Skip to main content
CVE-2025-60710 HIGH POC KEV THREAT Act Now

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
Threat
4.6
CVE-2025-62215 HIGH POC KEV THREAT Act Now

Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization.

Race Condition Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 +9
NVD Exploit-DB VulDB
CVSS 3.1
7.0
EPSS
0.5%
CVE-2025-11307 HIGH POC This Week

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google XSS PHP
NVD WPScan
CVSS 3.1
8.8
EPSS
7.0%
CVE-2025-12101 MEDIUM POC This Month

Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XSS
NVD
CVSS 4.0
5.9
EPSS
2.3%
CVE-2025-12813 CRITICAL Act Now

The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE Code Injection
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-11457 CRITICAL Act Now

The EasyCommerce - AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2017-20210 CRITICAL Act Now

Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Photo Station
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13026 CRITICAL PATCH Act Now

Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13024 CRITICAL PATCH Act Now

JIT miscompilation in the JavaScript Engine: JIT component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13023 CRITICAL PATCH Act Now

Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13022 CRITICAL PATCH Act Now

Incorrect boundary conditions in the Graphics: WebGPU component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13021 CRITICAL PATCH Act Now

Incorrect boundary conditions in the Graphics: WebGPU component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13014 HIGH PATCH This Week

Use-after-free in the Audio/Video component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Mozilla
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13020 HIGH PATCH This Week

Use-after-free in the WebRTC: Audio/Video component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Mozilla
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12019 MEDIUM POC This Month

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-13027 HIGH PATCH This Week

Memory safety bugs present in Firefox 144 and Thunderbird 144. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-30398 HIGH This Week

Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nuance Powerscribe One
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-13019 HIGH PATCH This Week

Same-origin policy bypass in the DOM: Workers component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Authentication Bypass Mozilla
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-13018 HIGH PATCH This Week

Mitigation bypass in the DOM: Security component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-13017 HIGH PATCH This Week

Same-origin policy bypass in the DOM: Notifications component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Authentication Bypass Mozilla
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-11959 HIGH This Week

Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-13016 HIGH PATCH This Week

Incorrect boundary conditions in the JavaScript: WebAssembly component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13012 HIGH PATCH This Week

Race condition in the Graphics component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Mozilla
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13025 HIGH PATCH This Week

Incorrect boundary conditions in the Graphics: WebGPU component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-10161 HIGH This Week

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-61830 HIGH This Week

Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-12010 MEDIUM This Month

The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from Authors_List_Shortcode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-11828 MEDIUM This Month

The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-13013 MEDIUM PATCH This Month

Mitigation bypass in the DOM: Core & HTML component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-11960 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aryom Software High Technology Systems Inc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-12748 MEDIUM PATCH This Month

A flaw was discovered in libvirt in the XML file processing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-12126 MEDIUM This Month

The The Total Book Project plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0 via several functions due to missing validation on a user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-24848 MEDIUM This Month

Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.3). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-11894 MEDIUM This Month

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.7.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-11999 MEDIUM This Month

The Add Multiple Marker plugin for WordPress is vulnerable to unauthorized modification of data to due to a missing capability check on the addmultiplemarker_reset_map() and amm_save_map_api(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-11891 MEDIUM This Month

The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.0 through publicly exposed log files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12020 MEDIUM This Month

The Double the Donation - A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-12538 MEDIUM This Month

The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-12526 MEDIUM This Month

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgc_remove' action in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13015 LOW Monitor

Spoofing issue in Firefox. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Mozilla
NVD VulDB
CVSS 3.1
3.4
EPSS
0.1%
CVE-2025-64531 HIGH This Month

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61835 HIGH This Month

Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61834 HIGH This Month

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61833 HIGH This Month

Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-41116 LOW Monitor

When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance,. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Information Disclosure
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-40827 HIGH This Month

A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens RCE
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-40817 HIGH This Month

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-40816 HIGH This Month

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-40815 HIGH This Month

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-40763 HIGH This Month

A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
8.5
EPSS
0.0%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy