Skip to main content
CVE-2025-20352 HIGH KEV THREAT CERT-EU Act Now

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Stack Overflow Buffer Overflow Apple RCE Denial Of Service +3
NVD
CVSS 3.1
7.7
EPSS
2.0%
CVE-2025-56816 HIGH POC This Week

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Path Traversal Datart
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2025-57350 HIGH POC PATCH This Week

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Csvtojson Red Hat
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2025-59525 HIGH POC This Week

Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Horilla
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-56241 HIGH POC This Week

Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versions allows unauthenticated attackers to change the administrator password via a crafted POST request to sysAccess.asp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-57318 HIGH POC This Week

A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Csvjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57327 HIGH POC This Week

spmrc is a package that provides the rc manager for spm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Spmrc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57326 HIGH POC This Week

A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Sassdoc Extras
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57325 HIGH POC PATCH This Week

rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Rollbar
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57323 HIGH POC This Week

mpregular is a package that provides a small program development framework based on RegularJS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Mpregular
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57330 HIGH POC This Week

The web3-core-subscriptions is a package designed to manages web3 subscriptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Web3 Core Subscriptions
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57319 HIGH POC This Week

fast-redact is a package that provides do very fast object redaction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-48868 HIGH POC PATCH This Week

Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python RCE Code Injection Horilla
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2025-10906 HIGH POC This Week

Missing authentication in Magnetism Studios Endurance macOS app (versions up to 3.3.0) allows local unprivileged attackers to execute code with elevated privileges via the com.MagnetismStudios.endurance.helper NSXPC service. The loadModuleNamed:WithReply function in the LaunchServices helper lacks proper authentication checks, enabling local privilege escalation. Publicly available exploit code exists (GitHub POC published), but EPSS probability remains low at 0.03% (7th percentile), indicating limited real-world exploitation to date. Not listed in CISA KEV, suggesting targeted proof-of-concept activity rather than widespread attacks.

Authentication Bypass Apple
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-56815 HIGH POC This Week

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Datart
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-10501 HIGH PATCH This Week

Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-59343 HIGH PATCH This Week

tar-fs provides filesystem bindings for tar-stream. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Red Hat Suse
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-54520 HIGH This Week

Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-39889 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C PTS test case:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-23349 HIGH This Week

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Megatron Lm
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59828 HIGH PATCH This Week

Claude Code is an agentic coding tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Claude Code
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-47318 HIGH This Week

Transient DOS while parsing the EPTM test control message to get the test pattern. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware Ar8031 Firmware +198
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52907 HIGH This Week

Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.4.0cu.1360_B20241207. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
CVSS 4.0
7.3
EPSS
0.4%
CVE-2025-59833 HIGH This Month

Flag Forge is a Capture The Flag (CTF) platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flagforge
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57329 HIGH POC This Month

web3-core-method is a package designed to creates the methods on the web3 modules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Web3 Core Method
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57328 HIGH POC This Month

toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Toggle Array
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59251 HIGH This Month

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Google Microsoft RCE +2
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-57349 HIGH PATCH This Month

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Prototype Pollution Messageformat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-55322 HIGH This Month

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Omniparser
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-59524 HIGH POC This Month

Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Horilla
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-59305 HIGH POC This Month

Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Langfuse
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-48869 HIGH POC This Month

Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Horilla
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-20327 HIGH This Month

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-20315 HIGH This Month

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20312 HIGH This Month

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-20311 HIGH This Month

A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-20160 HIGH This Month

A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cisco Apple Information Disclosure
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-20334 HIGH This Month

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Apple
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10892 HIGH PATCH This Month

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10891 HIGH PATCH This Month

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10502 HIGH PATCH This Month

Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10500 HIGH PATCH This Month

Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-47329 HIGH This Month

Memory corruption while handling invalid inputs in application info setup. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 7800 Firmware Qam8255p Firmware Qam8775p Firmware Qca6574 Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47328 HIGH This Month

Transient DOS while processing power control requests with invalid antenna or stream values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 7800 Firmware Immersive Home 3210 Platform Firmware Immersive Home 326 Platform Firmware Ipq5300 Firmware +63
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47327 HIGH This Month

Memory corruption while encoding the image data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Aqt1000 Firmware Fastconnect 6200 Firmware +39
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47326 HIGH This Month

Transient DOS while handling command data during power control processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +116
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47317 HIGH This Month

Memory corruption due to global buffer overflow when a test command uses an invalid payload type. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 7800 Firmware Qcc5161 Firmware +49
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47316 HIGH This Month

Memory corruption due to double free when multiple threads race to set the timestamp store. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +25
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47315 HIGH This Month

Memory corruption while handling repeated memory unmap requests from guest VM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Qam8255p Firmware Qam8295p Firmware +25
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47314 HIGH This Month

Memory corruption while processing data sent by FE driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware Qam8650p Firmware +26
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy