Skip to main content
CVE-2025-47932 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-33150 MEDIUM This Month

IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due to the presence of hidden pages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure IBM Cognos Analytics Certified Containers
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-12729 MEDIUM PATCH Monitor

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12728 MEDIUM PATCH Monitor

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12727 HIGH PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12726 HIGH PATCH This Month

Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Microsoft Privilege Escalation Chrome Windows +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12725 HIGH PATCH This Month

Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Android +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12447 MEDIUM PATCH Monitor

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome Android Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12446 MEDIUM PATCH Monitor

Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome Red Hat Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12445 MEDIUM PATCH This Month

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12444 MEDIUM PATCH Monitor

Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome Red Hat Suse
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-12443 MEDIUM PATCH Monitor

Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12441 MEDIUM PATCH Monitor

Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12440 MEDIUM PATCH This Month

Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Buffer Overflow Chrome Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-12439 MEDIUM POC PATCH This Month

Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Microsoft Chrome Windows +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-12438 HIGH PATCH This Month

Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12437 HIGH PATCH This Month

Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +2
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12436 MEDIUM PATCH This Month

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome Red Hat Suse
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-12435 MEDIUM PATCH This Month

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Android Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-12434 MEDIUM PATCH Monitor

Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft Information Disclosure Chrome +2
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-12433 MEDIUM PATCH Monitor

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12432 HIGH PATCH This Month

Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12431 MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12430 HIGH PATCH This Month

Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-12429 HIGH PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-12428 HIGH PATCH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-63288 HIGH PATCH This Month

In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Open5gs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47773 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-47286 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-43723 MEDIUM This Month

Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-43079 MEDIUM This Month

The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and. Rated medium severity (CVSS 6.3). No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-63835 HIGH POC This Week

A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Tenda Denial Of Service +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-63834 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda XSS Ac18 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-63497 HIGH This Month

The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Hospital Management System
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-63457 HIGH POC This Month

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow Ax1803 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63456 HIGH POC This Month

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow Ax1803 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63455 HIGH POC This Month

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Denial Of Service Buffer Overflow Ax3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63147 HIGH POC This Month

Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow Ax3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63154 HIGH POC This Month

TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow A7000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-63153 HIGH POC This Month

TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow A7000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-63152 HIGH POC This Month

Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Denial Of Service Buffer Overflow Ax3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-46430 HIGH This Month

Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Display And Peripheral Manager
NVD
CVSS 3.1
7.3
EPSS
0.0%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-63712 HIGH POC This Week

Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Web Based Pharmacy Product Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-63711 HIGH POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Client Database Management System
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-63710 MEDIUM POC This Week

The send_message.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Simple Public Chat Room
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-63709 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple To Do List System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. No vendor patch available.

Information Disclosure
NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. No vendor patch available.

Information Disclosure
NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. No vendor patch available.

Information Disclosure
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy