Skip to main content
CVE-2025-25613 HIGH POC This Week

FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure S3150 8T2F Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-0643 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narkom Communication and Software Technologies Trade Ltd. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-0645 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-64660 HIGH This Month

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Visual Studio Code
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-64655 HIGH This Month

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dynamics Omnichannel Sdk Storage Containers
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-62459 HIGH This Month

Microsoft Defender Portal Spoofing Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS 365 Defender Portal
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-62207 HIGH This Month

Azure Monitor Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Azure Monitor
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-36072 HIGH This Month

IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE IBM Webmethods Integration
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-61138 HIGH This Month

Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qlik Sense
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13087 HIGH This Month

A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 4.0
7.5
EPSS
0.4%
CVE-2025-64770 HIGH This Month

The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-62674 HIGH This Month

The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-48986 HIGH POC This Week

Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Revive Adserver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2025-63889 HIGH This Month

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Buffer Overflow Information Disclosure Thinkphp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64428 HIGH POC PATCH This Week

Dataease is an open source data visualization analysis tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Dataease
NVD GitHub
CVSS 4.0
8.9
EPSS
0.2%
CVE-2025-12121 HIGH POC PATCH This Month

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Lite Xl Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-12120 HIGH POC PATCH This Month

Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

RCE Code Injection Lite Xl Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-62730 HIGH This Month

SOPlanning is vulnerable to Privilege Escalation in user management tab. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Soplanning
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-62294 HIGH This Month

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Soplanning
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-40601 HIGH This Month

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow Sonicos
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13446 HIGH POC This Month

A vulnerability has been found in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac21 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-13445 HIGH POC This Month

A flaw has been found in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac21 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-13433 HIGH This Month

A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. Rated high severity (CVSS 7.3). No vendor patch available.

Information Disclosure Microsoft Windows
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-11676 HIGH This Month

Improper input validation vulnerability in TP-Link System Inc. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link
NVD
CVSS 4.0
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy