437
CVEs
7
Critical
111
High
0
KEV
28
PoC
1
Unpatched C/H
98.2%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
7
HIGH
111
MEDIUM
84
LOW
9
Monthly CVE Trend
Affected Products (30)
Ubuntu
1061
Linux Kernel
917
Null Pointer Dereference
190
Debian Linux
169
Memory Corruption
137
Use After Free
90
Chrome
55
Race Condition
40
Integer Overflow
23
Heap Overflow
21
Python
19
Windows
15
Android
11
PHP
10
Htslib
10
MongoDB
9
Stack Overflow
9
Enterprise Linux
8
Firefox
8
Docker
8
Lxd
7
Juju
7
Openshift Container Platform
6
Mattermost Server
6
Nextcloud
5
Redis
5
Java
5
Django
5
Open Redirect
5
Streaming Media
5
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-66570 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
|
| CVE-2025-66399 | Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29. | HIGH | 8.8 | 0.4% | 64 |
PoC
|
| CVE-2025-64775 | Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. | HIGH | 7.5 | 0.1% | 58 |
PoC
|
| CVE-2025-13654 | A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read. | HIGH | 7.5 | 0.1% | 58 |
PoC
|
| CVE-2025-65637 | A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged. | HIGH | 7.5 | 0.0% | 58 |
PoC
|
| CVE-2025-66293 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later. | HIGH | 7.1 | 0.1% | 56 |
PoC
|
| CVE-2026-34156 | Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated low-privilege attackers to escape Node.js vm sandbox and execute arbitrary commands as root inside Docker containers. The vulnerability exploits exposed WritableWorkerStdio stream objects in the sandbox console to traverse the prototype chain, access the host-realm Function constructor, load unrestricted Node.js modules (child_process), and spawn system commands. Confirmed exploited with reverse shell access, database credential theft (DB_PASSWORD, INIT_ROOT_PASSWORD), and arbitrary filesystem operations. EPSS data not available; public exploit code exists with detailed proof-of-concept demonstrating root shell access in nocobase/nocobase:latest Docker image. Critical 10.0 CVSS score reflects network-exploitable, low-complexity attack with complete confidentiality, integrity, and availability impact plus scope change (container escape implications). | CRITICAL | 9.9 | 5.2% | 55 |
|
| CVE-2025-65404 | A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream. | MEDIUM | 6.5 | 0.1% | 53 |
PoC
|
| CVE-2025-65405 | A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file. | MEDIUM | 6.5 | 0.1% | 53 |
PoC
|
| CVE-2025-65406 | A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file. | MEDIUM | 6.5 | 0.1% | 53 |
PoC
|
| CVE-2025-65408 | A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file. | MEDIUM | 6.5 | 0.1% | 53 |
PoC
|
| CVE-2025-65407 | A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream. | MEDIUM | 6.5 | 0.1% | 53 |
PoC
|
| CVE-2025-64527 | Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS fetch fails, onJwksError() callback triggers processing of the second token, which calls fetch() again on the same fetcher object. The original callback's reset() then clears the second fetch's state (receiver_ and request_) which causes a crash when the async HTTP response arrives. | MEDIUM | 6.5 | 0.0% | 53 |
PoC
|
| CVE-2025-65187 | A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed. | MEDIUM | 6.1 | 0.1% | 51 |
PoC
|
| CVE-2025-63499 | Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter. | MEDIUM | 6.1 | 0.0% | 51 |
PoC
|