Skip to main content
CVE-2025-58437 HIGH POC PATCH This Week

Coder allows organizations to provision remote development environments via Terraform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Hashicorp Information Disclosure Coder Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2023-31322 HIGH This Week

Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or write. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-9961 HIGH This Week

An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2021-26383 HIGH This Week

Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Amd Buffer Overflow
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2025-7366 HIGH This Week

The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE Code Injection PHP
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-9515 HIGH This Week

The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2023-31325 HIGH This Week

Improper isolation of shared resources on System-on-a-chip (SOC) could a privileged attacker to tamper with the contents of the PSP reserved DRAM region potentially resulting in loss of. Rated high severity (CVSS 7.2). No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-0032 HIGH This Month

Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86. Rated high severity (CVSS 7.2). No vendor patch available.

Amd Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2024-36354 HIGH This Month

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of. Rated high severity (CVSS 7.5). No vendor patch available.

RCE
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-36352 HIGH This Month

Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Amd
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-36342 HIGH This Month

Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-36326 HIGH This Month

Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Amd
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-21947 HIGH This Month

Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level. Rated high severity (CVSS 7.5). No vendor patch available.

RCE
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-10034 HIGH POC This Month

A vulnerability was found in D-Link DIR-825 1.08.01. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 825 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-7040 HIGH This Month

The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions(). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress CSRF PHP
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-58374 HIGH This Month

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Node.js Roo Code
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58439 HIGH This Month

ERP is a free and open source Enterprise Resource Planning tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Erpnext
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy