Skip to main content
CVE-2025-10823 LOW POC Monitor

A vulnerability was found in axboe fio up to 3.41. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-10824 LOW POC Monitor

A vulnerability was determined in axboe fio up to 3.41. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8410 MEDIUM This Month

Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.5.0 before 7.6.0. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Connext Professional
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-39872 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsr_get_port_ndev hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-4582 MEDIUM This Month

Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2017-20200 LOW Monitor

A vulnerability has been found in Coinomi up to 1.7.6. Rated low severity (CVSS 2.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-10846 LOW Monitor

A vulnerability was determined in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10845 LOW Monitor

A vulnerability was found in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10844 LOW Monitor

A vulnerability has been found in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10837 LOW Monitor

A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-58473 HIGH This Month

An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-57882 HIGH This Month

An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-55069 HIGH This Month

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-55038 HIGH This Month

An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.6
EPSS
0.0%
CVE-2025-59484 HIGH This Month

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-58069 MEDIUM This Month

The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-54855 MEDIUM Monitor

Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
4.1
EPSS
0.0%
CVE-2024-21935 MEDIUM This Month

Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2024-21927 MEDIUM This Month

Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-59826 HIGH This Month

Flag Forge is a Capture The Flag (CTF) platform. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Flagforge
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-58354 MEDIUM This Month

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-56311 MEDIUM This Month

In Shenzhen C-Data Technology Co. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service CSRF
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59825 MEDIUM PATCH This Month

astral-tokio-tar is a tar archive reading/writing library for async Rust. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Red Hat
NVD GitHub
CVSS 4.0
6.1
EPSS
0.0%
CVE-2025-57636 MEDIUM POC This Week

OS Command injection vulnerability in D-Link C1 2020-02-21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Di 7100G Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2025-59822 MEDIUM POC PATCH This Month

Http4s is a Scala interface for HTTP services. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Request Smuggling Http4S
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-56146 MEDIUM This Month

Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-45326 MEDIUM POC PATCH This Week

An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submit_size.php component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Pocketvj Control Panel Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-9197 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59821 MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59548 MEDIUM This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-59547 MEDIUM This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Dotnetnuke
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-59546 LOW PATCH Monitor

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-59545 CRITICAL PATCH This Week

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-59539 MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-56394 HIGH POC This Month

Free5gc 4.0.1 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52905 HIGH This Month

Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.4.0cu.1360_B20241207. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure X6000r Firmware TOTOLINK
NVD GitHub
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-29084 MEDIUM POC This Week

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE SQLi Csz Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1255 HIGH This Month

Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Connext Professional
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-0672 LOW Monitor

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Identity Server Identity Server As Key Manager Open Banking Iam
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-0209 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Identity Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-0663 MEDIUM This Month

A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Identity Server Identity Server As Key Manager Open Banking Iam
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-6429 MEDIUM PATCH Monitor

A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Api Manager Identity Server
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-5717 MEDIUM This Month

An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Java Api Control Plane Api Manager +2
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2025-57407 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gp247
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-4760 MEDIUM PATCH Monitor

An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Api Control Plane Api Manager Traffic Manager Universal Gateway
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-9844 HIGH This Month

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.106.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8354 HIGH This Month

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-6921 HIGH POC PATCH This Month

The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-10244 HIGH This Month

A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Fusion
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2024-4598 MEDIUM This Month

An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Micro Integrator
NVD
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy