Skip to main content
CVE-2025-11700 HIGH POC THREAT Act Now

N-able N-central remote monitoring and management platform versions before 2025.4 contain multiple XML External Entity injection vulnerabilities. Attackers can exploit these to read sensitive files from the RMM server, including configuration files containing credentials for all managed endpoints.

XXE Information Disclosure N Central
NVD
CVSS 4.0
8.4
EPSS
51.2%
Threat
4.7
CVE-2016-15055 HIGH POC This Week

JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirmed on the VN-T216VPRU model) contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
2.6%
CVE-2023-7329 HIGH POC This Week

Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.7%
CVE-2023-7327 HIGH POC This Week

Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2023-7326 HIGH POC This Week

The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2021-4463 HIGH POC This Week

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2022-4982 HIGH POC This Week

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-64500 HIGH POC PATCH This Week

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Authentication Bypass Httpfoundation Symfony
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2017-20211 HIGH This Week

UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2025-59088 HIGH PATCH This Week

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-40149 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Information Disclosure Use After Free
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-64293 HIGH This Week

SQL injection in the 0 Day Analytics WordPress plugin versions through 4.0.0 allows high-privilege authenticated attackers to execute arbitrary SQL queries with cross-scope impact. Reported by Patchstack audit team, this CWE-89 flaw enables database extraction despite requiring admin-level credentials. EPSS score of 0.05% (16th percentile) indicates low predicted exploitation probability, and no active exploitation or public POC has been identified.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-11962 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DivvyDrive Information Technologies Inc. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-64523 HIGH POC PATCH This Month

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Authentication Bypass Filebrowser
NVD GitHub
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-64186 HIGH POC PATCH This Week

Evervault is a payment security solution. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Evervault
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-8485 HIGH This Month

An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation App Store
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-46428 HIGH This Month

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection RCE Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-46427 HIGH This Month

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-12048 HIGH This Month

An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Lenovo
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-10495 HIGH This Month

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo
NVD
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-64099 HIGH PATCH This Month

Open Access Management (OpenAM) is an access management solution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 4.0
8.1
EPSS
0.1%
CVE-2025-63929 HIGH POC This Month

A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Iec104
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63679 HIGH POC This Month

free5gc v4.1.0 and before is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-61667 HIGH This Month

The Datadog Agent collects events and metrics from hosts and sends them to Datadog. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Python Microsoft Kubernetes Privilege Escalation Windows +1
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-57310 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE CSRF Simple Faucet Script
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-47866 HIGH POC PATCH This Month

Ceph is a distributed object, block, and file storage platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ceph Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-65002 HIGH This Month

Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-65001 HIGH This Month

Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-63811 HIGH POC PATCH This Month

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jose2Go
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-2843 HIGH PATCH This Month

A flaw was found in the Observability Operator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Privilege Escalation Red Hat
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-13042 HIGH PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-11797 HIGH This Month

A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure RCE Use After Free 3ds Max
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-11795 HIGH This Month

A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE 3ds Max
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-63667 HIGH This Month

Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ip Camera Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-11567 HIGH This Month

CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured.

Privilege Escalation
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-11565 HIGH This Month

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload.

Path Traversal
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-12998 HIGH PATCH This Month

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-11994 HIGH This Month

The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-59118 HIGH This Month

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz.09.03. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Apache Ofbiz
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-12382 HIGH This Month

Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Firewall Analyzer
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-64405 HIGH This Month

Apache OpenOffice documents can contain links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Openoffice
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-64404 HIGH This Month

Apache OpenOffice documents can contain links to other files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Openoffice
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-64403 HIGH This Month

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Openoffice
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-64401 HIGH This Month

Apache OpenOffice documents can contain links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Openoffice
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-12903 HIGH This Month

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-12633 HIGH This Month

The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-11560 HIGH This Month

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy