Skip to main content
CVE-2025-62369 HIGH PATCH This Month

Xibo is an open source digital signage platform with a web content management system (CMS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xibo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-56230 HIGH POC This Month

Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docs
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-54526 HIGH This Month

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Monitouch V Sft
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-54496 HIGH This Month

A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Monitouch V Sft
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-55155 MEDIUM POC PATCH This Month

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Mantisbt
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-54335 MEDIUM This Month

An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Information Disclosure Use After Free Exynos 1480 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-52910 CRITICAL This Week

An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Use After Free Privilege Escalation Exynos 1280 Firmware +5
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-48884 MEDIUM This Month

Galette is a membership management web application for non profit organizations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Galette
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-48076 MEDIUM This Month

Galette is a membership management web application for non profit organizations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Galette
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-47776 HIGH PATCH This Month

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Mantisbt
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-32786 HIGH This Month

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-27374 MEDIUM This Month

An issue was discovered in the Secure Boot component in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 1280, 2200, 1330, 1380, 1480, 2400. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 9825 Firmware Exynos 9820 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-56426 HIGH This Month

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 1080 Firmware Exynos 1280 Firmware +12
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-61431 MEDIUM This Month

A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Infinity Zmaintenance Infinity Zucchetti
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-54327 MEDIUM This Month

An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1380, W920, W930, W1000. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1280 Firmware Exynos 1380 Firmware Exynos 2200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49494 HIGH This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 9110, Modem 5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Modem 5123 Firmware Exynos 1280 Firmware Exynos 1380 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-33176 MEDIUM This Month

NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. Rated medium severity (CVSS 6.2). No vendor patch available.

Information Disclosure Nvidia
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-23358 HIGH This Month

NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Nvidia Windows
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-64322 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Agentforce Vibes
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64321 MEDIUM This Month

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Agentforce Vibes
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64320 MEDIUM This Month

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Agentforce Vibes
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-64319 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.12.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mulesoft Anypoint Code Builder
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64318 MEDIUM This Month

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.12.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Mulesoft Anypoint Code Builder
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54334 HIGH This Month

An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung Exynos 1280 Firmware Exynos 1380 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52513 HIGH This Month

An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Samsung Exynos 1580 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52512 HIGH This Month

An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Samsung Information Disclosure Exynos 1580 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12108 CRITICAL This Week

The Survision LPR Camera system does not enforce password protection by default. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-10875 MEDIUM This Month

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.11.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Mulesoft Anypoint Code Builder
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54333 MEDIUM This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1380 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54325 MEDIUM This Month

An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Exynos 1080 Firmware Exynos 1280 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-61956 CRITICAL This Week

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vizair
NVD GitHub
CVSS 4.0
10.0
EPSS
0.1%
CVE-2025-61945 CRITICAL This Week

Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vizair
NVD GitHub
CVSS 4.0
10.0
EPSS
0.2%
CVE-2025-60925 MEDIUM POC This Month

codeshare v1.0.0 was discovered to contain an information leakage vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Codeshare
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54863 CRITICAL This Week

Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vizair
NVD GitHub
CVSS 4.0
10.0
EPSS
0.1%
CVE-2025-54332 HIGH This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung Exynos 1380 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54331 MEDIUM This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1380 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54330 MEDIUM This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Exynos 1380 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54329 HIGH This Month

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow Exynos 1280 Firmware Exynos 1330 Firmware +16
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54323 HIGH This Month

An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1080 Firmware Exynos 1280 Firmware Exynos 1330 Firmware +9
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63294 MEDIUM POC This Week

WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hrm Saas
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12184 MEDIUM Monitor

The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-41345 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41344 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41343 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41342 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41341 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41340 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41339 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41338 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41337 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy