Skip to main content
CVE-2025-10585 CRITICAL KEV PATCH THREAT Act Now

Google Chrome V8 JavaScript engine contains a type confusion vulnerability enabling heap corruption through crafted HTML pages, exploited in the wild in June 2025.

Memory Corruption Google Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-20352 HIGH KEV THREAT CERT-EU Act Now

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Stack Overflow Buffer Overflow Apple RCE Denial Of Service +3
NVD
CVSS 3.1
7.7
EPSS
2.0%
CVE-2025-56819 CRITICAL POC Act Now

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Datart
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2025-57347 CRITICAL POC Act Now

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Prototype Pollution Node.js Dagre D3 Es
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-57321 CRITICAL POC Act Now

A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 allows attackers to inject properties on Object.prototype via supplying a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Magix Combine Ex
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-56816 HIGH POC This Week

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Path Traversal Datart
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2025-57350 HIGH POC PATCH This Week

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Csvtojson Red Hat
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2025-59525 HIGH POC This Week

Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Horilla
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-56241 HIGH POC This Week

Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versions allows unauthenticated attackers to change the administrator password via a crafted POST request to sysAccess.asp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-57318 HIGH POC This Week

A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Csvjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57327 HIGH POC This Week

spmrc is a package that provides the rc manager for spm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Spmrc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57326 HIGH POC This Week

A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Sassdoc Extras
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57325 HIGH POC PATCH This Week

rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Rollbar
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57323 HIGH POC This Week

mpregular is a package that provides a small program development framework based on RegularJS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Mpregular
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57330 HIGH POC This Week

The web3-core-subscriptions is a package designed to manages web3 subscriptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Web3 Core Subscriptions
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57319 HIGH POC This Week

fast-redact is a package that provides do very fast object redaction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-48868 HIGH POC PATCH This Week

Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python RCE Code Injection Horilla
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2025-10906 HIGH POC This Week

Missing authentication in Magnetism Studios Endurance macOS app (versions up to 3.3.0) allows local unprivileged attackers to execute code with elevated privileges via the com.MagnetismStudios.endurance.helper NSXPC service. The loadModuleNamed:WithReply function in the LaunchServices helper lacks proper authentication checks, enabling local privilege escalation. Publicly available exploit code exists (GitHub POC published), but EPSS probability remains low at 0.03% (7th percentile), indicating limited real-world exploitation to date. Not listed in CISA KEV, suggesting targeted proof-of-concept activity rather than widespread attacks.

Authentication Bypass Apple
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-56815 HIGH POC This Week

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Datart
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-57354 MEDIUM POC This Month

A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Prototype Pollution Node.js
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-57351 MEDIUM POC This Month

A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Prototype Pollution
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-57348 MEDIUM POC This Month

The node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Prototype Pollution Node Cube
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-57324 MEDIUM POC PATCH This Month

parse is a package designed to parse JavaScript SDK. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Parse Javascript Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-9054 CRITICAL Act Now

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-57352 MEDIUM POC PATCH This Month

A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Prototype Pollution Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-10501 HIGH PATCH This Week

Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48867 MEDIUM POC This Month

Horilla is a free and open source Human Resource Management System (HRMS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Horilla
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-59343 HIGH PATCH This Week

tar-fs provides filesystem bindings for tar-stream. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Red Hat Suse
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-54520 HIGH This Week

Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-39889 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C PTS test case:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-23349 HIGH This Week

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Megatron Lm
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59828 HIGH PATCH This Week

Claude Code is an agentic coding tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Claude Code
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-47318 HIGH This Week

Transient DOS while parsing the EPTM test control message to get the test pattern. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware Ar8031 Firmware +198
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52907 HIGH This Week

Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.4.0cu.1360_B20241207. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
CVSS 4.0
7.3
EPSS
0.4%
CVE-2025-9031 MEDIUM This Month

Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-23338 LOW Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Nvidia Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23271 LOW Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Nvidia Information Disclosure Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23255 LOW Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Nvidia Information Disclosure Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23248 LOW Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Nvidia Information Disclosure Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-10909 LOW Monitor

A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-59824 LOW PATCH Monitor

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Rated low severity (CVSS 0.5), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Kubernetes Omni
NVD GitHub
CVSS 4.0
0.5
EPSS
0.0%
CVE-2025-10894 CRITICAL MAL This Week

Malicious code was inserted into the Nx (build system) package and several related plugins. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Red Hat
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-59833 HIGH This Month

Flag Forge is a Capture The Flag (CTF) platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flagforge
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59827 CRITICAL This Week

Flag Forge is a Capture The Flag (CTF) platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Flagforge
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-57320 MEDIUM POC This Week

json-schema-editor-visual is a package that provides jsonschema editor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Json Schema Editor Visual
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-57329 HIGH POC This Month

web3-core-method is a package designed to creates the methods on the web3 modules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Web3 Core Method
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57328 HIGH POC This Month

toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Toggle Array
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59251 HIGH This Month

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Google Microsoft RCE +2
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-57349 HIGH PATCH This Month

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Prototype Pollution Messageformat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-55322 HIGH This Month

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Omniparser
NVD
CVSS 3.1
7.3
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy