Skip to main content
CVE-2025-58360 HIGH POC KEV PATCH THREAT Act Now

GeoServer contains an XXE vulnerability in the WMS GetMap operation allowing unauthenticated attackers to read server files and perform SSRF attacks.

XXE Geoserver
NVD GitHub
CVSS 3.1
8.2
EPSS
86.0%
Threat
7.2
CVE-2025-62703 HIGH POC PATCH This Week

Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Python Fugue
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-9803 HIGH POC This Week

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12816 HIGH POC PATCH This Week

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Forge Red Hat Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-9624 HIGH POC PATCH This Week

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.0.0 and < 3.3.0 and OpenSearch < 2.19.4. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opensearch
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-64050 HIGH POC PATCH This Week

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection Redaxo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-65018 HIGH POC PATCH This Week

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libpng Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-64720 HIGH POC PATCH This Week

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libpng Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-64065 HIGH This Week

The Primakon Pi Portal 1.0.18 API /api/V2/pp_udfv_admin endpoint, fails to perform necessary server-side validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Project Contract Management
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-64064 HIGH This Week

Primakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions before processing a PATCH request to modify the PP_SECURITY_PROFILE_ID. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Project Contract Management
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-64062 HIGH This Week

The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Project Contract Management
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13483 HIGH This Week

SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2025-65952 HIGH This Week

Console is a network used to control Gorilla Tag mods' users and other users on the network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-34350 HIGH This Week

UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Microsoft Windows
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-65951 HIGH This Week

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-64066 HIGH This Week

Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access Control vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Project Contract Management
NVD GitHub
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-59373 HIGH This Week

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-62155 HIGH PATCH This Week

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Suse
NVD GitHub
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-65084 HIGH This Week

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2025-65085 HIGH This Week

A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-66017 HIGH PATCH This Week

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2025-65965 HIGH PATCH This Week

Grype is a vulnerability scanner for container images and filesystems. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2025-12003 HIGH This Week

A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2025-0248 HIGH This Week

HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-33188 HIGH This Week

NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Nvidia Privilege Escalation Dgx Os
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-33204 HIGH This Week

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Nvidia Code Injection Nemo
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33189 HIGH This Week

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Nvidia Memory Corruption +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33203 HIGH This Week

NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure SSRF Nvidia
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-51741 HIGH This Week

An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Echo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-13502 HIGH PATCH This Week

A flaw was found in WebKitGTK and WPE WebKit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59371 HIGH This Week

An authentication bypass vulnerability has been identified in the IFTTT integration feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.5
EPSS
0.2%
CVE-2025-59370 HIGH This Week

A command injection vulnerability has been identified in bwdpi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
7.5
EPSS
0.6%
CVE-2025-12742 HIGH This Week

A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection
NVD
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-64761 HIGH PATCH This Week

OpenBao is an open source identity-based secrets management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Openbao Suse
NVD GitHub
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-33205 HIGH This Week

NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Nemo
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-13376 HIGH This Week

The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress PHP
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-13068 HIGH This Week

The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Telegram username in all versions up to, and including, 4.1 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-13644 HIGH This Week

MongoDB Server may experience an invariant failure during batched delete operations when handling documents. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-13507 HIGH This Week

Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 4.0
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy