Skip to main content
CVE-2025-10974 LOW Monitor

A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-10965 LOW Monitor

A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-10949 LOW Monitor

A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-10940 LOW Monitor

A vulnerability was found in Total.js CMS 1.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-11005 CRITICAL This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.4.0cu.1458_B20250708. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
CVSS 4.0
9.3
EPSS
1.2%
CVE-2025-59817 HIGH This Month

This vulnerability allows attackers to execute arbitrary commands on the underlying system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-59816 HIGH This Month

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-59815 HIGH This Month

This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-59814 HIGH This Month

This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-57632 HIGH This Month

libsmb2 6.2+ is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-43993 HIGH This Month

Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Qualcomm RCE Pro Rugged 13 Ra13250 Firmware Pro Rugged 14 Rb14250 Firmware +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43816 MEDIUM PATCH This Month

A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-29156 MEDIUM This Month

Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Swagger Petstore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-29155 MEDIUM This Month

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Swagger Petstore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-10961 MEDIUM POC This Month

A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-10880 HIGH This Month

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dt R002 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-10879 HIGH This Month

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dt R002 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-59841 CRITICAL PATCH This Week

Flag Forge is a Capture The Flag (CTF) platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Session Fixation Flagforge
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-57446 HIGH This Month

An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the Subscription Manager API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-55559 HIGH POC This Month

An issue was discovered TensorFlow v2.18.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tensorflow AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55556 MEDIUM POC This Week

TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tensorflow AI / ML Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55554 MEDIUM PATCH This Month

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Pytorch AI / ML Red Hat +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55552 HIGH PATCH This Month

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integer Overflow Pytorch AI / ML Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43943 MEDIUM This Month

Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Cloud Disaster Recovery
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-33116 MEDIUM PATCH Monitor

IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Watson Studio
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-26333 MEDIUM This Month

Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environment and associated data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Bsafe Crypto J
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-20363 CRITICAL CERT-EU This Week

A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Apple RCE Heap Overflow Cisco +4
NVD
CVSS 3.1
9.0
EPSS
5.7%
CVE-2025-20333 CRITICAL KEV THREAT CISA CERT-EU Act Now

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 18.8%.

Buffer Overflow Cisco RCE Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
9.9
EPSS
18.8%
CVE-2025-10953 HIGH POC This Month

A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow 1200Gw Firmware 1250Gw Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.7%
CVE-2025-10952 MEDIUM This Month

A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2024-48014 HIGH This Month

Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Dell Buffer Overflow Denial Of Service Bsafe Micro Edition Suite
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59838 LOW POC PATCH Monitor

Monkeytype is a minimalistic and customizable typing test. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. Public exploit code available.

XSS Monkeytype
NVD GitHub
CVSS 4.0
2.4
EPSS
0.0%
CVE-2025-59832 CRITICAL POC Act Now

Horilla is a free and open source Human Resource Management System (HRMS). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Horilla
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-59823 CRITICAL PATCH This Week

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Code Injection Kubernetes Suse
NVD GitHub
CVSS 3.0
9.9
EPSS
0.1%
CVE-2025-55551 HIGH PATCH This Month

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-46153 MEDIUM PATCH This Month

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-46150 MEDIUM PATCH This Month

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-46149 MEDIUM PATCH This Month

In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-46148 MEDIUM PATCH This Month

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-40836 HIGH This Month

Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ericsson Indoor Connect 8855 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-36857 LOW Monitor

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Appspider Pro
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-36601 MEDIUM Monitor

Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-27262 HIGH This Month

Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ericsson Indoor Connect 8855 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-10542 CRITICAL This Week

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-10541 HIGH This Month

iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-5494 LOW Monitor

ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup.4.2500.25, through 11.4.2508.13. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Manageengine Endpoint Central
NVD
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-59839 HIGH POC PATCH This Week

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Embedvideo
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-59426 MEDIUM POC PATCH Monitor

Lobe Chat is an open-source artificial intelligence chat framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Lobe Chat
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-57317 HIGH POC This Month

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apidoc Core
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-10540 MEDIUM This Month

iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy