Skip to main content
CVE-2025-30255 HIGH This Month

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Microsoft Memory Corruption Denial Of Service +1
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-30185 HIGH This Month

Active debug code for some Intel UEFI reference platforms within Ring 0: Kernel may allow a denial of service and escalation of privilege. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Privilege Escalation
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-27713 HIGH This Month

Out-of-bounds write for some Intel(R) QAT Windows software before version 2.6.0. Rated high severity (CVSS 7.3). No vendor patch available.

Buffer Overflow Intel Microsoft Memory Corruption Privilege Escalation +2
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-24838 HIGH This Month

Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-24299 HIGH This Month

Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-23361 HIGH This Month

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Nvidia Code Injection Nemo +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23357 HIGH This Month

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Nvidia Code Injection
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20010 HIGH This Month

Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-9408 HIGH This Month

System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-10918 HIGH This Month

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-57695 HIGH POC This Month

An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Outpost Security Suite
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-9223 HIGH This Month

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2025-11862 HIGH This Month

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-11697 HIGH This Month

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. Rated high severity (CVSS 8.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Information Disclosure Microsoft Windows
NVD
CVSS 4.0
8.9
EPSS
0.0%
CVE-2025-11696 HIGH This Month

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. Rated high severity (CVSS 8.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Microsoft Windows
NVD
CVSS 4.0
8.9
EPSS
0.0%
CVE-2025-11085 HIGH This Month

A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-11084 HIGH This Month

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. Rated high severity (CVSS 7.6), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.6
EPSS
0.0%
CVE-2025-7633 HIGH This Month

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-7632 HIGH This Month

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-7430 HIGH This Month

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-12846 HIGH This Month

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress PHP
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-7429 HIGH This Month

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-10714 HIGH This Month

AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-11855 HIGH This Month

The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the age_restrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress RCE PHP
NVD WPScan
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12637 HIGH This Month

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the process_theme function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Elastic RCE Code Injection PHP
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-11521 HIGH This Month

The Astra Security Suite - Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress RCE Authentication Bypass PHP
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-11451 HIGH This Month

The Auto Amazon Links - Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-11168 HIGH This Month

The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-42940 HIGH This Month

SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption SAP Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy