Skip to main content
CVE-2025-13223 HIGH KEV PATCH THREAT Act Now

Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day in 2025, exploited in targeted attacks.

Memory Corruption Google Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2025-63748 HIGH POC This Week

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Qatraq
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-40936 HIGH This Week

A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V29.0.258), Solid Edge (All versions < V226.00 Update 03). Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-36553 HIGH This Month

A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-36463 HIGH This Month

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Broadcom
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-36462 HIGH This Month

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Broadcom
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-36461 HIGH This Month

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Broadcom
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-36460 HIGH This Month

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Broadcom
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-32089 HIGH This Month

A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow RCE
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-31649 HIGH This Month

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-31361 HIGH This Month

A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-13305 HIGH POC This Month

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 825M Firmware Dwr M920 Firmware Dwr M921 Firmware +2
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-13304 HIGH POC This Month

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 825M Firmware Dwr M920 Firmware Dwr M921 Firmware +2
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-13224 HIGH PATCH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-36118 HIGH This Month

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Storage Virtualize
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-36357 HIGH This Month

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics Local Planning Analytics Workspace
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-64756 HIGH POC PATCH This Month

Glob matches files using patterns the shell uses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Command Injection RCE Glob Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-58407 HIGH This Month

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ddk
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-34323 HIGH This Month

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Log Server
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-34322 HIGH This Month

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Log Server
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-63917 HIGH POC This Month

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Denial Of Service Information Disclosure SSRF Pdfpatcher
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-62519 HIGH POC PATCH This Month

phpMyFAQ is an open source FAQ web application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Phpmyfaq
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-58410 HIGH This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ddk
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13319 HIGH This Month

An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-63916 HIGH POC This Week

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Myscreentools
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-13288 HIGH POC This Month

A security vulnerability has been detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-4321 HIGH This Month

In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard reset will bring the device to normal operation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-11681 HIGH This Month

Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-65073 HIGH PATCH This Month

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-13165 HIGH This Month

EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-13283 HIGH This Month

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF Tenderdoctransfer
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-13282 HIGH This Month

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF Tenderdoctransfer
NVD
CVSS 4.0
7.0
EPSS
0.6%
CVE-2025-13258 HIGH POC This Month

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy