Skip to main content
CVE-2025-58360 HIGH POC KEV PATCH THREAT Act Now

GeoServer contains an XXE vulnerability in the WMS GetMap operation allowing unauthenticated attackers to read server files and perform SSRF attacks.

XXE Geoserver
NVD GitHub
CVSS 3.1
8.2
EPSS
86.0%
Threat
7.2
CVE-2025-60739 CRITICAL POC Act Now

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS CSRF Eve X1 Server Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2025-63729 CRITICAL POC Act Now

An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sy Gpon 1110 Wdont Firmware
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-62703 HIGH POC PATCH This Week

Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Python Fugue
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-9803 HIGH POC This Week

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12816 HIGH POC PATCH This Week

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Forge Red Hat Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-9624 HIGH POC PATCH This Week

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.0.0 and < 3.3.0 and OpenSearch < 2.19.4. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opensearch
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-64050 HIGH POC PATCH This Week

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection Redaxo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-65018 HIGH POC PATCH This Week

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libpng Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-64720 HIGH POC PATCH This Week

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libpng Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-63735 MEDIUM POC This Month

A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ruckus Unleashed
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-61168 CRITICAL Act Now

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP RCE Pmb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13597 CRITICAL Act Now

The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP RCE WordPress
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-13595 CRITICAL Act Now

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP RCE WordPress
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-51746 CRITICAL Act Now

An issue was discovered in jishenghua JSH_ERP 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-51745 CRITICAL Act Now

An issue was discovered in jishenghua JSH_ERP 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-51744 CRITICAL Act Now

An issue was discovered in jishenghua JSH_ERP 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-51743 CRITICAL Act Now

An issue was discovered in jishenghua JSH_ERP 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-51742 CRITICAL Act Now

An issue was discovered in jishenghua JSH_ERP 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-64063 CRITICAL Act Now

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Project Contract Management
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13559 CRITICAL Act Now

The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-6389 CRITICAL Act Now

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE Code Injection PHP
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2025-66016 CRITICAL PATCH Act Now

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-33187 CRITICAL Act Now

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Nvidia Denial Of Service Privilege Escalation +1
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-64693 CRITICAL Act Now

Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft Heap Overflow Windows
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-62691 CRITICAL Act Now

Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow RCE Buffer Overflow Microsoft Windows
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-59366 CRITICAL Act Now

An authentication-bypass vulnerability exists in AiCloud. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2025-64713 MEDIUM POC This Month

WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Webassembly Micro Runtime
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-64065 HIGH This Week

The Primakon Pi Portal 1.0.18 API /api/V2/pp_udfv_admin endpoint, fails to perform necessary server-side validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Project Contract Management
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-64064 HIGH This Week

Primakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions before processing a PATCH request to modify the PP_SECURITY_PROFILE_ID. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Project Contract Management
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-64062 HIGH This Week

The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Project Contract Management
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13483 HIGH This Week

SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2025-64049 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redaxo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-65952 HIGH This Week

Console is a network used to control Gorilla Tag mods' users and other users on the network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-64704 MEDIUM POC This Month

WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Webassembly Micro Runtime
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-34350 HIGH This Week

UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Microsoft Windows
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-65951 HIGH This Week

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-64066 HIGH This Week

Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access Control vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Project Contract Management
NVD GitHub
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-59373 HIGH This Week

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-62155 HIGH PATCH This Week

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Suse
NVD GitHub
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-65084 HIGH This Week

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2025-65085 HIGH This Week

A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-65647 MEDIUM POC This Month

Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Online Shopping Portal
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66017 HIGH PATCH This Week

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2025-65965 HIGH PATCH This Week

Grype is a vulnerability scanner for container images and filesystems. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2025-12003 HIGH This Week

A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2025-0248 HIGH This Week

HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-33188 HIGH This Week

NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Nvidia Privilege Escalation Dgx Os
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-33204 HIGH This Week

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Nvidia Code Injection Nemo
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33189 HIGH This Week

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Nvidia Memory Corruption +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy