Skip to main content
CVE-2025-9316 MEDIUM POC THREAT This Month

N-central < 2025.4 can generate sessionIDs for unauthenticated users4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 83.2% and no vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
83.2%
Threat
5.4
CVE-2025-11700 HIGH POC THREAT Act Now

N-able N-central remote monitoring and management platform versions before 2025.4 contain multiple XML External Entity injection vulnerabilities. Attackers can exploit these to read sensitive files from the RMM server, including configuration files containing credentials for all managed endpoints.

XXE Information Disclosure N Central
NVD
CVSS 4.0
8.4
EPSS
51.2%
Threat
4.7
CVE-2016-15055 HIGH POC This Week

JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirmed on the VN-T216VPRU model) contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
2.6%
CVE-2023-7329 HIGH POC This Week

Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.7%
CVE-2023-7327 HIGH POC This Week

Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2023-7326 HIGH POC This Week

The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2021-4463 HIGH POC This Week

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2022-4982 HIGH POC This Week

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-64500 HIGH POC PATCH This Week

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Authentication Bypass Httpfoundation Symfony
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-56385 CRITICAL Act Now

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Harmony
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-13060 MEDIUM POC This Month

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2021-4464 CRITICAL Act Now

FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2017-20211 HIGH This Week

UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2025-59088 HIGH PATCH This Week

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-40149 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Information Disclosure Use After Free
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-64293 HIGH This Week

SQL injection in the 0 Day Analytics WordPress plugin versions through 4.0.0 allows high-privilege authenticated attackers to execute arbitrary SQL queries with cross-scope impact. Reported by Patchstack audit team, this CWE-89 flaw enables database extraction despite requiring admin-level credentials. EPSS score of 0.05% (16th percentile) indicates low predicted exploitation probability, and no active exploitation or public POC has been identified.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-11962 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DivvyDrive Information Technologies Inc. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-63396 LOW POC Monitor

An issue was discovered in PyTorch v2.5 and v2.7.1. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pytorch
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2022-4983 MEDIUM This Month

TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling (INI-file based) that can be abused to cause remote creation of files on the host. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-13061 LOW POC Monitor

A vulnerability was detected in itsourcecode Online Voting System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13059 LOW POC Monitor

A weakness has been identified in SourceCodester Alumni Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13057 LOW POC Monitor

A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13076 LOW POC Monitor

A flaw has been found in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-13075 LOW POC Monitor

A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-59089 MEDIUM PATCH This Month

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service SSRF
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-13063 MEDIUM This Month

A flaw has been found in DinukaNavaratna Dee Store 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-40164 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smp_processor_id() in preemptible code warnings Syzbot reported the following warning: BUG: using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43205 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-40150 Monitor

Linux kernel F2FS filesystem implementation contains a race condition between garbage collection and block allocation that causes segment type inconsistencies, leading to filesystem shutdown. The vulnerability affects systems using F2FS with pinned files during concurrent fallocate and writepage operations. While the EPSS score is low at 0.03%, this is a kernel-level denial of service affecting data availability on affected systems.

Linux Linux Kernel Denial Of Service Race Condition
NVD
EPSS
0.0%
CVE-2025-40147 Monitor

Linux kernel block I/O throttling subsystem crashes with a NULL pointer dereference when I/O operations are submitted during early initialization before throttle policy is fully activated, causing denial of service on affected systems. The vulnerability affects the block layer's throttle policy initialization sequence and is triggered sporadically on cold boots when blk_should_throtl() accesses uninitialized throttle group state. With an EPSS score of 0.03% (10th percentile) and no public exploit identified, this is a low-probability but high-impact local crash condition requiring a kernel patch to fully resolve.

Linux Linux Kernel Null Pointer Dereference Denial Of Service Race Condition
NVD
EPSS
0.0%
CVE-2025-40135 Monitor

Linux kernel IPv6 packet transmission uses unsafe device reference handling in ip6_xmit() function, creating a use-after-free (UAF) vulnerability where the destination device pointer may be accessed after being freed. This affects all Linux kernel versions prior to patched stable releases, potentially allowing local or remote attackers to trigger memory corruption and information disclosure via crafted IPv6 traffic or network configuration changes. No active exploitation has been confirmed, and the EPSS score of 0.03% (10th percentile) indicates low real-world exploitation probability despite the underlying memory safety issue.

Linux Linux Kernel Use After Free
NVD
EPSS
0.0%
CVE-2025-40119 Monitor

In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential null deref in ext4_mb_init() In ext4_mb_init(), ext4_mb_avg_fragment_size_destroy() may be called when sbi->s_mb_avg_fragment_size remains uninitialized (e.g., if groupinfo slab cache allocation fails). Since ext4_mb_avg_fragment_size_destroy() lacks null pointer checking, this leads to a null pointer dereference. ================================================================== EXT4-fs: no memory for groupinfo slab cache BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: Oops: 0002 [#1] SMP PTI CPU:2 UID: 0 PID: 87 Comm:mount Not tainted 6.17.0-rc2 #1134 PREEMPT(none) RIP: 0010:_raw_spin_lock_irqsave+0x1b/0x40 Call Trace: <TASK> xa_destroy+0x61/0x130 ext4_mb_init+0x483/0x540 __ext4_fill_super+0x116d/0x17b0 ext4_fill_super+0xd3/0x280 get_tree_bdev_flags+0x132/0x1d0 vfs_get_tree+0x29/0xd0 do_new_mount+0x197/0x300 __x64_sys_mount+0x116/0x150 do_syscall_64+0x50/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e ================================================================== Therefore, add necessary null check to ext4_mb_avg_fragment_size_destroy() to prevent this issue. The same fix is also applied to ext4_mb_largest_free_orders_destroy().

Linux Denial Of Service Linux Kernel
NVD
EPSS
0.0%
CVE-2025-64707 LOW Monitor

Frappe Learning is a learning system that helps users structure their content. Rated low severity (CVSS 1.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Learning
NVD GitHub
CVSS 4.0
1.2
EPSS
0.0%
CVE-2025-64705 LOW Monitor

Frappe Learning is a learning system that helps users structure their content. Rated low severity (CVSS 1.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Learning
NVD GitHub
CVSS 4.0
1.3
EPSS
0.1%
CVE-2025-64523 HIGH POC PATCH This Month

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Authentication Bypass Filebrowser
NVD GitHub
CVSS 4.0
7.2
EPSS
0.1%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-64517 MEDIUM PATCH Monitor

sudo-rs is a memory safe implementation of sudo and su written in Rust. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-64503 MEDIUM POC PATCH Monitor

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Apple Buffer Overflow Cups Filters Libcupsfilters +3
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-64482 MEDIUM Monitor

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-64429 MEDIUM PATCH This Month

DuckDB is a SQL database management system. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Duckdb Red Hat
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-64345 LOW PATCH Monitor

Wasmtime is a runtime for WebAssembly. Rated low severity (CVSS 1.8). No vendor patch available.

Race Condition Information Disclosure
NVD GitHub
CVSS 3.1
1.8
EPSS
0.0%
CVE-2025-63645 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ph7 Social Dating Builder
NVD
CVSS 3.1
5.4
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec:. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() v4l2_subdev_call_state_try() macro allocates a subdev.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_objref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfs_encode_fh() The function btrfs_encode_fh() does not properly account for the three.

Linux Buffer Overflow Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: listmount: don't call path_put() under namespace semaphore Massage listmount() and make sure we don't call path_put() under the. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: ipmi: Rework user message limit handling The limit on the number of user messages had a number of issues, improper counting in some.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths The usage of task_lock(tsk->group_leader).

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy