EMERGENCY CVE-2025-24085 10.0 Apple CoreMedia contains a use-after-free vulnerability allowing malicious applications to elevate privileges, exploited in the wild against iOS versions before iOS 17.2 as part of targeted surveillance operations. | ACT NOW CVE-2025-22604 9.1 Cacti versions prior to 1.2.29 contain an authenticated command injection through the SNMP result parser. By injecting malformed OIDs into SNMP responses, authenticated users can execute arbitrary system commands when the results are processed by the ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes() functions. | ACT NOW CVE-2025-0411 7.0 7-Zip contains a Mark-of-the-Web bypass vulnerability allowing attackers to circumvent Windows security warnings when extracting files from malicious archives, exploited in campaigns targeting Ukrainian organizations. | ACT NOW CVE-2025-23006 9.8 SonicWall SMA1000 AMC and CMC contain a pre-authentication deserialization vulnerability allowing unauthenticated remote attackers to execute arbitrary OS commands on the management appliance. | ACT NOW CVE-2025-23209 8.0 Craft CMS 4 and 5 contain a remote code execution vulnerability exploitable when the application's security key has been compromised, allowing attackers with the key to execute arbitrary code on the server. | ACT NOW CVE-2024-57727 7.5 SimpleHelp remote support software contains multiple path traversal vulnerabilities allowing unauthenticated remote attackers to download arbitrary files including server configuration and hashed passwords. | ACT NOW CVE-2025-22968 9.8 An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 42.1%. | ACT NOW CVE-2024-48760 9.8 An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | ACT NOW CVE-2025-21335 7.8 Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability for local privilege escalation, the third of three Hyper-V zero-days exploited in January 2025. | ACT NOW CVE-2025-21334 7.8 Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability allowing local privilege escalation, the second of three Hyper-V zero-days in January 2025. | ACT NOW CVE-2025-21333 7.8 Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow allowing authorized local attackers to escalate privileges, one of three Hyper-V zero-days exploited in January 2025 Patch Tuesday. | ACT NOW CVE-2024-13161 9.8 Ivanti Endpoint Manager contains a third absolute path traversal vulnerability for unauthenticated information disclosure, completing the triple path traversal set in the January 2025 security update. | ACT NOW CVE-2024-13160 9.8 Ivanti Endpoint Manager contains a second absolute path traversal vulnerability for unauthenticated information disclosure, part of the triple path traversal affecting EPM's January 2025 security update. | ACT NOW CVE-2024-13159 9.8 Ivanti Endpoint Manager contains an absolute path traversal vulnerability allowing unauthenticated remote attackers to leak sensitive information from the EPM server, one of three related Ivanti EPM path traversal CVEs. | ACT NOW CVE-2024-39363 9.6 A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%. | ACT NOW CVE-2024-39288 9.1 A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%. | ACT NOW CVE-2024-37357 9.1 A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%. | ACT NOW CVE-2024-36258 10.0 A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.5%. | ACT NOW CVE-2024-34166 10.0 An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%. | ACT NOW CVE-2024-55591 9.8 FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote attackers to gain super-admin privileges through crafted requests. | ACT NOW CVE-2024-12847 9.8 NETGEAR DGN1000 routers with firmware before 1.1.00.48 contain an unauthenticated remote command execution vulnerability via the setup.cgi endpoint. The vulnerability has been exploited in the wild since at least 2017, notably by the Mirai-derived Reaper/IoTroop botnet for large-scale DDoS operations. | ACT NOW CVE-2024-53704 9.8 SonicWall SonicOS SSLVPN contains an authentication bypass vulnerability allowing remote attackers to bypass authentication mechanisms and gain unauthorized VPN access to protected networks. | ACT NOW CVE-2025-0282 9.0 Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated remote code execution, the second major Ivanti VPN zero-day in twelve months. | ACT NOW CVE-2024-50603 10.0 Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996 contains an OS command injection via improper neutralization of special elements in the /v1/api endpoint, allowing unauthenticated remote code execution. | ACT NOW CVE-2025-21624 9.8 ClipBucket V5 provides open source video hosting with PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.9%. |

EMERGENCY CVE-2025-24085 10.0 Apple CoreMedia contains a use-after-free vulnerability allowing malicious applications to elevate privileges, exploited in the wild against iOS versions before iOS 17.2 as part of targeted surveillance operations. | ACT NOW CVE-2025-22604 9.1 Cacti versions prior to 1.2.29 contain an authenticated command injection through the SNMP result parser. By injecting malformed OIDs into SNMP responses, authenticated users can execute arbitrary system commands when the results are processed by the ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes() functions. | ACT NOW CVE-2025-0411 7.0 7-Zip contains a Mark-of-the-Web bypass vulnerability allowing attackers to circumvent Windows security warnings when extracting files from malicious archives, exploited in campaigns targeting Ukrainian organizations. | ACT NOW CVE-2025-23006 9.8 SonicWall SMA1000 AMC and CMC contain a pre-authentication deserialization vulnerability allowing unauthenticated remote attackers to execute arbitrary OS commands on the management appliance. | ACT NOW CVE-2025-23209 8.0 Craft CMS 4 and 5 contain a remote code execution vulnerability exploitable when the application's security key has been compromised, allowing attackers with the key to execute arbitrary code on the server. | ACT NOW CVE-2024-57727 7.5 SimpleHelp remote support software contains multiple path traversal vulnerabilities allowing unauthenticated remote attackers to download arbitrary files including server configuration and hashed passwords. | ACT NOW CVE-2025-22968 9.8 An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 42.1%. | ACT NOW CVE-2024-48760 9.8 An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | ACT NOW CVE-2025-21335 7.8 Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability for local privilege escalation, the third of three Hyper-V zero-days exploited in January 2025. | ACT NOW CVE-2025-21334 7.8 Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability allowing local privilege escalation, the second of three Hyper-V zero-days in January 2025. | ACT NOW CVE-2025-21333 7.8 Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow allowing authorized local attackers to escalate privileges, one of three Hyper-V zero-days exploited in January 2025 Patch Tuesday. | ACT NOW CVE-2024-13161 9.8 Ivanti Endpoint Manager contains a third absolute path traversal vulnerability for unauthenticated information disclosure, completing the triple path traversal set in the January 2025 security update. | ACT NOW CVE-2024-13160 9.8 Ivanti Endpoint Manager contains a second absolute path traversal vulnerability for unauthenticated information disclosure, part of the triple path traversal affecting EPM's January 2025 security update. | ACT NOW CVE-2024-13159 9.8 Ivanti Endpoint Manager contains an absolute path traversal vulnerability allowing unauthenticated remote attackers to leak sensitive information from the EPM server, one of three related Ivanti EPM path traversal CVEs. | ACT NOW CVE-2024-39363 9.6 A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%. | ACT NOW CVE-2024-39288 9.1 A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%. | ACT NOW CVE-2024-37357 9.1 A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%. | ACT NOW CVE-2024-36258 10.0 A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.5%. | ACT NOW CVE-2024-34166 10.0 An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%. | ACT NOW CVE-2024-55591 9.8 FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote attackers to gain super-admin privileges through crafted requests. | ACT NOW CVE-2024-12847 9.8 NETGEAR DGN1000 routers with firmware before 1.1.00.48 contain an unauthenticated remote command execution vulnerability via the setup.cgi endpoint. The vulnerability has been exploited in the wild since at least 2017, notably by the Mirai-derived Reaper/IoTroop botnet for large-scale DDoS operations. | ACT NOW CVE-2024-53704 9.8 SonicWall SonicOS SSLVPN contains an authentication bypass vulnerability allowing remote attackers to bypass authentication mechanisms and gain unauthorized VPN access to protected networks. | ACT NOW CVE-2025-0282 9.0 Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated remote code execution, the second major Ivanti VPN zero-day in twelve months. | ACT NOW CVE-2024-50603 10.0 Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996 contains an OS command injection via improper neutralization of special elements in the /v1/api endpoint, allowing unauthenticated remote code execution. | ACT NOW CVE-2025-21624 9.8 ClipBucket V5 provides open source video hosting with PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.9%. |