Skip to main content
CVE-2025-63434 HIGH POC This Week

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Xtool Anyscan Android
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-56401 HIGH POC This Week

ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Wbrm
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-60638 HIGH POC PATCH This Week

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Free5gc Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-14015 HIGH POC This Week

The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD WPScan
CVSS 3.1
7.1
EPSS
1.2%
CVE-2025-56400 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Smartlife Tuya Tuya Smart
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-14007 HIGH This Week

Shenzhen TVT Digital Technology Co., Ltd. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-10555 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-44018 HIGH This Week

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-13609 HIGH PATCH GHSA This Week

A critical authentication bypass vulnerability in Keylime allows attackers with high privileges to register malicious agents using different TPM devices while claiming existing agent UUIDs, effectively overwriting legitimate agent identities. This enables impersonation of trusted agents and potential bypass of security controls in the remote attestation system. With an EPSS score of 0.07% (21st percentile) and no known KEV listing, the vulnerability has a high CVSS score of 8.2 but relatively low real-world exploitation likelihood.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-60915 HIGH This Week

An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Openatlas
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-52538 HIGH This Week

Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-54563 HIGH This Week

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading to Remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Pingalert Application Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54338 HIGH This Week

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pingalert Application Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0003 HIGH This Week

Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-52539 HIGH This Week

A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality,. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-0005 HIGH This Week

Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48510 HIGH This Week

Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Amd Uprof
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-10554 HIGH This Month

A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-12970 HIGH This Month

The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Fluent Bit Docker
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-11921 HIGH This Month

iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.10.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-65998 HIGH PATCH This Month

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Syncope
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-65495 HIGH PATCH This Month

Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libcoap Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-65494 HIGH PATCH This Month

NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-65493 HIGH PATCH This Month

NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-41016 HIGH This Month

Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41729 HIGH This Month

An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-12741 HIGH This Month

A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-12740 HIGH This Month

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-12739 HIGH This Month

An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-12629 HIGH This Month

The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-7402 HIGH This Month

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘site_id’ parameter in all versions up to, and including, 4.95. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy