Skip to main content
CVE-2025-59420 HIGH POC PATCH This Month

Authlib is a Python library which builds OAuth and OpenID Connect servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Privilege Escalation Authlib Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-43953 HIGH This Month

In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-59335 HIGH POC PATCH This Month

CubeCart is an ecommerce software solution. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Cubecart
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-57605 HIGH This Month

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-36202 HIGH This Month

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Webmethods Integration
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-35041 HIGH This Month

Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Acropolis
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-10854 HIGH This Month

The txtai framework allows the loading of compressed tar files as embedding indices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-9983 HIGH This Month

GALAYOU G2 cameras stream video output via RTSP streams. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-10009 HIGH This Month

Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload RCE
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-10773 HIGH POC This Month

A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bl Ac2100 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy