Skip to main content
CVE-2025-54123 CRITICAL POC PATCH THREAT Act Now

Hoverfly API simulation tool version 1.11.3 and prior contains a command injection vulnerability in the middleware management endpoint /api/v2/hoverfly/middleware. Insufficient validation of user input allows authenticated attackers to execute arbitrary commands on the Hoverfly server.

RCE Command Injection Hoverfly Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
60.2%
Threat
5.3
CVE-2025-55976 HIGH POC This Week

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iwr 3000N Firmware
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-59049 HIGH POC PATCH This Week

Mockoon provides way to design and run mock APIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2025-54376 HIGH POC PATCH This Week

Unauthenticated remote attackers can stream real-time application logs from Hoverfly API simulation tool (versions ≤1.11.3) via an unprotected WebSocket endpoint at /api/v2/ws/logs, exposing internal file paths, request/response bodies, and other sensitive operational data. Public exploit code exists (EPSS: 0.17%, percentile 38th - indicating low observed exploitation probability despite POC availability). Vendor-released patch available in version 1.12.0. Not listed in CISA KEV, suggesting limited widespread exploitation despite network-accessible attack surface with no authentication barrier.

Information Disclosure
NVD GitHub
CVSS 4.0
7.8
EPSS
0.2%
CVE-2025-57642 HIGH POC This Week

A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP RCE Authentication Bypass Information Disclosure +1
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
2.2%
CVE-2025-56404 HIGH POC This Week

An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Model Context Protocol
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-56405 HIGH POC This Week

An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mcp Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57520 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability exists in Decap CMS thru 3.8.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Decap Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-43888 HIGH This Week

Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerprotect Data Manager
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-43885 HIGH This Week

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Powerprotect Data Manager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-50892 HIGH This Week

The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Information Disclosure Eudskacs Sys Driver
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10040 HIGH This Week

The WP Import - Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ftp_details' AJAX action in all. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-10049 HIGH This Week

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelection_image field in all versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-10211 LOW POC Monitor

A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
5.1%
CVE-2025-43887 HIGH This Week

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Dell Privilege Escalation Powerprotect Data Manager
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2024-47120 MEDIUM This Month

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with. Rated medium severity (CVSS 6.4). No vendor patch available.

IBM Privilege Escalation Security Verify Information Queue
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-9714 MEDIUM PATCH CISA This Month

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-10210 LOW POC Monitor

A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.5%
CVE-2025-10197 LOW POC Monitor

A vulnerability was found in HJSoft HCM Human Resources Management System up to 20250822. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2024-45671 MEDIUM This Month

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Verify Information Queue
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-57573 MEDIUM This Month

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Tenda F3 Firmware
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-57572 MEDIUM This Month

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Tenda F3 Firmware
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-57571 MEDIUM This Month

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Tenda F3 Firmware
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-57570 MEDIUM This Month

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Tenda F3 Firmware
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-57569 MEDIUM This Month

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Tenda F3 Firmware
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-8681 MEDIUM This Month

Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43886 MEDIUM This Month

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Path Traversal Powerprotect Data Manager
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-9979 MEDIUM This Month

The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-10233 LOW Monitor

A security vulnerability has been detected in kalcaddle kodbox 1.61. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-10232 LOW Monitor

A weakness has been identified in 299ko up to 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-10209 LOW Monitor

A security flaw has been discovered in Papermerge DMS up to 3.5.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10229 LOW Monitor

A vulnerability has been found in Freshwork up to 1.2.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10218 LOW Monitor

A flaw has been found in lostvip-com ruoyi-go 2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10195 LOW Monitor

A vulnerability has been found in Seismic App 2.4.2 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-10216 LOW Monitor

A vulnerability was detected in GrandNode up to 2.3.0. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Race Condition
NVD VulDB
CVSS 4.0
1.2
EPSS
0.0%
CVE-2025-59052 HIGH PATCH This Month

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Race Condition Red Hat
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-43783 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2024-45669 MEDIUM This Month

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote user to cause a denial of service due to improper handling of special characters that could lead to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Security Verify Information Queue
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43784 MEDIUM PATCH This Month

Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.2
EPSS
0.0%
CVE-2025-10201 HIGH PATCH This Month

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Android Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-10200 HIGH PATCH This Month

Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8696 HIGH This Month

If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server.0.0 through 2.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57392 HIGH POC This Month

BenimPOS Masaustu 3.0.x is affected by insecure file permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Benimpos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43785 MEDIUM PATCH Monitor

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-59045 HIGH This Month

Stalwart is a mail and collaboration server. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-59041 HIGH PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Claude Code
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-59035 MEDIUM PATCH Monitor

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Indico
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-59034 MEDIUM PATCH Monitor

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Python Indico
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58764 HIGH PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Claude Code
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-43938 MEDIUM This Month

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. Rated medium severity (CVSS 5.0). No vendor patch available.

Dell Authentication Bypass Powerprotect Data Manager
NVD
CVSS 3.1
5.0
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy