Skip to main content
CVE-2025-60691 HIGH POC This Week

A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys RCE Denial Of Service +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-60690 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the Linksys E1200 v2 router firmware that allows remote attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability occurs in the httpd binary's get_merge_ipaddr function, which improperly concatenates user-supplied CGI parameters into a fixed-size buffer without bounds checking. With publicly available proof-of-concept exploits and an EPSS score of 0.57% (68th percentile), this represents a moderate exploitation risk for affected devices.

Linksys RCE Denial Of Service Buffer Overflow E1200 Firmware +1
NVD GitHub VulDB Exploit-DB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-60679 HIGH POC This Week

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-60694 HIGH POC This Week

A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys RCE Denial Of Service +1
NVD GitHub
CVSS 3.1
7.5
EPSS
5.1%
CVE-2025-60696 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys RCE Denial Of Service +1
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-60692 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys RCE Cisco +2
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-4984 HIGH This Week

ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition < 16.5, and ZenTao Open Source Edition < 16.5.beta1 contain an SQL injection vulnerability in the login functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-64530 HIGH PATCH This Month

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47913 HIGH POC PATCH GHSA This Month

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure SSH Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-36236 HIGH This Month

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Vios Aix
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-13131 HIGH This Month

A vulnerability was found in Sonarr 4.0.15.2940. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-13130 HIGH This Month

A vulnerability has been found in Radarr 5.28.0.10274. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-64726 HIGH This Month

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Node.js RCE
NVD GitHub
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-59840 HIGH PATCH This Month

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Red Hat Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-46369 HIGH This Month

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-46367 HIGH This Month

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-63406 HIGH POC This Week

An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection RCE Group Office
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-43515 HIGH This Month

The issue was addressed by refusing external connections by default. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Compressor
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-60698 HIGH POC This Month

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-60697 HIGH POC This Month

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-20341 HIGH This Month

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-64717 HIGH PATCH This Month

ZITADEL is an open source identity management platform. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Zitadel
NVD GitHub
CVSS 4.0
7.4
EPSS
0.6%
CVE-2025-64511 HIGH This Month

MaxKB is an open-source AI assistant for enterprise. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Python Maxkb
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-62484 HIGH This Month

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Meeting Software Development Kit Workplace
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-64741 HIGH This Month

Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Meeting Software Development Kit Workplace Android
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-64740 HIGH This Month

Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.5). No vendor patch available.

Jwt Attack Microsoft Privilege Escalation Workplace Virtual Desktop Infrastructure Windows
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-12765 HIGH PATCH This Month

pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pgadmin 4 Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12764 HIGH PATCH This Month

pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LDAP Code Injection Pgadmin 4 Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12844 HIGH This Month

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-12733 HIGH This Month

The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE Code Injection
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-11923 HIGH This Month

The LifterLMS - WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy