Skip to main content
CVE-2025-21415 CRITICAL This Week

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Ai Face Service
NVD
CVSS 3.1
9.9
EPSS
3.7%
CVE-2024-57665 CRITICAL POC Act Now

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Jfinalcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-0851 CRITICAL PATCH This Week

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.7% and no vendor patch available.

Java Path Traversal
NVD GitHub
CVSS 4.0
9.3
EPSS
30.7%
CVE-2024-57395 CRITICAL This Week

Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-54852 CRITICAL POC Act Now

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection LDAP Teedy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-20061 CRITICAL This Week

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-20014 CRITICAL This Week

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-0798 CRITICAL POC Act Now

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Escan Anti Virus
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy