Skip to main content
ACT NOW CVE-2024-57728 7.2 SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | ACT NOW CVE-2024-57727 7.5 SimpleHelp remote support software contains multiple path traversal vulnerabilities allowing unauthenticated remote attackers to download arbitrary files including server configuration and hashed passwords. | EMERGENCY CVE-2024-57726 9.9 SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | ACT NOW CVE-2025-22968 9.8 An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 42.1%. | ACT NOW CVE-2024-48760 9.8 An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | ACT NOW CVE-2025-21335 7.8 Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability for local privilege escalation, the third of three Hyper-V zero-days exploited in January 2025. | ACT NOW CVE-2025-21334 7.8 Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability allowing local privilege escalation, the second of three Hyper-V zero-days in January 2025. | ACT NOW CVE-2025-21333 7.8 Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow allowing authorized local attackers to escalate privileges, one of three Hyper-V zero-days exploited in January 2025 Patch Tuesday. | ACT NOW CVE-2024-13161 9.8 Ivanti Endpoint Manager contains a third absolute path traversal vulnerability for unauthenticated information disclosure, completing the triple path traversal set in the January 2025 security update. | ACT NOW CVE-2024-13160 9.8 Ivanti Endpoint Manager contains a second absolute path traversal vulnerability for unauthenticated information disclosure, part of the triple path traversal affecting EPM's January 2025 security update. | ACT NOW CVE-2024-13159 9.8 Ivanti Endpoint Manager contains an absolute path traversal vulnerability allowing unauthenticated remote attackers to leak sensitive information from the EPM server, one of three related Ivanti EPM path traversal CVEs. | ACT NOW CVE-2024-12085 7.5 A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%. | ACT NOW CVE-2024-39363 9.6 A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%. | ACT NOW CVE-2024-39288 9.1 A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%. | ACT NOW CVE-2024-37357 9.1 A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%. | ACT NOW CVE-2024-36258 10.0 A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.5%. | ACT NOW CVE-2024-34166 10.0 An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%. | ACT NOW CVE-2024-55591 9.8 FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote attackers to gain super-admin privileges through crafted requests. | ACT NOW CVE-2024-12847 9.8 NETGEAR DGN1000 routers with firmware before 1.1.00.48 contain an unauthenticated remote command execution vulnerability via the setup.cgi endpoint. The vulnerability has been exploited in the wild since at least 2017, notably by the Mirai-derived Reaper/IoTroop botnet for large-scale DDoS operations. | ACT NOW CVE-2024-53704 9.8 SonicWall SonicOS SSLVPN contains an authentication bypass vulnerability allowing remote attackers to bypass authentication mechanisms and gain unauthorized VPN access to protected networks. | ACT NOW CVE-2025-0282 9.0 Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated remote code execution, the second major Ivanti VPN zero-day in twelve months. | ACT NOW CVE-2024-50603 10.0 Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996 contains an OS command injection via improper neutralization of special elements in the /v1/api endpoint, allowing unauthenticated remote code execution. | ACT NOW CVE-2025-21624 9.8 ClipBucket V5 provides open source video hosting with PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.9%. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more
Trending Now See all
Critical Watch See all
Attack Technique Trend
Prediction based on ZDI Disclosures & CVE data · 30 days
Analytics
Vendor Today – Quick Filter
Techniques
results
Sort:
Base Score
Vector String
Attack Vector (AV)
Attack Complexity (AC)
Privileges Required (PR)
User Interaction (UI)
Scope (S)
Confidentiality (C)
Integrity (I)
Availability (A)
0 | 3.9| 6.9| 8.9| 10
NONE LOW MEDIUM HIGH CRITICAL
CVSS Filter CVEs match

No CVEs match the selected criteria

Loading...
Incoming 20
Pre-NVD – not yet scored
Linux Kernel
Linux Kernel
Browse older vulnerabilities in Archive
Live Feed auto-refresh 60s
Track CVEs for your stack Sign up free →

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy