Skip to main content
CVE-2025-66385 CRITICAL Act Now

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-64314 CRITICAL Act Now

Permission control vulnerability in the memory management module. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Harmonyos
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-12183 HIGH PATCH This Week

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Java Information Disclosure Red Hat +1
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-66359 HIGH This Week

An issue was discovered in Logpoint before 7.7.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Siem
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-58302 HIGH This Week

Permission control vulnerability in the Settings module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-58303 HIGH This Week

UAF vulnerability in the screen recording framework module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-66384 HIGH This Week

app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-12638 HIGH PATCH This Week

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Python Red Hat
NVD
CVSS 3.0
8.0
EPSS
0.0%
CVE-2025-58310 HIGH This Week

Permission control vulnerability in the distributed component. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Harmonyos
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-13768 HIGH This Week

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Webitr
NVD
CVSS 4.0
7.7
EPSS
0.3%
CVE-2025-51735 HIGH This Week

CSV formula injection vulnerability in HCL Technologies Ltd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Unica
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-58308 HIGH This Week

Vulnerability of improper criterion security check in the call module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-58316 HIGH This Week

DoS vulnerability in the video-related system service module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-13771 HIGH This Week

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webitr
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-13770 HIGH This Week

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webitr
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-13769 HIGH This Week

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webitr
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-12143 MEDIUM CISA This Month

Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Abb
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-66361 MEDIUM This Month

An issue was discovered in Logpoint before 7.7.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ssti Siem
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-66360 MEDIUM This Month

An issue was discovered in Logpoint before 7.7.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis Authentication Bypass Privilege Escalation Siem
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-58309 MEDIUM This Month

Permission control vulnerability in the startup recovery module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-58314 MEDIUM This Month

Vulnerability of accessing invalid memory in the component driver module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-13683 MEDIUM This Month

Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.3.8.0; Remote Desktop Manager: through 2025.3.23.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Devolutions Server Remote Desktop Manager Windows
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-58307 MEDIUM This Month

UAF vulnerability in the screen recording framework module. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Information Disclosure Use After Free Harmonyos
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-51736 MEDIUM This Month

File upload vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Unica
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-58305 MEDIUM This Month

Identity authentication bypass vulnerability in the Gallery app. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-58294 MEDIUM This Month

Permission control vulnerability in the print module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-11156 MEDIUM This Month

Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Windows
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-58311 MEDIUM This Month

UAF vulnerability in the USB driver module. Rated medium severity (CVSS 5.8). No vendor patch available.

Memory Corruption Information Disclosure Use After Free Emui Harmonyos
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-51733 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Unica
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-58315 MEDIUM This Month

Permission control vulnerability in the Wi-Fi module. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-59790 MEDIUM This Month

Improper Privilege Management vulnerability in Apache Kvrocks.9.0 through v2.13.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Privilege Escalation Kvrocks
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-51734 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Unica
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-59792 MEDIUM This Month

Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks.0.0 through 2.13.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Kvrocks
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64313 MEDIUM This Month

Denial of service (DoS) vulnerability in the office service. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Race Condition Microsoft Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-64311 MEDIUM This Month

Permission control vulnerability in the Notepad module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-58312 MEDIUM This Month

Permission control vulnerability in the App Lock module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-66371 MEDIUM PATCH This Month

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-66370 MEDIUM This Month

Kivitendo before 3.9.2 allows XXE injection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-64312 MEDIUM This Month

Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-58304 MEDIUM This Month

Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-64315 MEDIUM This Month

Configuration defect vulnerability in the file management module. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-13737 MEDIUM This Month

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66386 MEDIUM This Month

app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD GitHub
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-66382 LOW CISA Monitor

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
2.9
EPSS
0.0%
CVE-2025-66372 LOW PATCH Monitor

Mustang before 2.16.3 allows exfiltrating files via XXE attacks. Rated low severity (CVSS 2.8). No vendor patch available.

XXE
NVD GitHub
CVSS 3.1
2.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy