeg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-57616 HIGH POC This Week

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Use After Free Rust Ffmpeg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57615 HIGH POC This Week

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Rust Ffmpeg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57612 HIGH POC This Week

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Rust Ffmpeg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9815 HIGH POC This Week

Missing authentication in the NSXPCListener implementation of batteryKid for macOS allows local authenticated attackers to achieve high-impact privilege escalation. An unprivileged local user can exploit the PrivilegeHelper.swift component to bypass authentication controls and execute privileged operations, potentially gaining root-level access. Publicly available exploit code exists on GitHub (SwayZGl1tZyyy/n-days), lowering the skill barrier for exploitation. EPSS score is 5% (17th percentile), indicating relatively low widespread exploitation probability despite POC availability, likely due to the local attack vector and limited user base of this open-source macOS utility.

Authentication Bypass Apple
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-8302 HIGH This Week

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Wi Fi Usb Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2025-52547 HIGH This Week

E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input validation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service E3 Supervisory Controller Firmware
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-2413 HIGH This Week

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.02.08 before v1.02.08. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-2414 HIGH This Week

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.09.03 before v1.11.01. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-52550 HIGH This Week

E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack E3 Supervisory Controller Firmware
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-9188 HIGH This Week

There is a deserialization of untrusted data vulnerability in Digilent DASYLab. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Dasylab
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2025-57777 HIGH This Week

There is an out of bounds write vulnerability due to improper bounds checking in displ2.dll when parsing a DSB file with Digilent DASYLab. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dasylab
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-57776 HIGH This Week

There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid address when parsing a DSB file with Digilent DASYLab. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dasylab
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-57775 HIGH This Week

There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing a DSB file with Digilent DASYLab. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dasylab
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-57774 HIGH This Week

There is an out of bounds write vulnerability due to improper bounds checking resulting in invalid data when parsing a DSB file with Digilent DASYLab. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dasylab
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-58259 HIGH PATCH This Week

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-9329 HIGH This Week

Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-9328 HIGH This Week

Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-58178 HIGH This Week

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22422 HIGH This Week

In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-8301 HIGH This Week

Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Wi Fi Usb Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-22433 HIGH This Week

In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9330 HIGH This Week

Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-22437 HIGH This Week

In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22434 HIGH This Week

In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49720 HIGH This Week

In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22428 HIGH This Week

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22438 HIGH This Week

In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Privilege Escalation Android +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22418 HIGH This Week

In multiple locations, there is a possible confused deputy due to Intent Redirect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22416 HIGH This Week

In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49730 HIGH This Week

In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9784 HIGH PATCH GHSA This Week

Undertow, a Java web server used across Red Hat's JBoss Enterprise Application Platform, Fuse, and other middleware products, contains a vulnerability that allows attackers to trigger server-side HTTP/2 stream resets without incrementing abuse counters. This 'MadeYouReset' attack enables remote unauthenticated attackers to cause denial of service by repeatedly forcing the server to abort streams and perform unnecessary cleanup work. With an EPSS score of 1.17% (78th percentile), exploitation probability is moderate but rising, and patches have been released across multiple Red Hat product lines as of early 2025.

Denial Of Service Jboss Enterprise Application Platform Expansion Pack Jboss Enterprise Application Platform Fuse Single Sign On +4
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2025-52545 HIGH This Week

E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure E3 Supervisory Controller Firmware
NVD
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-22423 HIGH This Week

In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-9812 HIGH This Week

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-22427 HIGH This Week

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-22439 HIGH This Week

In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-22419 HIGH This Week

In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation XSS Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-22417 HIGH This Week

In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation XSS Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-22442 HIGH This Week

In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2024-40653 HIGH This Month

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-9326 HIGH This Month

Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-9275 HIGH This Month

Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Imaris Viewer
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-9274 HIGH This Month

Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Imaris Viewer
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-8614 HIGH This Month

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation OpenSSL RCE Nomachine
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-8613 HIGH This Month

Vacron Camera ping Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2025-8300 HIGH This Month

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Wi Fi Usb Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2025-8299 HIGH This Month

Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Wi Fi Usb Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2025-7976 HIGH This Month

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Shockline
NVD
CVSS 3.0
7.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy