Skip to main content
CVE-2025-7987 HIGH This Month

Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Graphite
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-7986 HIGH This Month

Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Graphite
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-7985 HIGH This Month

Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow Cobalt
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-7984 HIGH This Month

Ashlar-Vellum Cobalt AR File Parsing Uninitialized Variable Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cobalt
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-7983 HIGH This Month

Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Graphite
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-7982 HIGH This Month

Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow Cobalt
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-7981 HIGH This Month

Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Graphite
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-7980 HIGH This Month

Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Graphite
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-7979 HIGH This Month

Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Graphite
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-7978 HIGH This Month

Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Graphite
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-7977 HIGH This Month

Ashlar-Vellum Cobalt LI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Cobalt
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-10644 CRITICAL This Week

Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Repairit
NVD
CVSS 3.0
9.4
EPSS
1.9%
CVE-2025-10643 CRITICAL This Week

Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Repairit
NVD
CVSS 3.0
9.1
EPSS
0.4%
CVE-2025-59354 MEDIUM PATCH This Month

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dragonfly Suse
NVD GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-59352 MEDIUM PATCH This Month

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Dragonfly Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.8%
CVE-2025-59351 LOW PATCH Monitor

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Dragonfly
NVD GitHub
CVSS 4.0
2.7
EPSS
0.1%
CVE-2025-59350 LOW PATCH Monitor

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dragonfly
NVD GitHub
CVSS 4.0
2.7
EPSS
0.1%
CVE-2025-59349 LOW PATCH Monitor

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated low severity (CVSS 2.0), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Dragonfly
NVD GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-59348 MEDIUM PATCH This Month

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dragonfly Suse
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-59347 LOW PATCH Monitor

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dragonfly
NVD GitHub
CVSS 4.0
2.7
EPSS
0.0%
CVE-2025-59346 MEDIUM PATCH This Month

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Dragonfly Suse
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-59340 CRITICAL PATCH This Week

jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python RCE Ssti Jinjava
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-37122 MEDIUM This Month

A vulnerability in the web-based management interface of network access control services could allow an unauthenticated remote attacker to conduct a Reflected Cross-Site Scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59339 MEDIUM Monitor

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-58767 LOW PATCH Monitor

REXML is an XML toolkit for Ruby. Rated low severity (CVSS 1.2), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rexml
NVD GitHub
CVSS 4.0
1.2
EPSS
0.0%
CVE-2025-58766 CRITICAL This Week

Dyad is a local AI app builder. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker RCE Code Injection
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-35431 MEDIUM PATCH This Month

CISA Thorium does not escape user controlled strings used in LDAP queries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

LDAP Code Injection Information Disclosure Thorium
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-35430 MEDIUM This Month

CISA Thorium does not adequately validate the paths of downloaded files via 'download_ephemeral' and 'download_children'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Thorium
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-54390 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration (ZCS) when the zimbraFeatureResetPasswordStatus attribute is enabled. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-10205 HIGH This Month

Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Abb
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-59476 MEDIUM PATCH This Month

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-59475 MEDIUM PATCH Monitor

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-50709 MEDIUM Monitor

An issue in Perplexity AI GPT-4 allows a remote attacker to obtain sensitive information via a GET parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-8077 CRITICAL PATCH GHSA This Week

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-54467 MEDIUM PATCH This Month

When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53884 MEDIUM PATCH This Month

NeuVector stores user passwords and API keys using a simple, unsalted hash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-10157 CRITICAL POC PATCH GHSA Act Now

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Picklescan
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-10155 CRITICAL POC PATCH GHSA Act Now

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Picklescan Pytorch AI / ML
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-59457 HIGH This Month

In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Teamcity Windows
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-59456 MEDIUM This Month

In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Teamcity
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-59455 MEDIUM Monitor

In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Race Condition Teamcity
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-9972 CRITICAL This Week

Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-9971 CRITICAL This Week

Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-9565 MEDIUM This Month

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocksy_newsletter_subscribe shortcode in all versions up to, and including, 2.1.10 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-9450 HIGH This Month

A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9449 HIGH This Month

A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9447 HIGH This Month

An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9216 HIGH This Month

The StoreEngine - Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-9215 MEDIUM This Month

The StoreEngine - Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-9203 MEDIUM This Month

The Media Player Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtitle_ssize', 'track_title', and 'track_artist_name' parameters in version 1.0.5. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy