Welcome To CVE Radar
Discover trending vulnerabilities, explore attack vectors, exploits, and security details
CVE-2025-29824
Microsoft
7.8/ 10
CVSS Score
70/ 100
SVRS Score
5.04M
Audience
102
Social Media
76
News
0
Repos
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-27840
Espressif
6.8/ 10
CVSS Score
73/ 100
SVRS Score
4.49M
Audience
38
Social Media
0
News
2
Repos
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
CVE-2025-31201
6.8/ 10
CVSS Score
68/ 100
SVRS Score
4.21M
Audience
39
Social Media
27
News
0
Repos
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
CVE-2025-31200
7.5/ 10
CVSS Score
76/ 100
SVRS Score
4.16M
Audience
38
Social Media
29
News
0
Repos
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
CVE-2025-30401
6.7/ 10
CVSS Score
62/ 100
SVRS Score
4.03M
Audience
38
Social Media
28
News
0
Repos
A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. We have not seen evidence of exploitation in the wild.
CVE-2025-43864
7.5/ 10
CVSS Score
84/ 100
SVRS Score
4M
Audience
21
Social Media
1
News
1
Repos
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this allows the response containing the error to be cached, resulting in a cache poisoning that strongly impacts the availability of the application. This issue has been patched in version 7.5.2.
Extended Threat Intelligence
Free Trial

Stay ahead with proactive cyber threat warnings

Discover how SOCRadar's all-in-one platform can help protect your digital assets with extended threat intelligence, digital risk protection, and attack surface management.

CVE-2025-21204
7.8/ 10
CVSS Score
77/ 100
SVRS Score
3.98M
Audience
31
Social Media
19
News
0
Repos
Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
CVE-2025-43865
8.2/ 10
CVSS Score
91/ 100
SVRS Score
3.98M
Audience
19
Social Media
1
News
0
Repos
React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. This issue has been patched in version 7.5.2.
CVE-2025-31137
7.5/ 10
CVSS Score
68/ 100
SVRS Score
3.95M
Audience
21
Social Media
0
News
1
Repos
React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.
CVE-2025-26633
Microsoft
7.0/ 10
CVSS Score
64/ 100
SVRS Score
3.86M
Audience
73
Social Media
9
News
0
Repos
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-31324
10.0/ 10
CVSS Score
96/ 100
SVRS Score
3.76M
Audience
39
Social Media
13
News
6
Repos
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
CVE-2021-35587
Oracle
9.8/ 10
CVSS Score
94/ 100
SVRS Score
3.31M
Audience
16
Social Media
8
News
0
Repos
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2025-2945
9.9/ 10
CVSS Score
84/ 100
SVRS Score
3.29M
Audience
11
Social Media
18
News
0
Repos
Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2.
CVE-2025-2894
6.6/ 10
CVSS Score
64/ 100
SVRS Score
3.01M
Audience
3
Social Media
2
News
0
Repos
The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.
CVE-2025-21535
9.8/ 10
CVSS Score
30/ 100
SVRS Score
2.96M
Audience
3
Social Media
0
News
0
Repos
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2025-0401
5.3/ 10
CVSS Score
55/ 100
SVRS Score
2.86M
Audience
3
Social Media
0
News
0
Repos
A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-46805
Ivanti
8.2/ 10
CVSS Score
52/ 100
SVRS Score
2.6M
Audience
2
Social Media
12
News
0
Repos
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
CVE-2025-31160
2.9/ 10
CVSS Score
35/ 100
SVRS Score
2.58M
Audience
8
Social Media
2
News
0
Repos
atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.
CVE-2025-26512
9.9/ 10
CVSS Score
84/ 100
SVRS Score
2.27M
Audience
5
Social Media
2
News
0
Repos
SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.
CVE-2025-2783
8.3/ 10
CVSS Score
82/ 100
SVRS Score
1.75M
Audience
53
Social Media
17
News
0
Repos
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence