ACT NOW
CVE-2025-58360
8.2
GeoServer contains an XXE vulnerability in the WMS GetMap operation allowing unauthenticated attackers to read server files and perform SSRF attacks.
|
ACT NOW
CVE-2025-13315
9.3
Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API bypass. The exposed log contains the administrator's username and encrypted password, which can be decrypted using hard-coded keys (CVE-2025-13316) to gain full administrative control.
|
ACT NOW
CVE-2025-58034
7.2
Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized commands on the web application firewall.
|
ACT NOW
CVE-2025-13223
8.8
Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day in 2025, exploited in targeted attacks.
|
ACT NOW
CVE-2025-64446
9.8
Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative commands through crafted HTTP/HTTPS requests.
|
ACT NOW
CVE-2025-62215
7.0
Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization.
|
ACT NOW
CVE-2025-12480
9.1
Triofox versions before 16.7.10368.56560 contain an improper access control flaw allowing access to initial setup pages after setup is complete, enabling reconfiguration attacks.
|
ACT NOW
CVE-2025-34299
9.3
Monsta FTP web-based file manager versions 2.11 and earlier allow unauthenticated arbitrary file uploads. The vulnerability enables attackers to upload malicious files from a compromised FTP server, which are then executed on the Monsta FTP server, achieving remote code execution.
|
ACT NOW
CVE-2025-64328
8.6
FreePBX Endpoint Manager contains a post-authentication command injection via the testconnection/check_ssh_connect function, allowing authenticated users to execute OS commands.
|
ACT NOW
CVE-2025-11953
9.8
React Native Metro Development Server binds to external interfaces by default and contains an OS command injection endpoint, allowing unauthenticated network attackers to execute arbitrary code.
|
Today's Vulnerabilities Vulnerabilities
Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.
CVEs published in review
Track vulnerabilities that matter to your stack
Personalized alerts, dashboards, and weekly digests – free.
Trending Now
🚨
GHSA
MAL
CVSS
NEWS
No trending vulnerabilities right now
Critical Watch
KEV
POC
CVSS
No critical watch entries today
Attack Technique Trend
Prediction based on ZDI Disclosures & CVE data
· 30 days
Vendor Today – Quick Filter
Techniques
POC
CISA KEV
PATCH
UNPATCHED
results
Sort:
Base Score
Vector String
Attack Vector (AV)
Attack Complexity (AC)
Privileges Required (PR)
User Interaction (UI)
Scope (S)
Confidentiality (C)
Integrity (I)
Availability (A)
0
|
3.9|
6.9|
8.9|
10
NONE
LOW
MEDIUM
HIGH
CRITICAL
CVSS Filter
– CVEs match
No CVEs match the selected criteria
Loading...
No vulnerabilities found for this date.
Data may not have been fetched yet.
Live Feed
auto-refresh 60s
KEV
POC
No new CVEs in the last 2 hours. Check back soon.