Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-9638 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0. | 4.8 | 0.03% | 2025-12-09 | 2025-12-11 |
| CVE-2025-9624 | A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4. | 8.3 | 0.02% | 2025-11-25 | 2025-12-15 |
| CVE-2025-9375 | XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1. NOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse() delegates element-name handling to Python's xml.sax.saxutils.XMLGenerator, and that XMLGenerator should be the component performing validation. | 6.9 | 0.05% | 2025-09-01 | 2026-04-20 |
| CVE-2025-8101 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2. | 8.8 | 0.67% | 2025-07-25 | 2026-04-15 |
| CVE-2025-8066 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2. | 4.8 | 0.05% | 2025-08-15 | 2026-04-15 |
| CVE-2025-7969 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-it: 14.1.0. NOTE: the Supplier does not consider this issue to be a vulnerability. | 6.9 | 0.05% | 2025-08-21 | 2025-12-22 |
| CVE-2025-7961 | Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0. | 6.9 | 0.02% | 2025-08-15 | 2026-04-15 |
| CVE-2025-7635 | Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. | 8.7 | 0.02% | 2025-09-09 | 2025-12-22 |
| CVE-2025-7404 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1. | 5.9 | 2.33% | 2025-07-24 | 2026-01-16 |
| CVE-2025-6998 | ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1. | 8.7 | 0.20% | 2025-07-24 | 2026-04-15 |
| CVE-2025-54084 | OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. | 8.5 | 0.23% | 2025-09-09 | 2026-04-15 |
| CVE-2025-54083 | Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows admin access to the web interface.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. | 5.1 | 0.02% | 2025-09-09 | 2026-04-15 |
| CVE-2025-53914 | Excessive Privileges vulnerability in Calix GigaCenter ONT (Broadcom SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G. | 7.0 | 0.02% | 2025-09-09 | 2026-04-15 |
| CVE-2025-53913 | Excessive Privileges vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G. | 7.0 | 0.02% | 2025-09-09 | 2026-04-15 |
| CVE-2025-52842 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Laundry on Linux, MacOS allows Account Takeover. This issue affects Laundry: 2.3.0. | 5.1 | 0.18% | 2025-07-02 | 2025-12-23 |
| CVE-2025-52841 | Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0. | 8.5 | 0.10% | 2025-07-02 | 2025-12-23 |
| CVE-2025-22624 | FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php. | 5.1 | 0.26% | 2025-02-27 | 2026-04-15 |
| CVE-2025-22623 | Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php. | 5.1 | 0.29% | 2025-03-06 | 2026-04-15 |
| CVE-2025-22622 | Age Verification for your checkout page. Verify your customer's identity 1.20.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/class-wc-integration-agechecker-integration.php. | 4.3 | 0.27% | 2025-02-19 | 2026-04-15 |
| CVE-2025-15265 | An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a <script> block without HTML‑safe escaping, allowing </script> to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for session theft and account compromise. This issue affects Svelte: from 5.46.0 before 5.46.3. | 5.3 | 0.04% | 2026-01-15 | 2026-01-23 |