Skip to main content
CVE-2025-20362 MEDIUM POC KEV THREAT CISA CERT-EU This Month

Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 43.6%.

Authentication Bypass Denial Of Service Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
6.5
EPSS
43.6%
Threat
7.6
CVE-2025-59834 CRITICAL POC PATCH Act Now

ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Google Adb Mcp Server Android
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-34227 HIGH POC This Week

Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PostgreSQL Nagios Xi
NVD
CVSS 4.0
8.6
EPSS
2.2%
CVE-2025-59831 HIGH POC PATCH This Week

git-commiters is a Node.js function module providing committers stats for their git repository. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Node.js Git Commiters
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-26278 HIGH POC This Week

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59404 HIGH POC This Week

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Bravo Compute Box Firmware Android
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-10942 HIGH POC This Week

A vulnerability was identified in H3C Magic B3 up to 100R002. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-10948 HIGH POC This Week

A vulnerability has been found in MikroTik RouterOS 7. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mikrotik
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-59408 HIGH POC This Week

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bravo Compute Box Firmware
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-29157 MEDIUM POC This Month

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Swagger Petstore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-56769 MEDIUM POC PATCH This Month

An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Hutool
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-59422 MEDIUM POC PATCH This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Dify
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2020-36851 CRITICAL Act Now

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation SSRF
NVD GitHub VulDB
CVSS 4.0
9.5
EPSS
0.8%
CVE-2025-59402 MEDIUM POC This Month

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bravo Compute Box Firmware
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-57623 MEDIUM POC This Month

A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference N600r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-10467 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
8.9
EPSS
0.0%
CVE-2025-40837 HIGH This Week

Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ericsson Indoor Connect 8855 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-27261 HIGH This Week

Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ericsson SQLi Indoor Connect 8855 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-10449 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-10438 HIGH This Week

Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-55560 HIGH PATCH This Week

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55558 HIGH PATCH This Week

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Buffer Overflow Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59830 HIGH PATCH This Week

Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rack Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55557 HIGH PATCH This Week

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55553 HIGH PATCH This Week

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-48707 HIGH This Week

An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-60249 MEDIUM This Month

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-10964 LOW POC Monitor

A weakness has been identified in Wavlink NU516U1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-10963 LOW POC Monitor

A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-10962 LOW POC Monitor

A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-10960 LOW POC Monitor

A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-10959 LOW POC Monitor

A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-10958 LOW POC Monitor

A flaw has been found in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-10979 LOW POC Monitor

A weakness has been identified in JeecgBoot up to 3.8.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10978 LOW POC Monitor

A security flaw has been discovered in JeecgBoot up to 3.8.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10951 MEDIUM This Month

A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-10947 MEDIUM This Month

Sistemas Pleno Gestão de Locação versions up to 2025.7.x contain an authorization bypass vulnerability in the CPF validation endpoint (/api/areacliente/pessoa/validarCpf) that allows remote, unauthenticated attackers to manipulate the pes_cpf parameter and bypass access controls. The vulnerability has a CVSS score of 5.5 (moderate) but carries a very low EPSS exploitation probability of 0.04% (11th percentile), suggesting limited real-world attack likelihood despite publicly available exploit code. Upgrading to version 2025.8.0 resolves the issue.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10973 MEDIUM This Month

A flaw has been found in JackieDYH Resume-management-system up to fb6b857d852dd796e748ce30c606fe5e61c18273. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10967 MEDIUM This Month

A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10911 MEDIUM PATCH This Month

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-46152 MEDIUM PATCH This Month

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-10977 LOW POC Monitor

A vulnerability was identified in JeecgBoot up to 3.8.2. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-10976 LOW POC Monitor

A vulnerability was determined in JeecgBoot up to 3.8.2. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-40838 MEDIUM This Month

Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ericsson
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-10945 MEDIUM This Month

A security vulnerability has been detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-26482 MEDIUM This Month

Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Poweredge R770 Firmware Poweredge R670 Firmware Poweredge R570 Firmware +109
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-60018 MEDIUM PATCH This Month

glib-networking's OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-60019 LOW Monitor

glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Denial Of Service Null Pointer Dereference
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-10950 LOW Monitor

A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-10975 LOW Monitor

A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy