Skip to main content
CVE-2025-56392 HIGH POC This Week

An Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Collegetivity
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-56132 HIGH POC This Week

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Liquidfiles
NVD
CVSS 3.1
7.3
EPSS
2.5%
CVE-2025-9230 HIGH PATCH CISA Act Now

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service Buffer Overflow Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-7779 HIGH This Week

Local privilege escalation due to insecure XPC service configuration. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2025-11152 HIGH PATCH This Week

Sandbox escape due to integer overflow in the Graphics: Canvas2D component. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Integer Overflow
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-56572 HIGH This Week

An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Finance Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-56571 HIGH This Week

Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Finance Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-11153 HIGH PATCH This Week

JIT miscompilation in the JavaScript Engine: JIT component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Mozilla
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-11149 HIGH This Week

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-11178 HIGH This Week

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2025-24525 HIGH This Month

Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-55017 HIGH This Month

Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirect_uri parameter allows attackers to intercept authorization codes and gain unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Open Redirect
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23293 HIGH This Month

NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Nvidia Information Disclosure
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-6034 HIGH This Month

There is a memory corruption vulnerability due to an out of bounds read in DefaultFontOptions() when using SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Circuit Design Suite
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-6033 HIGH This Month

There is a memory corruption vulnerability due to an out of bounds write in XML_Serialize() when using SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Circuit Design Suite
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-56301 HIGH POC This Month

An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 (2025-01-29) allowing attackers to corrupt exception handling and privilege state transitions via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chip
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9993 HIGH This Month

The Bei Fen - WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the 'task'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress LFI PHP RCE Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-9991 HIGH This Month

The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.3.34 via the 'language' parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress LFI PHP RCE Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-8877 HIGH This Month

The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajax_get_affiliate_id_from_login function in all versions up to, and including, 2.28.2 due to insufficient escaping on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-8122 HIGH This Month

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pad Cms
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-8121 HIGH This Month

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pad Cms
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-8117 HIGH This Month

PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset password functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pad Cms
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-7052 HIGH This Month

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-7038 HIGH This Month

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2025-59668 HIGH This Month

Multiple versions of Central Monitor CNS-6201 contain a NULL pointer dereference vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41099 HIGH This Month

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bold Workplanner
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-41098 HIGH This Month

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a misuse of the general enquiry web service. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bold Workplanner
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-41097 HIGH This Month

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bold Workplanner
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-41096 HIGH This Month

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bold Workplanner
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-41095 HIGH This Month

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bold Workplanner
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-41094 HIGH This Month

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bold Workplanner
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-41093 HIGH This Month

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bold Workplanner
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-41092 HIGH This Month

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bold Workplanner
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-41091 HIGH This Month

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bold Workplanner
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-10991 HIGH This Month

The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device.20: before 1.2.2 Build 20250907. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-59952 HIGH PATCH This Month

MinIO Java SDK is a Simple Storage Service (aka S3) client to perform bucket and object operations to any Amazon S3 compatible object storage service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Red Hat
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy