Skip to main content
CVE-2023-43000 HIGH POC KEV PATCH THREAT Act Now

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Memory Corruption Buffer Overflow Apple Use After Free Safari +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
Threat
4.8
CVE-2025-12139 HIGH POC THREAT Act Now

The File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.0% and no vendor patch available.

WordPress Google Information Disclosure PHP
NVD
CVSS 3.1
7.5
EPSS
22.0%
CVE-2025-57130 HIGH This Week

Privilege escalation in ZwiiCMS content management system (versions up to and including v13.6.07) allows a low-privilege authenticated user to read and overwrite the profile data of any other account, including administrators, by manipulating a crafted HTTP request to the user management component. Because an attacker can rewrite an administrator's credentials, this effectively yields full administrative takeover of the CMS. EPSS is low (0.23%, 46th percentile) and there is no public exploit identified at time of analysis, so risk is elevated primarily by the low attack complexity rather than by evidence of in-the-wild use.

Authentication Bypass Zwiicms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-12779 HIGH This Week

Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-55278 HIGH This Month

Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-63417 HIGH POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Selfbest
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-11093 HIGH This Month

An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Api Control Plane Api Manager Enterprise Integrator +3
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-10907 HIGH This Month

An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

File Upload RCE Api Control Plane Api Manager Enterprise Integrator +6
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2025-63248 HIGH POC This Month

DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dwsurvey
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-45379 HIGH This Month

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Cloudlink D-Link
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2025-43990 HIGH This Month

Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Command Monitor
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-30479 HIGH This Month

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Cloudlink D-Link
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2025-20343 HIGH This Month

A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Identity Services Engine
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-64458 HIGH PATCH GHSA This Month

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Python Django Windows +2
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-61084 HIGH This Month

MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets (<>) in the From: header of SMTP DATA. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46784 HIGH POC PATCH This Month

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr&#39;ouvert Lasso 2.5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lasso Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-46705 HIGH POC PATCH This Month

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr&#39;ouvert Lasso 2.5.1 and 2.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lasso Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-46404 HIGH POC PATCH This Month

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr&#39;ouvert Lasso 2.5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Lasso Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-12497 HIGH This Month

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10 via the 'args[extra_template_path]' parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI WordPress Information Disclosure RCE PHP
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-10622 HIGH PATCH This Month

A flaw was found in Red Hat Satellite (Foreman component). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Red Hat
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-64151 HIGH This Month

Multiple Roboticsware products provided by Roboticsware PTE. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-62225 HIGH This Month

Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-12384 HIGH This Month

The Document Embedder - Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-21079 HIGH This Month

Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Members
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-21078 HIGH This Month

Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smart Switch
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-12197 HIGH This Month

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-64110 HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cursor
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-64109 HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy