Skip to main content
CVE-2025-9242 CRITICAL POC KEV THREAT Emergency

WatchGuard Fireware OS contains an out-of-bounds write in IKEv2 VPN handling enabling unauthenticated remote code execution on WatchGuard firewalls.

Memory Corruption Buffer Overflow Microsoft RCE Fireware
NVD GitHub
CVSS 4.0
9.3
EPSS
69.0%
Threat
6.9
CVE-2025-59304 CRITICAL POC Act Now

A directory traversal issue in Swetrix Web Analytics API 3.1.1 before 7d8b972 allows a remote attacker to achieve Remote Code Execution via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Swetrix
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2025-10156 CRITICAL POC PATCH GHSA Act Now

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Picklescan
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-59341 HIGH POC PATCH This Week

esm.sh is a nobuild content delivery network(CDN) for modern web development. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-59353 HIGH POC PATCH This Week

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dragonfly Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-10597 MEDIUM POC This Month

A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Courseselectionsystem
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-57055 MEDIUM POC This Month

WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in the custom module installation functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Wondercms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-56648 MEDIUM POC PATCH This Month

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Node.js Parcel Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-9862 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.0.0 through 6.0.8, from 5.99.0 through 5.130.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Ghost
NVD GitHub
CVSS 4.0
6.1
EPSS
0.0%
CVE-2025-10439 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yordam Informatics Yordam Library Automation System allows SQL Injection.5 & 21.6 before 21.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-59342 MEDIUM POC PATCH This Month

esm.sh is a nobuild content delivery network(CDN) for modern web development. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Suse
NVD GitHub Exploit-DB
CVSS 4.0
5.5
EPSS
1.2%
CVE-2025-10600 MEDIUM POC This Month

A flaw has been found in SourceCodester Online Exam Form Submission 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-10599 MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10604 MEDIUM POC This Month

A vulnerability was identified in PHPGurukul Online Discussion Forum 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10624 MEDIUM POC This Month

A security flaw has been discovered in PHPGurukul User Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10623 MEDIUM POC This Month

A vulnerability was identified in SourceCodester Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10621 MEDIUM POC This Month

A vulnerability was determined in SourceCodester Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10601 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10598 MEDIUM POC This Month

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10596 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10603 MEDIUM POC This Month

A vulnerability was determined in PHPGurukul Online Discussion Forum 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-59474 MEDIUM POC PATCH This Month

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-58432 MEDIUM POC This Month

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Privilege Escalation Zimaos
NVD GitHub
CVSS 4.0
5.2
EPSS
0.0%
CVE-2025-58431 MEDIUM POC This Month

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zimaos
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-59458 HIGH This Week

In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection RCE Junie
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-59518 HIGH This Week

In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Red Hat
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-55904 MEDIUM POC PATCH This Month

Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP body is sent to the. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Open5gs
NVD GitHub
CVSS 3.1
4.0
EPSS
0.1%
CVE-2022-50368 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53363 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free in pci_bus_release_domain_nr() Commit c14f7ccc9f5d ("PCI: Assign PCI domain IDs by ida_alloc()") introduced. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53338 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: lwt: Fix return values of BPF xmit ops BPF encap ops can return different types of positive values, such like NET_RX_DROP,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50367 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53340 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Collect command failures data only for known commands DEVX can issue a general command, which is not used by mlx5 driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59345 HIGH PATCH This Week

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dragonfly Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-40933 HIGH This Week

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-48842 HIGH This Week

Use of Hard-coded Credentials vulnerability in ABB FLXEON.3.5 and newer versions. Rated high severity (CVSS 7.3). No vendor patch available.

Authentication Bypass Abb
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-59416 HIGH This Week

The Scratch Channel is a news website. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-59414 LOW POC PATCH Monitor

Nuxt is an open-source web development framework for Vue.js. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Path Traversal Nuxt
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-8411 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers.08.2025. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2023-53357 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: md/raid10: check slab-out-of-bounds in md_bitmap_get_counter If we write a large number to md/bitmap_set_bits,. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Information Disclosure Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2022-50366 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue When value < time_unit, the parameter of ilog2() will be zero and the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Information Disclosure Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2023-53358 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue under cocurrent smb2 tree disconnect There is UAF issue under cocurrent smb2 tree disconnect. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-35432 MEDIUM PATCH This Month

CISA Thorium does not rate limit requests to send account verification email messages. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Thorium
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-35436 MEDIUM PATCH This Month

CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Thorium
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-55075 MEDIUM This Month

Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-23337 MEDIUM This Month

NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Information Disclosure
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-9818 MEDIUM This Month

A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-10616 LOW POC Monitor

A security flaw has been discovered in itsourcecode E-Commerce Website 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10615 LOW POC Monitor

A vulnerability was identified in itsourcecode E-Commerce Website 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10608 LOW POC Monitor

A vulnerability was detected in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10606 LOW POC Monitor

A weakness has been identified in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy