Skip to main content
CVE-2025-58756 HIGH POC PATCH GHSA This Week

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Medical Open Network For Ai
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2025-58755 HIGH POC PATCH GHSA This Week

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Medical Open Network For Ai
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7635 HIGH POC This Week

Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Calix Gigacenter Ont
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-58760 HIGH POC PATCH This Week

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Tautulli
NVD GitHub
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-58430 HIGH POC PATCH This Week

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Listmonk Suse
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-52322 HIGH POC This Week

An issue in Open5GS v2.7.2 and before allows a remote attacker to cause a denial of service via a crafted Create Session Request message to the SMF (PGW-C), using the IP address of a legitimate UE in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-57086 HIGH POC This Week

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57078 HIGH POC This Week

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pppoeServerWhiteMacIndex parameter in the formModifyPppAuthWhiteMac function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-10169 HIGH POC This Week

A weakness has been identified in UTT 1200GW up to 3.0.0-170831. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow 1200Gw Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-10170 HIGH POC This Week

A security vulnerability has been detected in UTT 1200GW up to 3.0.0-170831. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow 1200Gw Firmware
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-53303 HIGH This Week

Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove Core allows Object Injection.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54113 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48101 HIGH This Week

Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54110 HIGH This Week

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-40798 HIGH This Week

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions <. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-40797 HIGH This Week

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions <. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-40796 HIGH This Week

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions <. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-58750 HIGH PATCH This Week

rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Rathena
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-23342 HIGH This Week

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a privileged account . Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Information Disclosure Nvdebug
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-33045 HIGH This Week

APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aptio V
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-54709 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala.1.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-58215 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston allows PHP Local File Inclusion. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-54091 HIGH This Week

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54098 HIGH This Week

Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54092 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54111 HIGH This Week

Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54244 HIGH This Week

Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Substance 3d Viewer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59008 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PressTigers ZIP Code Based Content Protection allows SQL Injection.0.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-58993 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.7.4. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-53805 HIGH This Week

Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 11 22h2 Windows 11 23h2 +5
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47695 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO.4.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47571 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder.9.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-32689 HIGH This Week

Improper Validation of Specified Quantity in Input vulnerability in ThemesGrove WP SmartPay.7.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54116 HIGH This Week

Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-9951 HIGH PATCH This Week

A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. No vendor patch available.

Heap Overflow Denial Of Service Buffer Overflow RCE Suse
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.3%
CVE-2025-49430 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate Video Player allows Server Side Request Forgery.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-47694 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solwin Blog Designer PRO.4.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-47570 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in villatheme WooCommerce Photo Reviews.3.13. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-58991 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS.7.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-54115 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-54112 HIGH This Week

Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-54099 HIGH This Week

Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Microsoft Stack Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-54093 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54114 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1607 Windows 10 21h2 +9
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53807 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-59042 HIGH PATCH This Week

PyInstaller bundles a Python application and all its dependencies into a single package. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Microsoft Python Privilege Escalation +2
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-59038 HIGH PATCH MAL This Month

Prebid.js is a free and open source library for publishers to quickly implement header bidding. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-10172 HIGH POC This Month

A flaw has been found in UTT 750W up to 3.2.2-191225. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow 750w Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-54260 HIGH This Month

Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Substance 3d Modeler
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54259 HIGH This Month

Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow Substance 3d Modeler
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy