Skip to main content
CVE-2025-15431 HIGH POC This Week

A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. [CVSS 8.8 HIGH]

Buffer Overflow 512w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-15430 HIGH POC This Week

A vulnerability was detected in UTT 进取 512W 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formFtpServerShareDirSelcet. [CVSS 8.8 HIGH]

Buffer Overflow 512w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-15429 HIGH POC This Week

A security vulnerability has been detected in UTT 进取 512W 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formConfigCliForEngineerOnly. [CVSS 8.8 HIGH]

Buffer Overflow 512w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-15428 HIGH POC This Week

A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. [CVSS 8.8 HIGH]

Buffer Overflow 512w Firmware
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-21449 HIGH POC PATCH This Week

Bagisto eCommerce platform versions before 2.3.10 suffer from server-side template injection through user-controllable first and last name fields, allowing low-privilege authenticated users to achieve remote code execution. This high-severity vulnerability (CVSS 8.8) affects confidentiality, integrity, and availability with public exploit code available and no patch currently deployed. Organizations running affected Bagisto instances should immediately upgrade to version 2.3.10 or later.

Laravel Bagisto
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-69414 HIGH POC This Week

Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token. [CVSS 8.5 HIGH]

Authentication Bypass Media Server
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-21451 HIGH POC PATCH This Week

Stored XSS in Bagisto's CMS page editor allows authenticated attackers to bypass input sanitization by crafting malicious HTTP requests, enabling persistent JavaScript injection that executes when administrators view or edit pages. Public exploit code exists for this vulnerability, creating high-risk scenarios including admin account compromise and backend system hijacking. Bagisto versions prior to 2.3.10 are affected, and no patch is currently available for the underlying Laravel platform.

Laravel XSS Bagisto
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-21433 HIGH POC This Week

Server-side request forgery (SSRF) in Emlog up to version 2.5.19 allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files to the media upload endpoint, enabling internal network reconnaissance and potential credential exposure when the server processes the files. Public exploit code exists for this vulnerability and no patches are currently available. The flaw affects all Emlog installations accepting SVG uploads and can be exploited without user interaction once an attacker gains authenticated access.

SSRF Emlog
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-67160 HIGH POC This Week

An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal. [CVSS 7.5 HIGH]

Path Traversal Pa4 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-67269 HIGH POC PATCH This Week

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. [CVSS 7.5 HIGH]

Integer Overflow Denial Of Service Gpsd
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-67158 HIGH POC This Week

An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request. [CVSS 7.5 HIGH]

Authentication Bypass I6032w Fhw Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-21452 HIGH POC PATCH This Week

MessagePack for Java versions prior to 0.9.11 are vulnerable to denial-of-service attacks through malicious .msgpack files that exploit unbounded heap allocation when deserializing EXT32 objects. An unauthenticated attacker can craft a small payload with attacker-controlled extension lengths that causes the library to attempt allocating excessive memory, leading to JVM heap exhaustion and service unavailability. Public exploit code exists for this vulnerability; organizations using affected versions should update immediately.

Java Deserialization Messagepack
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-67159 HIGH POC This Week

Pa4 Firmware versions up to 1.12.37-20240124 is affected by cleartext transmission of sensitive information (CVSS 7.5).

Information Disclosure Pa4 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69415 HIGH POC This Week

In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account. [CVSS 7.1 HIGH]

Information Disclosure Media Server
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-21447 HIGH POC PATCH This Week

Bagisto is an open source laravel eCommerce platform. [CVSS 7.1 HIGH]

Laravel Bagisto
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-64120 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1. [CVSS 8.8 HIGH]

Command Injection Nplatform
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-52872 HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service Quts Hero Qts
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-52864 HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-52863 HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-62842 HIGH This Week

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. [CVSS 7.8 HIGH]

Information Disclosure Hybrid Backup Sync
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59384 HIGH This Week

A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 7.5 HIGH]

Path Traversal Qfiling
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9110 HIGH This Week

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. [CVSS 7.5 HIGH]

Qnap Quts Hero Qts
NVD
CVSS 3.1
7.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy