Skip to main content
CVE-2024-57412 HIGH This Week

An issue in SunOS Omnios v5.11 allows attackers to cause a Denial of Service (DoS) via repeatedly sending crafted TCP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-11130 HIGH This Week

Local privilege escalation in iHongRen pptp-vpn 1.0/1.0.1 for macOS allows unauthenticated local users to execute arbitrary code with elevated privileges by exploiting missing authentication in the XPC service helper tool. Public exploit code exists on GitHub demonstrating the authentication bypass in shouldAcceptNewConnection function. Despite CVSS 7.3 severity, EPSS exploitation probability remains low (0.03%, 8th percentile), suggesting limited real-world targeting, though the availability of working POC code increases risk for local attackers with physical or remote desktop access.

Authentication Bypass Apple
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-59942 HIGH PATCH This Month

go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Go F3 Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59937 HIGH POC PATCH This Week

go-mail is a comprehensive library for sending mails with Go. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Go Mail Suse
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-36245 HIGH This Month

IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-54592 HIGH POC PATCH This Week

FreshRSS is a free, self-hostable RSS aggregator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Freshrss
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-54591 HIGH POC PATCH This Month

FreshRSS is a free, self-hostable RSS aggregator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freshrss
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-45376 HIGH This Month

Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Dell Information Disclosure Repository Manager
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-34233 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a protection mechanism failure. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-34231 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP SSRF Virtual Appliance Application +1
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2025-34228 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP SSRF Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-34225 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP SSRF Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-34212 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jenkins Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-34207 HIGH This Month

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Docker Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
7.9
EPSS
0.1%
CVE-2025-35030 HIGH This Month

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enterprise Health
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-57424 HIGH This Month

A stored cross-site scripting (XSS) vulnerability exists in the MyCourts v3 application within the LTA number profile field. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-41252 HIGH This Month

Description: VMware NSX contains a username enumeration vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-41251 HIGH This Month

VMware NSX contains a weak password recovery mechanism vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure VMware
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-57483 HIGH This Month

A reflected cross-site scripting (XSS) vulnerability in tawk.to chatbox widget v4 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-41250 HIGH This Month

VMware vCenter contains an SMTP header injection vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection VMware
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-7104 HIGH POC PATCH This Month

A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Librechat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-56234 HIGH This Month

AT_NA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-56233 HIGH This Month

Openindiana, kernel SunOS 5.11 has a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-51495 HIGH POC PATCH This Month

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Mongoose Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-41244 HIGH POC KEV PATCH THREAT Act Now

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Privilege Escalation VMware Aria Operations Cloud Foundation Cloud Foundation Operations +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-41246 HIGH This Month

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. Rated high severity (CVSS 7.6). No vendor patch available.

Authentication Bypass Microsoft VMware Windows
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-57516 HIGH POC This Week

OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Publiccms
NVD GitHub
CVSS 3.1
8.2
EPSS
2.7%
CVE-2025-56449 HIGH This Month

A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-9648 HIGH PATCH This Month

A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 4.0
8.7
EPSS
1.9%
CVE-2025-6724 HIGH PATCH This Month

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Automate
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48006 HIGH This Month

Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Dataspider Servista
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-11126 HIGH This Month

A security flaw has been discovered in Apeman ID71 218.53.203.117. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 4.0
8.9
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy