Skip to main content
CVE-2025-8868 CRITICAL POC PATCH THREAT Act Now

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.3%.

SQLi Automate
NVD
CVSS 3.1
9.8
EPSS
17.3%
Threat
4.0
CVE-2025-34221 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose every internal Docker container to the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker RCE Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
10.0
EPSS
1.7%
CVE-2025-56807 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rise Ultimate Project Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-13150 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection.Pro ERP: through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-11140 MEDIUM POC This Month

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2024-57412 HIGH This Week

An issue in SunOS Omnios v5.11 allows attackers to cause a Denial of Service (DoS) via repeatedly sending crafted TCP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-11130 HIGH This Week

Local privilege escalation in iHongRen pptp-vpn 1.0/1.0.1 for macOS allows unauthenticated local users to execute arbitrary code with elevated privileges by exploiting missing authentication in the XPC service helper tool. Public exploit code exists on GitHub demonstrating the authentication bypass in shouldAcceptNewConnection function. Despite CVSS 7.3 severity, EPSS exploitation probability remains low (0.03%, 8th percentile), suggesting limited real-world targeting, though the availability of working POC code increases risk for local attackers with physical or remote desktop access.

Authentication Bypass Apple
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-43400 MEDIUM This Month

An out-of-bounds write issue was addressed with improved bounds checking. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-11138 LOW POC Monitor

A vulnerability was found in mirweiye wenkucms up to 3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-11139 LOW POC Monitor

A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-11136 LOW POC Monitor

A flaw has been found in YiFang CMS up to 2.0.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-57197 MEDIUM This Month

In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-7698 MEDIUM This Month

Out-of-bounds read vulnerabilities exist in the print processing functionality of multiple Canon printer driver families, including Generic Plus PCL6, UFR II, LIPS4, LIPSLX, PS, PCL6, CARPS2, and related variants. These vulnerabilities allow remote attackers to read sensitive memory contents (information disclosure) and potentially cause application crashes, requiring user interaction (opening a malicious print job) to trigger. With an EPSS score of 0.05% and no evidence of active exploitation in the wild, this represents a low real-world risk despite moderate CVSS scoring.

Buffer Overflow Information Disclosure HP
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-9903 MEDIUM This Month

Out-of-bounds write vulnerabilities exist in the print processing functionality of multiple Canon printer drivers, including Generic Plus variants (PCL6, UFR II, LIPS4, LIPSLX, PS) and standalone drivers (UFRII LT, CARPS2, Generic FAX, LIPS4, LIPSLX, UFR II, PS, PCL6). An attacker can exploit these memory corruption flaws via a malicious print job to corrupt memory, potentially leading to code execution or denial of service. The EPSS score of 0.04% (13th percentile) suggests low exploitation probability in the wild, and no active KEV status has been reported, indicating this is not currently being exploited at scale.

Buffer Overflow HP Denial Of Service
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-11135 MEDIUM This Month

A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Deserialization
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-9904 MEDIUM This Month

CVE-2025-9904 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-10346 MEDIUM This Month

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Perfex Crm
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-10345 MEDIUM This Month

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Perfex Crm
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-10344 MEDIUM This Month

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Perfex Crm
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-10343 MEDIUM This Month

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expense_name' at the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Perfex Crm
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-11125 LOW Monitor

A vulnerability was found in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11141 LOW Monitor

A security flaw has been discovered in Ruijie NBR2100G-E up to 20250919. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-11137 LOW Monitor

A vulnerability has been found in Gstarsoft GstarCAD up to 9.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-11134 LOW Monitor

A security vulnerability has been detected in Cudy TR1200 1.16.3-20230804-164635. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-59948 MEDIUM POC PATCH This Week

FreshRSS is a free, self-hostable RSS aggregator. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Freshrss
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-59942 HIGH PATCH This Month

go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Go F3 Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59941 MEDIUM PATCH This Month

go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Authentication Bypass Go F3 Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-59940 MEDIUM PATCH This Month

mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-59937 HIGH POC PATCH This Week

go-mail is a comprehensive library for sending mails with Go. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Go Mail Suse
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-43817 MEDIUM PATCH Monitor

Multiple reflected cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-43813 MEDIUM PATCH This Month

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4,. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-43812 MEDIUM PATCH Monitor

Cross-site scripting (XSS) vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-36245 HIGH This Month

IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-59933 MEDIUM PATCH This Month

libvips is a demand-driven, horizontally threaded image processing library. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Libvips Suse
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-59163 LOW PATCH Monitor

vet is an open source software supply chain security tool. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-57769 MEDIUM POC PATCH This Month

FreshRSS is a free, self-hostable RSS aggregator. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation XSS Freshrss
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-54875 CRITICAL POC PATCH Act Now

FreshRSS is a free, self-hostable RSS aggregator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freshrss
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-54592 HIGH POC PATCH This Week

FreshRSS is a free, self-hostable RSS aggregator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Freshrss
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-43820 MEDIUM PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-43818 MEDIUM PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-43815 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-43811 MEDIUM PATCH Monitor

Multiple stored cross-site scripting (XSS) vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-57266 CRITICAL This Week

An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-54591 HIGH POC PATCH This Month

FreshRSS is a free, self-hostable RSS aggregator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freshrss
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-45376 HIGH This Month

Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Dell Information Disclosure Repository Manager
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-34235 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Privilege Escalation Virtual Appliance Application Virtual Appliance Host +1
NVD
CVSS 4.0
9.5
EPSS
0.3%
CVE-2025-34234 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.2
EPSS
0.0%
CVE-2025-34233 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a protection mechanism failure. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-34232 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP SSRF Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34231 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP SSRF Virtual Appliance Application +1
NVD
CVSS 4.0
8.8
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy