Skip to main content
CVE-2025-65001 HIGH This Month

Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-63811 HIGH POC PATCH This Month

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jose2Go
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-60645 MEDIUM POC This Week

A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Xxl Api
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-25236 MEDIUM This Month

Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20379 LOW Monitor

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-20378 LOW Monitor

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Splunk Splunk Cloud Platform
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-63419 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Crushftp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-59491 MEDIUM This Month

Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Community Development
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-52331 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Winrar
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-2843 HIGH PATCH This Month

A flaw was found in the Observability Operator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Privilege Escalation Red Hat
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-13042 HIGH PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-11797 HIGH This Month

A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure RCE Use After Free 3ds Max
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-11795 HIGH This Month

A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE 3ds Max
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-64281 CRITICAL This Week

An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Community Development
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-64280 CRITICAL This Week

A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Community Development
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-63353 CRITICAL POC Act Now

A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hg6145F1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2025-63289 CRITICAL This Week

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Sogexia Android
NVD
CVSS 3.1
9.1
EPSS
0.0%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-11367 CRITICAL This Week

The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE N Central
NVD
CVSS 4.0
10.0
EPSS
1.5%
CVE-2025-11366 CRITICAL This Week

N-central < 2025.4 is vulnerable to authentication bypass via path traversal. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass N Central
NVD
CVSS 4.0
9.4
EPSS
0.2%
CVE-2025-63667 HIGH This Month

Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ip Camera Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63666 CRITICAL POC Act Now

Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11567 HIGH This Month

CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured.

Privilege Escalation
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-11566 MEDIUM This Month

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different c

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-11565 HIGH This Month

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload.

Path Traversal
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-62876 MEDIUM PATCH This Month

A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Suse
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-12998 HIGH PATCH This Month

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.2
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix SMP ordering in switch_mm_irqs_off() Stephen noted that it is possible to not have an smp_mb() between the loaded_mm. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: net/ip6_tunnel: Prevent perpetual tunnel growth Similarly to ipv4 tunnel, ipv6 version updates dev->needed_headroom, too.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Currently, if find_and_map_user_pages() takes a DMA xfer.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmet_fc_ls_req_op It’s possible for more than one async command to be in flight from.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject negative offsets for ALU ops When verifying BPF programs, the check_alu_op() function validates instructions with ALU.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINE_DATA + EXTENTS flag combination syzbot reported a BUG_ON in ext4_es_cache_extent() when opening a.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Check GuC running state before deregistering exec queue In normal operation, a registered exec queue is disabled and.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dl_server before CPU goes offline IBM CI tool reported kernel warning[1] when running a CPU removal operation. No vendor patch available.

Linux Information Disclosure IBM Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails devm_kasprintf() may return NULL on memory allocation failure,. No vendor patch available.

Denial Of Service Linux Amd Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: mailbox: zynqmp-ipi: Fix SGI cleanup on unbind The driver incorrectly determines SGI vs SPI interrupts by checking IRQ number < 16,. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: xsk: Harden userspace-supplied xdp_desc validation Turned out certain clearly invalid values passed in xdp_desc from userspace can.

Linux Buffer Overflow Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nm_edac driver on some Intel Granite Rapids. No vendor patch available.

Intel Linux Buffer Overflow Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() The drv->sram_reg pointer could be set to.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: debugfs: Fix legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b.

Linux Information Disclosure Canonical Linux Kernel
NVD
EPSS
0.0%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy