CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2025-9377(1)	High	15.6%	TP-LinkMultiple Routers	TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Sep 3, 2025	KEV
CVE-2020-24363	High	11.1%	TP-LinkTL-WA855RE	TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Sep 2, 2025	KEV
CVE-2025-55177	High	0.9%	Meta PlatformsWhatsApp	Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.	Sep 2, 2025	KEV
CVE-2025-57819	High	70.5%	SangomaFreePBX	Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.	Aug 29, 2025	KEV
CVE-2025-7775(2)	High	5.7%	CitrixNetScaler	Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service.	Aug 26, 2025	KEV
CVE-2024-8069	High	48.3%	CitrixSession Recording	Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server.	Aug 25, 2025	KEV
CVE-2025-48384	High	0.5%	GitGit	Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files.	Aug 25, 2025	KEV
CVE-2024-8068	High	8.1%	CitrixSession Recording	Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.	Aug 25, 2025	KEV
CVE-2025-43300	High	0.7%	AppleiOS, iPadOS, and macOS	Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.	Aug 21, 2025	KEV
CVE-2025-54948	High	5.1%	Trend MicroApex One	Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.	Aug 18, 2025	KEV
CVE-2025-8876	High	7.8%	N-ableN-Central	N-able N-Central contains a command injection vulnerability via improper sanitization of user input.	Aug 13, 2025	KEV
CVE-2025-8875	High	2.6%	N-ableN-Central	N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution.	Aug 13, 2025	KEV
CVE-2013-3893	High	81.2%	MicrosoftInternet Explorer	Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Aug 12, 2025	KEV
CVE-2025-8088	High	6.8%	RARLABWinRAR	RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.	Aug 12, 2025	KEV
CVE-2007-0671	High	66.8%	MicrosoftOffice	Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system.	Aug 12, 2025	KEV
CVE-2020-25079	High	48.3%	D-LinkDCS-2530L and DCS-2670L Devices	D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Aug 5, 2025	KEV
CVE-2022-40799	High	37.1%	D-LinkDNR-322L	D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Aug 5, 2025	KEV
CVE-2020-25078	High	94.1%	D-LinkDCS-2530L and DCS-2670L Devices	D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Aug 5, 2025	KEV
CVE-2025-20337	High	0.7%	CiscoIdentity Services Engine	Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.	Jul 28, 2025	KEV
CVE-2023-2533	High	36.3%	PaperCutNG/MF	PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.	Jul 28, 2025	KEV

CVE-2025-9377KEV

High

TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

TP-LinkEPSS 15.6%

CVE-2020-24363KEV

High

TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

TP-LinkEPSS 11.1%

CVE-2025-55177KEV

High

Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.

Meta PlatformsEPSS 0.9%

CVE-2025-57819KEV

High

Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.

SangomaEPSS 70.5%

CVE-2025-7775KEV

High

Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service.

CitrixEPSS 5.7%

CVE-2024-8069KEV

High

Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server.

CitrixEPSS 48.3%

CVE-2025-48384KEV

High

Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files.

GitEPSS 0.5%

CVE-2024-8068KEV

High

Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.

CitrixEPSS 8.1%

CVE-2025-43300KEV

High

Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.

AppleEPSS 0.7%

CVE-2025-54948KEV

High

Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

Trend MicroEPSS 5.1%

CVE-2025-8876KEV

High

N-able N-Central contains a command injection vulnerability via improper sanitization of user input.

N-ableEPSS 7.8%

CVE-2025-8875KEV

High

N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution.

N-ableEPSS 2.6%

CVE-2013-3893KEV

High

Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

MicrosoftEPSS 81.2%

CVE-2025-8088KEV

High

RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.

RARLABEPSS 6.8%

CVE-2007-0671KEV

High

Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system.

MicrosoftEPSS 66.8%

CVE-2020-25079KEV

High

D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

D-LinkEPSS 48.3%

CVE-2022-40799KEV

High

D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

D-LinkEPSS 37.1%

CVE-2020-25078KEV

High

D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

D-LinkEPSS 94.1%

CVE-2025-20337KEV

High

Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.

CiscoEPSS 0.7%

CVE-2023-2533KEV

High

PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.

PaperCutEPSS 36.3%

7 8 9 10 11 12 13