Skip to main content
CVE-2025-13288 HIGH POC This Month

A security vulnerability has been detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-4321 HIGH This Month

In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard reset will bring the device to normal operation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
7.1
EPSS
0.0%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-40834 MEDIUM This Month

A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 < V4.6.1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-11681 HIGH This Month

Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-65073 HIGH PATCH This Month

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-13165 HIGH This Month

EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-13164 MEDIUM This Month

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-13163 MEDIUM This Month

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-9501 CRITICAL This Week

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress PHP Command Injection
NVD WPScan
CVSS 3.1
9.0
EPSS
2.5%
CVE-2025-60022 LOW Monitor

Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-13266 MEDIUM This Month

A security vulnerability has been detected in wwwlike vlife up to 2.0.1.java of the component VLifeApi. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13265 MEDIUM POC This Month

A weakness has been identified in lsfusion platform up to 6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Lsfusion Platform
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-13284 CRITICAL This Week

ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-13283 HIGH This Month

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF Tenderdoctransfer
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-13282 HIGH This Month

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF Tenderdoctransfer
NVD
CVSS 4.0
7.0
EPSS
0.6%
CVE-2025-13261 MEDIUM POC This Month

A vulnerability was found in lsfusion platform up to 6.1. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Lsfusion Platform
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-13258 HIGH POC This Month

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-10460 CRITICAL This Week

A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
9.4
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy