Skip to main content
CVE-2025-55976 HIGH POC This Week

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iwr 3000N Firmware
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-59049 HIGH POC PATCH This Week

Mockoon provides way to design and run mock APIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2025-54376 HIGH POC PATCH This Week

Unauthenticated remote attackers can stream real-time application logs from Hoverfly API simulation tool (versions ≤1.11.3) via an unprotected WebSocket endpoint at /api/v2/ws/logs, exposing internal file paths, request/response bodies, and other sensitive operational data. Public exploit code exists (EPSS: 0.17%, percentile 38th - indicating low observed exploitation probability despite POC availability). Vendor-released patch available in version 1.12.0. Not listed in CISA KEV, suggesting limited widespread exploitation despite network-accessible attack surface with no authentication barrier.

Information Disclosure
NVD GitHub
CVSS 4.0
7.8
EPSS
0.2%
CVE-2025-57642 HIGH POC This Week

A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP RCE Authentication Bypass Information Disclosure +1
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
2.2%
CVE-2025-56404 HIGH POC This Week

An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Model Context Protocol
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-56405 HIGH POC This Week

An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mcp Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43888 HIGH This Week

Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerprotect Data Manager
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-43885 HIGH This Week

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Powerprotect Data Manager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-50892 HIGH This Week

The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Information Disclosure Eudskacs Sys Driver
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10040 HIGH This Week

The WP Import - Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ftp_details' AJAX action in all. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-10049 HIGH This Week

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelection_image field in all versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-43887 HIGH This Week

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Dell Privilege Escalation Powerprotect Data Manager
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-59052 HIGH PATCH This Month

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Race Condition Red Hat
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-10201 HIGH PATCH This Month

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Android Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-10200 HIGH PATCH This Month

Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8696 HIGH This Month

If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server.0.0 through 2.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57392 HIGH POC This Month

BenimPOS Masaustu 3.0.x is affected by insecure file permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Benimpos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59045 HIGH This Month

Stalwart is a mail and collaboration server. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-59041 HIGH PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Claude Code
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-58764 HIGH PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Claude Code
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-43884 HIGH This Month

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Powerprotect Data Manager
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-43725 HIGH This Month

Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Privilege Escalation Powerprotect Data Manager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20340 HIGH This Month

A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a broadcast storm, leading to a denial of. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-56466 HIGH This Month

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Dietly Android
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-56413 HIGH This Month

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection 1panel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-56407 HIGH This Month

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Utcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-56406 HIGH This Month

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-10231 HIGH This Month

An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation N Central Windows
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-7718 HIGH This Month

The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10225 HIGH This Month

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows allows a remote. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Buffer Overflow Microsoft Axxon One Windows
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-40979 HIGH This Month

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-10215 HIGH This Month

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Updf Windows
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-10214 HIGH This Month

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Updf Windows
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-10213 HIGH This Month

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Updf Windows
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-36759 HIGH This Month

Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-7049 HIGH This Month

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-41714 HIGH This Month

The upload endpoint insufficiently validates the 'Upload-Key' request header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-10001 HIGH This Month

The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
7.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy