THREAT ALERT

ACT NOW CVE-2025-58360 8.2 GeoServer contains an XXE vulnerability in the WMS GetMap operation allowing unauthenticated attackers to read server files and perform SSRF attacks. | ACT NOW CVE-2025-13315 9.3 Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API bypass. The exposed log contains the administrator's username and encrypted password, which can be decrypted using hard-coded keys (CVE-2025-13316) to gain full administrative control. | ACT NOW CVE-2025-58034 7.2 Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized commands on the web application firewall. | ACT NOW CVE-2025-13223 8.8 Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day in 2025, exploited in targeted attacks. | ACT NOW CVE-2025-64446 9.8 Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative commands through crafted HTTP/HTTPS requests. | ACT NOW CVE-2025-62215 7.0 Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization. | ACT NOW CVE-2025-12480 9.1 Triofox versions before 16.7.10368.56560 contain an improper access control flaw allowing access to initial setup pages after setup is complete, enabling reconfiguration attacks. | ACT NOW CVE-2025-34299 9.3 Monsta FTP web-based file manager versions 2.11 and earlier allow unauthenticated arbitrary file uploads. The vulnerability enables attackers to upload malicious files from a compromised FTP server, which are then executed on the Monsta FTP server, achieving remote code execution. | ACT NOW CVE-2025-64328 8.6 FreePBX Endpoint Manager contains a post-authentication command injection via the testconnection/check_ssh_connect function, allowing authenticated users to execute OS commands. | ACT NOW CVE-2025-11953 9.8 React Native Metro Development Server binds to external interfaces by default and contains an OS command injection endpoint, allowing unauthenticated network attackers to execute arbitrary code. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — November 26, 2025

106 CVEs tracked today. 29 Critical, 39 High, 24 Medium, 5 Low.

CVE-2025-66266 CRITICAL CVSS 9.3
The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation
CVE-2025-66262 CRITICAL CVSS 9.3
Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal PHP Mozart Next 100 Firmware Mozart Next 1000 Firmware
CVE-2025-66261 CRITICAL CVSS 9.9
Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S.p.A. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection RCE Mozart Next 100 Firmware Mozart Next 1000 Firmware
CVE-2025-66259 CRITICAL CVSS 9.3
Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Mozart Next 100 Firmware Mozart Next 1000 Firmware Mozart Next 2000 Firmware
CVE-2025-66257 CRITICAL CVSS 9.2
Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Mozart Next 100 Firmware Mozart Next 1000 Firmware Mozart Next 2000 Firmware
CVE-2025-66256 CRITICAL CVSS 9.9
Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Mozart Next 100 Firmware Mozart Next 1000 Firmware Mozart Next 2000 Firmware
CVE-2025-66255 CRITICAL CVSS 9.9
Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP RCE Mozart Next 3000 Firmware Mozart Next 3500 Firmware
CVE-2025-66253 CRITICAL CVSS 9.9
Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p.A. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection RCE Mozart Next 100 Firmware Mozart Next 1000 Firmware
CVE-2025-66250 CRITICAL CVSS 9.2
Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Mozart Next 100 Firmware Mozart Next 1000 Firmware Mozart Next 2000 Firmware
CVE-2025-66022 CRITICAL CVSS 9.6
FACTION is a PenTesting Report Generation and Collaboration Framework. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Authentication Bypass Faction
CVE-2025-65669 CRITICAL CVSS 9.1
An issue was discovered in classroomio 0.1.13. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Classroomio
CVE-2025-65276 CRITICAL CVSS 9.8
An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Authentication Bypass Privilege Escalation Hashtech
CVE-2025-65236 CRITICAL CVSS 9.8
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ussd Gateway
CVE-2025-65235 CRITICAL CVSS 9.8
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ussd Gateway
CVE-2025-64657 CRITICAL CVSS 9.8
Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Microsoft Azure Application Gateway
CVE-2025-64656 CRITICAL CVSS 9.4
Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Azure Application Gateway
CVE-2025-64130 CRITICAL CVSS 9.3
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
CVE-2025-64128 CRITICAL CVSS 10.0
An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Command Injection
CVE-2025-64127 CRITICAL CVSS 10.0
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Command Injection
CVE-2025-64126 CRITICAL CVSS 10.0
An OS command injection vulnerability exists due to improper input validation. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Command Injection
CVE-2025-62593 CRITICAL CVSS 9.4
Ray is an AI compute engine. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Code Injection Mozilla Firefox
CVE-2025-62354 CRITICAL CVSS 9.8
Improper neutralization of special elements used in an OS command ('command injection') in Cursor allows an unauthorized attacker to execute commands that are outside of those specified in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
CVE-2025-59390 CRITICAL CVSS 9.8
Apache Druid’s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not explicitly set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Druid
CVE-2025-55469 CRITICAL CVSS 9.8
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Youlai Boot
CVE-2025-50433 CRITICAL CVSS 9.8
An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Imonnit
CVE-2025-50402 CRITICAL CVSS 9.8
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Fac1200R Firmware
CVE-2025-50399 CRITICAL CVSS 9.8
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Fac1200R Firmware
CVE-2025-40934 CRITICAL CVSS 9.3
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure
CVE-2025-26155 CRITICAL CVSS 9.8
NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Ncp Secure Entry Client Secure Enterprise Client Windows
CVE-2025-66269 HIGH CVSS 7.1
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
CVE-2025-66264 HIGH CVSS 7.2
The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
CVE-2025-66263 HIGH CVSS 8.9
Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Mozart Next 3000 Firmware Mozart Next 3500 Firmware Mozart Next 50 Firmware
CVE-2025-66260 HIGH CVSS 7.2
PostgreSQL SQL Injection (status_sql.php) in DB Electronica Telecomunicazioni S.p.A. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP PostgreSQL Mozart Next 100 Firmware Mozart Next 1000 Firmware
CVE-2025-66258 HIGH CVSS 7.1
Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mozart Next 6000 Firmware Mozart Next 500 Firmware Mozart Next 50 Firmware Mozart Next 3500 Firmware
CVE-2025-66254 HIGH CVSS 7.8
Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Mozart Next 100 Firmware Mozart Next 1000 Firmware Mozart Next 2000 Firmware
CVE-2025-66252 HIGH CVSS 8.4
Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Mozart Next 100 Firmware Mozart Next 1000 Firmware Mozart Next 2000 Firmware
CVE-2025-66251 HIGH CVSS 7.7
Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mozart Next 100 Firmware Mozart Next 1000 Firmware Mozart Next 2000 Firmware Mozart Next 30 Firmware
CVE-2025-66035 HIGH CVSS 7.7
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Redhat
CVE-2025-66031 HIGH CVSS 8.7
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Forge Redhat
CVE-2025-66021 HIGH CVSS 8.6
OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Java Html Sanitizer Redhat
CVE-2025-66020 HIGH CVSS 7.5
Valibot helps validate data using a schema. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
CVE-2025-65966 HIGH CVSS 8.8
OneUptime is a solution for monitoring and managing online services. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oneuptime
CVE-2025-65957 HIGH CVSS 8.8
Core Bot Is an Open Source discord bot made for maple hospital servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
CVE-2025-65672 HIGH CVSS 7.5
Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Classroomio
CVE-2025-65278 HIGH CVSS 7.5
An issue was discovered in file users.json in GroceryMart commit 21934e6 (2020-10-23) allowing unauthenticated attackers to gain sensitive information including plaintext usernames and passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Grocerymart
CVE-2025-65202 HIGH CVSS 8.0
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 657Brm Firmware
CVE-2025-64983 HIGH CVSS 8.6
Smart Video Doorbell firmware versions prior to 2.01.078 contain an active debug code vulnerability that allows an attacker to connect via Telnet and gain access to the device. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-64344 HIGH CVSS 7.5
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata Redhat Suse
CVE-2025-64335 HIGH CVSS 7.5
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Suricata Suse
CVE-2025-64334 HIGH CVSS 7.5
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Suricata Redhat Suse
CVE-2025-64333 HIGH CVSS 7.5
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata Redhat Suse
CVE-2025-64332 HIGH CVSS 7.5
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata Redhat Suse
CVE-2025-64331 HIGH CVSS 7.5
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata Redhat Suse
CVE-2025-64330 HIGH CVSS 7.5
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Suricata Redhat Suse
CVE-2025-64129 HIGH CVSS 7.0
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow
CVE-2025-56396 HIGH CVSS 8.8
An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
CVE-2025-55471 HIGH CVSS 7.5
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Youlai Boot
CVE-2025-46175 HIGH CVSS 7.5
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ruoyi
CVE-2025-46174 HIGH CVSS 7.5
Ruoyi v4.8.0 vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ruoyi
CVE-2025-45311 HIGH CVSS 8.8
Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Suse
CVE-2025-13735 HIGH CVSS 7.4
Out-of-bounds Read vulnerability in ASR1903、ASR3901 in ASR Lapwing_Linux on Linux (nr_fw modules). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
CVE-2025-13601 HIGH CVSS 7.7
A heap-based buffer overflow vulnerability exists in the glib library's g_escape_uri_string() function due to an integer overflow in buffer size calculation when processing strings with a very large number of characters requiring URI escaping. This vulnerability affects multiple Red Hat Enterprise Linux 9.0 and 10.0 distributions across various architectures (x86_64, ARM64, IBM Z, Power). A proof-of-concept exploit is publicly available, though EPSS scoring indicates only 0.01% exploitation probability (1st percentile), suggesting limited active exploitation in the wild despite the availability of exploit code.

Buffer Overflow Enterprise Linux For Power Little Endian Eus Enterprise Linux Server For Power Little Endian Enterprise Linux Server For Power Little Endian Eus Discovery
CVE-2025-12848 HIGH CVSS 7.0
Cross-site scripting (XSS) in Drupal 7.x Webform Multiple File Upload module versions 7.x-1.2 through 7.x-1.6 enables unauthenticated attackers to execute arbitrary JavaScript in victims' browsers by uploading files with malicious filenames to Webform nodes where file type validation is disabled. The vulnerability originates in the third-party fyneworks/multifile library's file name renderer. With EPSS at 0.07% (21st percentile) and no public exploit identified at time of analysis, exploitation probability remains low despite the CVSS 7.0 score.

Drupal PHP XSS File Upload Webform Multiple File Upload
CVE-2025-12571 HIGH CVSS 7.5
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
CVE-2025-12061 HIGH CVSS 8.6
The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
CVE-2025-11461 HIGH CVSS 7.1
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.53.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Frappe Crm
CVE-2025-9558 HIGH CVSS 7.6
There is a potential OOB Write vulnerability in the gen_prov_start function in pb_adv.c. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
CVE-2025-9557 HIGH CVSS 7.6
‭An out-of-bound write can lead to an arbitrary code execution. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE
CVE-2025-66265 MEDIUM CVSS 6.9
CMService.exe creates the C:\\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
CVE-2025-66030 MEDIUM CVSS 6.3
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Forge Redhat
CVE-2025-66028 MEDIUM CVSS 6.9
OneUptime is a solution for monitoring and managing online services. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Privilege Escalation Oneuptime
CVE-2025-66026 MEDIUM CVSS 6.1
REDAXO is a PHP-based CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Redaxo
CVE-2025-66025 MEDIUM CVSS 4.3
Caido is a web security auditing toolkit. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
CVE-2025-66019 MEDIUM CVSS 6.6
pypdf is a free and open-source pure-python PDF library. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Redhat Suse
CVE-2025-65963 MEDIUM CVSS 5.4
Files is a module for managing files inside spaces and user profiles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2025-65956 MEDIUM CVSS 6.5
Formwork is a flat file-based Content Management System (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Formwork
CVE-2025-65676 MEDIUM CVSS 5.4
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Classroomio
CVE-2025-65675 MEDIUM CVSS 5.4
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Classroomio
CVE-2025-65670 MEDIUM CVSS 4.3
An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Classroomio
CVE-2025-65239 MEDIUM CVSS 4.3
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ussd Gateway
CVE-2025-65238 MEDIUM CVSS 6.5
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ussd Gateway
CVE-2025-65237 MEDIUM CVSS 6.1
A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ussd Gateway
CVE-2025-63938 MEDIUM CVSS 6.5
Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Tinyproxy Suse
CVE-2025-62728 MEDIUM CVSS 5.4
SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Hive
CVE-2025-59820 MEDIUM CVSS 6.7
In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Redhat Suse
CVE-2025-13674 MEDIUM CVSS 5.5
BPv7 dissector crash in Wireshark 4.6.0 allows denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Wireshark Redhat Suse
CVE-2025-13084 MEDIUM CVSS 6.1
The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-12653 MEDIUM CVSS 6.5
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
CVE-2025-9191 MEDIUM CVSS 6.3
The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
CVE-2025-9163 MEDIUM CVSS 6.1
The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
CVE-2025-7449 MEDIUM CVSS 6.5
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
CVE-2025-6195 MEDIUM CVSS 4.3
GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
CVE-2025-66235 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66234 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66233 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66232 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66231 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66230 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66229 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66228 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-65681 LOW CVSS 3.3
An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Tutor
CVE-2025-55174 LOW CVSS 3.2
In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
CVE-2025-20373 LOW CVSS 2.7
In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the _internal index during the addition of new “Data Security Accounts“. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
CVE-2025-13611 LOW CVSS 2.0
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with access to. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Gitlab
CVE-2025-3747 None
Rejected reason: This CVE ID was duplicated of CVE-2025-32801. No vendor patch available.

Information Disclosure
CVE-2025-2486 LOW CVSS 3.7
The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Rated low severity (CVSS 3.7), this vulnerability is no authentication required.

Authentication Bypass Ubuntu Edk2

Today's Vulnerabilities Vulnerabilities