Skip to main content
CVE-2025-24299 HIGH This Month

Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-23361 HIGH This Month

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Nvidia Code Injection Nemo +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23357 HIGH This Month

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Nvidia Code Injection
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22391 MEDIUM This Month

Improper access control for some SigTest before version 6.1.10 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20622 LOW Monitor

Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may allow an information. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microsoft Windows
NVD
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-20614 MEDIUM This Month

External control of file name or path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-20065 MEDIUM This Month

Uncontrolled search path for some Display Virtualization for Windows OS software before version 1797 within Ring 2: Device Drivers may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20056 MEDIUM Monitor

Improper input validation for some Intel VTune Profiler before version 2025.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-20050 MEDIUM This Month

Uncontrolled search path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel RCE Privilege Escalation Computing Improvement Program
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20010 HIGH This Month

Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-13032 CRITICAL This Week

Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Antivirus Windows
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-12944 MEDIUM This Month

Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netgear Dgn2200 Firmware
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-12943 MEDIUM This Month

Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netgear Rax30 Firmware Raxe300 Firmware
NVD
CVSS 4.0
5.2
EPSS
0.0%
CVE-2025-12942 MEDIUM Monitor

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to. Rated medium severity (CVSS 4.8). No vendor patch available.

Information Disclosure Netgear R6260 Firmware R6850 Firmware
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-12940 LOW Monitor

Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). Rated low severity (CVSS 0.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netgear Wax610Y Firmware Wax610 Firmware
NVD
CVSS 4.0
0.5
EPSS
0.0%
CVE-2025-9408 HIGH This Month

System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-64773 LOW Monitor

In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Authentication Bypass Youtrack
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-10918 HIGH This Month

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-10905 MEDIUM Monitor

Collision in MiniFilter driver in Avast Software Avast Free Antivirus before 25.9 on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-57695 HIGH POC This Month

An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Outpost Security Suite
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-9227 MEDIUM This Month

Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-9223 HIGH This Month

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2025-11862 HIGH This Month

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-11697 HIGH This Month

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. Rated high severity (CVSS 8.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Information Disclosure Microsoft Windows
NVD
CVSS 4.0
8.9
EPSS
0.0%
CVE-2025-11696 HIGH This Month

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. Rated high severity (CVSS 8.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Microsoft Windows
NVD
CVSS 4.0
8.9
EPSS
0.0%
CVE-2025-11085 HIGH This Month

A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-11084 HIGH This Month

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. Rated high severity (CVSS 7.6), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.6
EPSS
0.0%
CVE-2025-8324 CRITICAL This Week

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2025-41106 MEDIUM This Month

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-41105 MEDIUM This Month

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-41104 MEDIUM This Month

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-41103 MEDIUM This Month

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-41102 MEDIUM This Month

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-41101 MEDIUM This Month

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-7633 HIGH This Month

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-7632 HIGH This Month

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-7430 HIGH This Month

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-12953 MEDIUM Monitor

The Classified Listing - AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12846 HIGH This Month

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress PHP
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-12788 MEDIUM This Month

The Hydra Booking - Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-12787 MEDIUM This Month

The Hydra Booking - Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12539 CRITICAL This Week

The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure RCE PHP
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-9524 MEDIUM Monitor

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-9055 MEDIUM This Month

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8998 LOW Monitor

It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-7429 HIGH This Month

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-5317 MEDIUM This Month

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Security
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-10714 HIGH This Month

AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-8108 MEDIUM This Month

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Axis Os
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-6779 MEDIUM This Month

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Privilege Escalation Axis Os
NVD
CVSS 3.1
6.7
EPSS
0.0%
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy