Skip to main content
CVE-2025-64656 CRITICAL Act Now

Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Azure Application Gateway
NVD
CVSS 3.1
9.4
EPSS
0.2%
CVE-2025-40934 CRITICAL PATCH Act Now

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-64130 CRITICAL Act Now

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-66266 CRITICAL Act Now

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2020-36874 HIGH This Week

ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-45311 HIGH PATCH This Week

Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-65957 HIGH This Week

Core Bot Is an Open Source discord bot made for maple hospital servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25226 HIGH This Week

Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/sys_system_config management endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2019-25227 HIGH This Week

Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/system_config_file management endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2020-36873 HIGH This Week

Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-66031 HIGH PATCH This Week

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Forge Red Hat
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-12061 HIGH This Week

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD WPScan
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-64983 HIGH This Week

Smart Video Doorbell firmware versions prior to 2.01.078 contain an active debug code vulnerability that allows an attacker to connect via Telnet and gain access to the device. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-65670 MEDIUM POC This Month

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Classroomio
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65239 MEDIUM POC This Month

Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ussd Gateway
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66035 HIGH PATCH CISA GHSA This Week

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-9558 HIGH This Week

There is a potential OOB Write vulnerability in the gen_prov_start function in pb_adv.c. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-9557 HIGH This Week

‭An out-of-bound write can lead to an arbitrary code execution. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-64344 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64335 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64334 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64333 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64332 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64331 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64330 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12571 HIGH This Week

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-46175 HIGH This Week

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-46174 HIGH This Week

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-66020 HIGH PATCH This Week

Valibot helps validate data using a schema. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13735 HIGH This Week

Out-of-bounds Read vulnerability in ASR1903、ASR3901 in ASR Lapwing_Linux on Linux (nr_fw modules). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-66264 HIGH This Week

The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-66269 HIGH This Week

The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-12848 HIGH PATCH This Week

Cross-site scripting (XSS) in Drupal 7.x Webform Multiple File Upload module versions 7.x-1.2 through 7.x-1.6 enables unauthenticated attackers to execute arbitrary JavaScript in victims' browsers by uploading files with malicious filenames to Webform nodes where file type validation is disabled. The vulnerability originates in the third-party fyneworks/multifile library's file name renderer. With EPSS at 0.07% (21st percentile) and no public exploit identified at time of analysis, exploitation probability remains low despite the CVSS 7.0 score.

Drupal PHP XSS File Upload Webform Multiple File Upload
NVD HeroDevs
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-64129 HIGH This Week

Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow
NVD GitHub
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-66265 MEDIUM This Month

CMService.exe creates the C:\\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-59820 MEDIUM PATCH This Month

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-66019 MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.1%
CVE-2021-4472 MEDIUM PATCH This Month

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7449 MEDIUM This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-12653 MEDIUM This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66030 MEDIUM PATCH This Month

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Forge Red Hat
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-9191 MEDIUM This Month

The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-13084 MEDIUM This Month

The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.1
EPSS
0.1%
CVE-2025-9163 MEDIUM This Month

The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-13674 MEDIUM PATCH This Month

BPv7 dissector crash in Wireshark 4.6.0 allows denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Wireshark Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-62728 MEDIUM PATCH This Month

SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Hive
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-65963 MEDIUM This Month

Files is a module for managing files inside spaces and user profiles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-6195 MEDIUM This Month

GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66025 MEDIUM This Month

Caido is a web security auditing toolkit. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-2486 LOW PATCH Monitor

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Rated low severity (CVSS 3.7), this vulnerability is no authentication required.

Authentication Bypass Ubuntu Edk2
NVD
CVSS 4.0
3.7
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy