Skip to main content
CVE-2025-48703 CRITICAL POC KEV THREAT Emergency

CentOS Web Panel (CWP) allows unauthenticated remote code execution through OS command injection in the filemanager changePerm request's t_total parameter.

Command Injection RCE Webpanel
NVD
CVSS 3.1
9.0
EPSS
59.1%
Threat
6.6
CVE-2025-34192 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Apple Information Disclosure Virtual Appliance Application Virtual Appliance Host +1
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-34203 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Debian Docker PHP Nginx OpenSSL +4
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-34206 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-34199 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 (VA and SaaS deployments) contain insecure defaults and code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-54815 HIGH POC This Week

Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ppress
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-34202 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker RCE Redis Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-34204 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) contains multiple Docker containers that run primary application processes (for example PHP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker PHP Privilege Escalation Node.js Virtual Appliance Application +1
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-34195 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Microsoft Privilege Escalation Virtual Appliance Application +2
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-34197 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ubuntu Privilege Escalation Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-34200 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-34194 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments) contain an insecure temporary-file. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Virtual Appliance Application Virtual Appliance Host Windows
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-34201 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) run many Docker containers on shared internal networks without firewalling or segmentation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Redis Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-34188 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Virtual Appliance Application Virtual Appliance Host macOS
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-57528 HIGH POC This Week

An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-34193 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Microsoft Privilege Escalation Virtual Appliance Application +2
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-34189 MEDIUM POC This Month

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Virtual Appliance Application Virtual Appliance Host macOS
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-57296 MEDIUM POC This Month

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2025-57396 MEDIUM POC This Month

Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Recipes
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-56762 MEDIUM POC This Month

Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting (XSS) in error.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Keops
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-39866 HIGH PATCH CISA Act Now

In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-4980 CRITICAL Act Now

General Bytes Crypto Application Server (CAS) beginning with version 20201208 prior to 20220531.38 (backport) and 20220725.22 (mainline) contains an authentication bypass in the admin web interface. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
1.0%
CVE-2025-59717 MEDIUM POC This Month

In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Node.js Do Markdownit DigitalOcean
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-10647 HIGH This Week

The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_handler_download_pdf_media function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-5955 HIGH This Week

The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-39859 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog The ptp_ocp_detach() only shuts down the watchdog timer if it is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39849 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39863 HIGH PATCH This Week

Use-after-free in the Linux kernel's Broadcom FullMAC Wi-Fi driver (brcmfmac) allows local authenticated attackers with low privileges to achieve code execution, elevate privileges, or cause denial of service through race conditions in the Bluetooth coexistence timer handler. The vulnerability affects multiple kernel versions including 6.17 release candidates, carries a CVSS score of 7.8 (High), and has an EPSS score of 0.02% (4th percentile). Vendor patches are available across stable kernel branches, and no public exploit has been identified at time of analysis.

Use After Free Memory Corruption Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39864 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-free in cmp_bss() Following bss_free() quirk introduced in commit 776b3580178f ("cfg80211: track. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39860 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() syzbot reported the splat below without a repro. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Debian Linux Memory Corruption Use After Free Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39841 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10468 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beyaz Computer CityPlus allows Path Traversal.29375. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-39845 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() Define ARCH_PAGE_TABLE_SYNC_MASK and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Linux Debian Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-9969 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - 593 - Session. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-39839 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-39853 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-8532 MEDIUM This Month

Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. Rated medium severity (CVSS 6.4). No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8664 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-36248 MEDIUM This Month

IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Copy Services Manager
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-10707 LOW POC Monitor

A weakness has been identified in JeecgBoot up to 3.8.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-48007 MEDIUM This Month

Improper Encoding or Escaping of Output vulnerability in Hallo Welt!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bluespice
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-10712 MEDIUM This Month

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831.php/Login/login. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-39857 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() BUG: kernel NULL pointer dereference, address:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39844 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39842 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: ocfs2: prevent release journal inode after journal shutdown Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39838 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39865 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer dereference in tee_shm_put tee_shm_put have NULL pointer dereference: __optee_disable_shm_cache --> shm =. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39848 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39847 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old skb. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39846 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigned. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy