Skip to main content
CVE-2025-34227 HIGH POC This Week

Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PostgreSQL Nagios Xi
NVD
CVSS 4.0
8.6
EPSS
2.2%
CVE-2025-59831 HIGH POC PATCH This Week

git-commiters is a Node.js function module providing committers stats for their git repository. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Node.js Git Commiters
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-26278 HIGH POC This Week

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59404 HIGH POC This Week

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Bravo Compute Box Firmware Android
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-10942 HIGH POC This Week

A vulnerability was identified in H3C Magic B3 up to 100R002. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-10948 HIGH POC This Week

A vulnerability has been found in MikroTik RouterOS 7. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mikrotik
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-59408 HIGH POC This Week

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bravo Compute Box Firmware
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-10467 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
8.9
EPSS
0.0%
CVE-2025-40837 HIGH This Week

Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ericsson Indoor Connect 8855 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-27261 HIGH This Week

Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ericsson SQLi Indoor Connect 8855 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-10449 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-10438 HIGH This Week

Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-55560 HIGH PATCH This Week

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55558 HIGH PATCH This Week

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Buffer Overflow Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59830 HIGH PATCH This Week

Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rack Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55557 HIGH PATCH This Week

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55553 HIGH PATCH This Week

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-48707 HIGH This Week

An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-59817 HIGH This Month

This vulnerability allows attackers to execute arbitrary commands on the underlying system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-59816 HIGH This Month

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-59815 HIGH This Month

This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-59814 HIGH This Month

This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-57632 HIGH This Month

libsmb2 6.2+ is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-43993 HIGH This Month

Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Qualcomm RCE Pro Rugged 13 Ra13250 Firmware Pro Rugged 14 Rb14250 Firmware +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10880 HIGH This Month

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dt R002 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-10879 HIGH This Month

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dt R002 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-57446 HIGH This Month

An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the Subscription Manager API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-55559 HIGH POC This Month

An issue was discovered TensorFlow v2.18.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tensorflow AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55552 HIGH PATCH This Month

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integer Overflow Pytorch AI / ML Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-10953 HIGH POC This Month

A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow 1200Gw Firmware 1250Gw Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.7%
CVE-2024-48014 HIGH This Month

Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Dell Buffer Overflow Denial Of Service Bsafe Micro Edition Suite
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55551 HIGH PATCH This Month

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-40836 HIGH This Month

Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ericsson Indoor Connect 8855 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-27262 HIGH This Month

Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ericsson Indoor Connect 8855 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-10541 HIGH This Month

iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59839 HIGH POC PATCH This Week

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Embedvideo
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-57317 HIGH POC This Month

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apidoc Core
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-40698 HIGH This Month

SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-10957 HIGH This Month

This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-10941 HIGH This Month

A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy