Skip to main content
CVE-2025-35042 CRITICAL This Week

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Acropolis
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-35041 HIGH This Month

Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Acropolis
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-59797 MEDIUM This Month

Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the user-management page, and the plane page. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-10854 HIGH This Month

The txtai framework allows the loading of compressed tar files as embedding indices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-9983 HIGH This Month

GALAYOU G2 cameras stream video output via RTSP streams. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-46711 MEDIUM This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Ddk
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-25177 MEDIUM This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-10009 HIGH This Month

Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload RCE
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-9541 MEDIUM Monitor

The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD WPScan
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-9487 MEDIUM Monitor

The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP XSS
NVD WPScan
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-9115 MEDIUM This Month

The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress XSS PHP
NVD WPScan
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-59801 MEDIUM PATCH Monitor

In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-59798 MEDIUM PATCH Monitor

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Stack Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-10778 LOW Monitor

A vulnerability has been found in Smartstore up to 6.2.0. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Race Condition
NVD VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-10773 HIGH POC This Month

A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bl Ac2100 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-10772 MEDIUM This Month

A vulnerability was identified in huggingface LeRobot up to 0.3.3. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
Prev Page 9 of 9

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy