Skip to main content
CVE-2025-64753 MEDIUM This Month

grist-core is a spreadsheet hosting server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Grist Core
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64752 MEDIUM This Month

grist-core is a spreadsheet hosting server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Grist Core
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-64749 MEDIUM POC PATCH Monitor

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64748 MEDIUM PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-64747 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Directus
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-47913 HIGH POC PATCH GHSA This Month

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure SSH Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-36251 CRITICAL This Week

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-36250 CRITICAL This Week

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-36236 HIGH This Month

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Vios Aix
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-36096 CRITICAL This Week

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Vios Aix
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-13131 HIGH This Month

A vulnerability was found in Sonarr 4.0.15.2940. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-13130 HIGH This Month

A vulnerability has been found in Radarr 5.28.0.10274. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-64746 MEDIUM POC PATCH Monitor

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Directus
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-64745 LOW POC PATCH Monitor

Astro is a web framework. Rated low severity (CVSS 2.7), this vulnerability is no authentication required. Public exploit code available.

XSS Astro
NVD GitHub
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-64744 LOW Monitor

OpenObserve is a cloud-native observability platform. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-4619 MEDIUM This Month

A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Microsoft Windows
NVD
CVSS 4.0
6.6
EPSS
0.1%
CVE-2025-47222 MEDIUM This Month

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Signserver
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-47221 MEDIUM This Month

An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Signserver
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-47220 MEDIUM This Month

A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH, which exists in the PDFSigner and the PAdESSigner, can be set to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Signserver
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64726 HIGH This Month

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Node.js RCE
NVD GitHub
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-64709 CRITICAL POC Act Now

Typebot is an open-source chatbot builder. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Kubernetes Typebot
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-60702 MEDIUM POC This Week

A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `system.so` binary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2025-60699 MEDIUM POC This Week

A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE A950rg Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2025-59840 HIGH PATCH This Month

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Red Hat Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-55810 MEDIUM This Month

A vulnerability was found in Alaga Home Security WiFi Camera 3K (model S-CW2503C-H) with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload S Cw2503C H Firmware
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-46370 LOW Monitor

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. Rated low severity (CVSS 3.3). No vendor patch available.

Dell Information Disclosure Alienware Command Center
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-46369 HIGH This Month

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-46368 MEDIUM This Month

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Alienware Command Center
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-46367 HIGH This Month

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-46362 MEDIUM This Month

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain an Improper Access Control vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Alienware Command Center
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-63406 HIGH POC This Week

An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection RCE Group Office
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-43515 HIGH This Month

The issue was addressed by refusing external connections by default. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Compressor
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-64706 MEDIUM POC This Month

Typebot is an open-source chatbot builder. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Typebot
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-60701 MEDIUM POC This Week

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-60700 MEDIUM POC This Week

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binaries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-60698 HIGH POC This Month

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-60697 HIGH POC This Month

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-59480 MEDIUM This Month

Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Mattermost Mobile
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-12785 MEDIUM This Month

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP W1Y47A Firmware 7Kw48A Firmware 7Kw49A Firmware +59
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-12784 MEDIUM This Month

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP W1Y47A Firmware 7Kw48A Firmware 7Kw49A Firmware +59
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-11777 LOW PATCH Monitor

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Mattermost Server
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-20355 MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cisco
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-20353 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Catalyst Center
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-20349 MEDIUM This Month

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Catalyst Center
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2025-20346 MEDIUM Monitor

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Catalyst Center
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20341 HIGH This Month

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-11538 MEDIUM PATCH This Month

A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug <port>) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

RCE Java Red Hat
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-64718 MEDIUM PATCH This Month

js-yaml is a JavaScript YAML parser and dumper. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Js Yaml Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-64717 HIGH PATCH This Month

ZITADEL is an open source identity management platform. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Zitadel
NVD GitHub
CVSS 4.0
7.4
EPSS
0.6%
CVE-2025-64714 MEDIUM PATCH This Month

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE Information Disclosure
NVD GitHub
CVSS 3.1
5.8
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy