Skip to main content
CVE-2025-12183 HIGH PATCH This Week

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Java Information Disclosure Red Hat +1
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-66359 HIGH This Week

An issue was discovered in Logpoint before 7.7.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Siem
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-58302 HIGH This Week

Permission control vulnerability in the Settings module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-58303 HIGH This Week

UAF vulnerability in the screen recording framework module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-66384 HIGH This Week

app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-12638 HIGH PATCH This Week

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Python Red Hat
NVD
CVSS 3.0
8.0
EPSS
0.0%
CVE-2025-58310 HIGH This Week

Permission control vulnerability in the distributed component. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Harmonyos
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-13768 HIGH This Week

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Webitr
NVD
CVSS 4.0
7.7
EPSS
0.3%
CVE-2025-51735 HIGH This Week

CSV formula injection vulnerability in HCL Technologies Ltd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Unica
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-58308 HIGH This Week

Vulnerability of improper criterion security check in the call module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-58316 HIGH This Week

DoS vulnerability in the video-related system service module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-13771 HIGH This Week

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webitr
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-13770 HIGH This Week

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webitr
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-13769 HIGH This Week

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webitr
NVD
CVSS 4.0
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy