Skip to main content
CVE-2025-34501 HIGH This Month

Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-50735 HIGH POC This Month

Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nextchat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-12531 HIGH This Month

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Infosphere Information Server
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-63441 HIGH This Month

Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Source Social Network
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-10280 HIGH This Month

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Identityiq
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-60785 HIGH POC This Week

A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PostgreSQL Code Injection Icescrum
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-60503 HIGH POC This Week

A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ultimatepos
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-11761 HIGH This Month

A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Client Management Script Library
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-48397 HIGH This Month

The privileged user could log in without sufficient credentials after enabling an application protocol. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-48396 HIGH This Month

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-12622 HIGH This Month

A vulnerability was determined in Tenda AC10 16.03.10.13. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac10 Firmware
NVD VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-12619 HIGH This Month

A vulnerability was found in Tenda A15 15.13.07.13. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda Buffer Overflow A15 Firmware
NVD VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-12618 HIGH This Month

A vulnerability has been found in Tenda AC8 16.03.34.06. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac8 Firmware
NVD VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-12503 HIGH This Month

EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-12611 HIGH POC This Month

A vulnerability was identified in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac21 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy