Skip to main content
CVE-2025-55178 MEDIUM PATCH This Month

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-59524 HIGH POC This Month

Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Horilla
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-59305 HIGH POC This Month

Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Langfuse
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-57353 MEDIUM POC PATCH This Month

The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Node.js
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-52906 CRITICAL This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.4.0cu.1360_B20241207. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
CVSS 4.0
9.3
EPSS
0.9%
CVE-2025-48869 HIGH POC This Month

Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Horilla
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-20338 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20327 HIGH This Month

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-20316 MEDIUM This Month

A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20315 HIGH This Month

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-20314 MEDIUM This Month

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-20313 MEDIUM This Month

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Path Traversal
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-20312 HIGH This Month

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-20311 HIGH This Month

A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-20293 MEDIUM This Month

A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20240 MEDIUM This Month

A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-20160 HIGH This Month

A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cisco Apple Information Disclosure
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-20149 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Apple
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20365 MEDIUM Monitor

A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an affected. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20364 MEDIUM Monitor

A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Code Injection
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20339 MEDIUM This Month

A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-20334 HIGH This Month

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Apple
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10892 HIGH PATCH This Month

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10891 HIGH PATCH This Month

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10890 CRITICAL PATCH This Week

Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-10502 HIGH PATCH This Month

Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10500 HIGH PATCH This Month

Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-47329 HIGH This Month

Memory corruption while handling invalid inputs in application info setup. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 7800 Firmware Qam8255p Firmware Qam8775p Firmware Qca6574 Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47328 HIGH This Month

Transient DOS while processing power control requests with invalid antenna or stream values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 7800 Firmware Immersive Home 3210 Platform Firmware Immersive Home 326 Platform Firmware Ipq5300 Firmware +63
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47327 HIGH This Month

Memory corruption while encoding the image data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Aqt1000 Firmware Fastconnect 6200 Firmware +39
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47326 HIGH This Month

Transient DOS while handling command data during power control processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +116
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47317 HIGH This Month

Memory corruption due to global buffer overflow when a test command uses an invalid payload type. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 7800 Firmware Qcc5161 Firmware +49
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47316 HIGH This Month

Memory corruption due to double free when multiple threads race to set the timestamp store. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +25
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47315 HIGH This Month

Memory corruption while handling repeated memory unmap requests from guest VM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Qam8255p Firmware Qam8295p Firmware +25
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47314 HIGH This Month

Memory corruption while processing data sent by FE driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware Qam8650p Firmware +26
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27077 HIGH This Month

Memory corruption while processing message in guest VM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Qam8255p Firmware Qam8295p Firmware +25
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27037 HIGH This Month

Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Fastconnect 6800 Firmware Fastconnect 6900 Firmware +35
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27036 MEDIUM This Month

Information disclosure when Video engine escape input data is less than expected minimum size. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +18
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-27034 CRITICAL This Week

Memory corruption while selecting the PLMN from SOR failed list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6174a Firmware Qca6391 Firmware +107
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-27033 MEDIUM This Month

Information disclosure while running video usecase having rogue firmware. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qcm5430 Firmware Qcm6490 Firmware Qcs5430 Firmware +29
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-27032 HIGH This Month

memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +187
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27030 MEDIUM This Month

information disclosure while invoking calibration data from user space to update firmware size. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure C V2x 9150 Firmware Qam8295p Firmware Qca6574au Firmware +38
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-21488 HIGH This Month

Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +103
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-21487 HIGH This Month

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware +222
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-21484 HIGH This Month

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Sm8750 Firmware Sm8750p Firmware Sm8850 Firmware +170
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-21483 CRITICAL This Week

Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware Fastconnect 6200 Firmware +221
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-21482 HIGH This Month

Cryptographic issue while performing RSA PKCS padding decoding. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +283
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-21481 HIGH This Month

Memory corruption while performing private key encryption in trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +245
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21476 HIGH This Month

Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qcs6490 Firmware Qcs8550 Firmware Qcs9100 Firmware Sg8275 Firmware +38
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10360 MEDIUM This Month

In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy