Skip to main content
CVE-2025-10896 HIGH This Week

Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions up. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload RCE Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-43433 HIGH PATCH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-43431 HIGH PATCH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-43419 HIGH PATCH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-43480 HIGH PATCH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Apple Information Disclosure Red Hat Suse
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-43323 HIGH This Week

This issue was addressed with additional entitlement checks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-43472 HIGH This Week

A validation issue was addressed with improved input sanitization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43386 HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43476 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43474 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43407 HIGH This Week

This issue was addressed with improved entitlements. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43364 HIGH This Week

A race condition was addressed with additional validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Race Condition Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43361 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43401 HIGH This Week

A denial-of-service issue was addressed with improved validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-11704 HIGH This Week

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the `elegance-menu` shortcode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

LFI WordPress Information Disclosure RCE PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43462 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43413 HIGH This Week

An access issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43496 HIGH This Week

The issue was addressed by adding additional logic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43502 HIGH This Week

A privacy issue was addressed by removing sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43500 HIGH This Week

A privacy issue was addressed with improved handling of user preferences. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43405 HIGH This Week

A permissions issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43373 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43436 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-43376 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-11733 HIGH This Week

The Footnotes Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.0.7 due to insufficient input sanitization and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-43338 HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-64108 HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cursor
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-64107 HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft Cursor Windows
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-64106 HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Cursor
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-62722 HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Linkace
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-59595 HIGH This Month

CVE-2025-59595 is an internally discovered denial of service vulnerability in versions of Secure Access prior to 14.12. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Secure Access
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-62721 HIGH POC PATCH This Month

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Linkace
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-62720 HIGH POC PATCH This Month

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Linkace
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-62507 HIGH PATCH This Month

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Redis Buffer Overflow RCE Red Hat Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-62369 HIGH PATCH This Month

Xibo is an open source digital signage platform with a web content management system (CMS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xibo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-56230 HIGH POC This Month

Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docs
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-54526 HIGH This Month

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Monitouch V Sft
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-54496 HIGH This Month

A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Monitouch V Sft
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-47776 HIGH PATCH This Month

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Mantisbt
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-32786 HIGH This Month

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-56426 HIGH This Month

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 1080 Firmware Exynos 1280 Firmware +12
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-49494 HIGH This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 9110, Modem 5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Modem 5123 Firmware Exynos 1280 Firmware Exynos 1380 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23358 HIGH This Month

NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Nvidia Windows
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-54334 HIGH This Month

An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung Exynos 1280 Firmware Exynos 1380 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52513 HIGH This Month

An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Samsung Exynos 1580 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52512 HIGH This Month

An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Samsung Information Disclosure Exynos 1580 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54332 HIGH This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung Exynos 1380 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54329 HIGH This Month

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow Exynos 1280 Firmware Exynos 1330 Firmware +16
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54323 HIGH This Month

An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1080 Firmware Exynos 1280 Firmware Exynos 1330 Firmware +9
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-41345 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy