Skip to main content
CVE-2025-8613 HIGH This Month

Vacron Camera ping Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2025-8300 HIGH This Month

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Wi Fi Usb Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2025-8299 HIGH This Month

Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Wi Fi Usb Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2025-8298 LOW Monitor

Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Wi Fi Usb Driver
NVD
CVSS 3.0
3.8
EPSS
0.0%
CVE-2025-7976 HIGH This Month

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Shockline
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2025-7975 HIGH This Month

Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Shockline
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2025-7974 HIGH This Month

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Rocket Chat
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-6685 HIGH This Month

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Eco Dc
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2025-9189 HIGH This Month

There is an out of bounds write vulnerability due to improper bounds checking resulting in a large destination address when parsing a DSB file with Digilent DASYLab. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dasylab
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-57778 HIGH This Month

There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid source address when parsing a DSB file with Digilent DASYLab. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dasylab
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-36162 MEDIUM Monitor

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Devops Deploy
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-55824 MEDIUM POC This Week

ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write malicious files and execute malicious commands to obtain sensitive data on the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Information Disclosure Mostartcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50565 MEDIUM This Month

Doubo ERP 1.0 has an SQL injection vulnerability due to a lack of filtering of user input, which can be remotely initiated by an attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Doubo Erp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-32100 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Buffer Overflow Information Disclosure Exynos 980 Firmware Exynos 990 Firmware +17
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-32098 MEDIUM This Month

An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Microsoft Privilege Escalation Magician Windows
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-9696 CRITICAL This Week

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-55473 MEDIUM This Month

Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-55472 MEDIUM POC This Week

SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tirreno
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-57613 HIGH POC This Month

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Rust Ffmpeg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55372 MEDIUM This Month

An arbitrary file upload vulnerability in Beakon Application before v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload RCE Beakon
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54599 HIGH POC This Month

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Events And Groups
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-5662 CRITICAL This Week

A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2025-57140 CRITICAL POC Act Now

rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruisibi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-56254 MEDIUM Monitor

PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Employee Leave Management System
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-52549 CRITICAL This Week

E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each boot. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E3 Supervisory Controller Firmware
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2025-52548 MEDIUM This Month

E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure E3 Supervisory Controller Firmware
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-52544 HIGH This Month

E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E3 Supervisory Controller Firmware
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2025-52543 MEDIUM This Month

E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure E3 Supervisory Controller Firmware
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-46810 HIGH PATCH This Month

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root.11.29. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Suse
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-52284 HIGH PATCH This Month

Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-9573 HIGH This Month

The ns_backup extension through 13.0.2 for TYPO3 allows command injection. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-41031 MEDIUM This Month

Lack of authorisation in Deporsite by T-INNOVA. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-41030 MEDIUM This Month

Lack of authorisation in Deporsite by T-INNOVA. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-41690 HIGH This Month

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-9813 HIGH This Month

A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-58421 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58420 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58419 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58418 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58417 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58416 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58415 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58414 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58162 MEDIUM POC PATCH This Week

MobSF is a mobile application security testing tool used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Mobile Security Framework
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy