Skip to main content
CVE-2025-54258 HIGH This Month

Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Substance 3d Modeler
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49459 HIGH This Month

Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10171 HIGH POC This Month

A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow 1250Gw Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-59037 HIGH PATCH MAL This Month

DuckDB is an analytical in-process SQL database management system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Red Hat
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-58765 HIGH PATCH This Month

wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-58763 HIGH POC This Week

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Python Command Injection RCE Tautulli
NVD GitHub
CVSS 3.1
8.0
EPSS
0.4%
CVE-2025-54245 HIGH This Month

Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Substance 3d Viewer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54243 HIGH This Month

Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Substance 3d Viewer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54084 HIGH This Month

OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2025-43491 HIGH This Month

A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Poly Lens Desktop Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-23344 HIGH This Month

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to run code on the platform host as a non-privileged user. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Nvidia RCE Denial Of Service Information Disclosure +1
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-23343 HIGH This Month

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to write files to restricted components. Rated high severity (CVSS 7.6). No vendor patch available.

Denial Of Service Nvidia Path Traversal Information Disclosure Nvdebug
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-58761 HIGH POC PATCH This Week

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Tautulli
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-58180 HIGH POC PATCH This Month

OctoPrint provides a web interface for controlling consumer 3D printers. Rated high severity (CVSS 7.5), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Octoprint
NVD GitHub Exploit-DB
CVSS 4.0
7.5
EPSS
1.0%
CVE-2025-58063 HIGH PATCH This Month

CoreDNS is a DNS server that chains plugins. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-54257 HIGH This Month

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-53914 HIGH This Month

Excessive Privileges vulnerability in Calix GigaCenter ONT (Broadcom SoC modules) allows Privilege Abuse. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Broadcom Privilege Escalation
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-53913 HIGH This Month

Excessive Privileges vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows Privilege Abuse. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-57278 HIGH POC This Week

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handling. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bl Cpe300M Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-57060 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55047 HIGH This Month

CWE-798 Use of Hard-coded Credentials. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-54256 HIGH This Month

Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Dreamweaver
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-54242 HIGH This Month

Premiere Pro versions 25.3, 24.6.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Premiere Pro
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-29089 HIGH This Month

An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-10199 HIGH This Month

A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sunshine Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10198 HIGH This Month

Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sunshine Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-57087 HIGH POC This Month

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57072 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the staticRouteGateway parameter in the formSetStaticRoute function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57071 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57070 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the gstUp parameter in the guestWifiRuleRefresh function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57069 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pPppUser parameter in the getsinglepppuser function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57064 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the bindDhcpIndex parameter in the modifyDhcpRule function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57063 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57062 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57061 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formIPMacBindModify function via the ruleId, ip, mac, v6 and remark parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57059 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the dhcpIndex parameter in the addDhcpRule function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57058 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57057 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the listStr parameter in the ipMacBindListStore function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55317 HIGH This Month

Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Autoupdate
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-55316 HIGH This Month

External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Connected Machine Agent
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-55245 HIGH This Month

Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xbox Gaming Services
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-55243 HIGH This Month

Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Officeplus
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55236 HIGH This Month

Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +7
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-55234 HIGH This Month

SMB Server might be susceptible to relay attacks depending on the configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-55228 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-55227 HIGH This Month

Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sql Server 2016 Sql Server 2017 Sql Server 2019 Sql Server 2022
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-55224 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-55223 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Race Condition Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54919 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-54918 HIGH This Month

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.8
EPSS
0.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy