Skip to main content
CVE-2025-58754 HIGH POC PATCH MAL This Week

Axios is a promise based HTTP client for the browser and Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Node.js Axios Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-45432 HIGH POC This Week

OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Blue Sdk
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-45586 HIGH POC This Week

An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files via supplying a crafted PUT request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Universal Traffic Recorder Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9086 HIGH POC PATCH CISA This Week

1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-10265 HIGH This Week

Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-7448 HIGH This Week

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle (MitM) attack. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-57577 HIGH This Week

An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the default password. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD GitHub
CVSS 3.1
8.0
EPSS
0.2%
CVE-2025-39797 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI Netlink message, which triggers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27240 HIGH This Week

A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zabbix
NVD
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-43796 HIGH PATCH This Week

Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-10176 HIGH This Month

The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the prepare_items function in all versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal RCE
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2025-45587 HIGH POC This Month

A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow Universal Traffic Recorder Firmware
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-45584 HIGH POC This Month

Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Universal Traffic Recorder Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-4235 HIGH This Month

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Information Disclosure Windows
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-57579 HIGH POC This Week

An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default password. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE X2000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2025-57578 HIGH This Month

An issue in H3C Magic M Device M2V100R006 allows a remote attacker to execute arbitrary code via the default password. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-39796 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: lapbether: ignore ops-locked netdevs Syzkaller managed to trigger lock dependency in xsk_notify via register_netdevice. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39793 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: io_uring/memmap: cast nr_pages to size_t before shifting If the allocated size exceeds UINT_MAX, then it's necessary to cast the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59054 HIGH This Month

dstack is a software development kit (SDK) to simplify the deployment of arbitrary containerized apps into trusted execution environments. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-6638 HIGH POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers Hugging Face AI / ML Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-27234 HIGH This Month

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-21043 HIGH KEV THREAT Act Now

Samsung libimagecodec.quram.so contains a second out-of-bounds write in the image codec library, a separate vulnerability from CVE-2025-21042 affecting Samsung devices.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2025-21042 HIGH KEV THREAT Act Now

Samsung libimagecodec.quram.so contains an out-of-bounds write allowing remote code execution through crafted image files on Samsung Android devices.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2025-8575 HIGH This Month

The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'lws_cl_delete_file' function in all versions up to, and including,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2025-6454 HIGH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-2256 HIGH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-10269 HIGH This Month

The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress LFI PHP RCE Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9807 HIGH This Month

The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due to insufficient escaping on the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55319 HIGH This Month

Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Visual Studio Code
NVD
CVSS 3.1
8.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy