Skip to main content
CVE-2024-9643 CRITICAL POC THREAT Emergency

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.1% and no vendor patch available.

Authentication Bypass F3X36 Firmware
NVD
CVSS 3.1
9.8
EPSS
24.1%
Threat
4.2
CVE-2025-0364 CRITICAL POC THREAT Emergency

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.3%.

PHP RCE Bigant Server
NVD GitHub
CVSS 3.1
9.8
EPSS
22.3%
CVE-2024-48445 CRITICAL POC THREAT Emergency

An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%.

RCE Authentication Bypass
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
11.9%
CVE-2025-0890 CRITICAL Act Now

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.8% and no vendor patch available.

Zyxel Authentication Bypass Vmg4325 B10A Firmware Sbg3500 N000 Firmware Vmg1312 B10A Firmware +11
NVD
CVSS 3.1
9.8
EPSS
23.8%
CVE-2025-24964 CRITICAL POC PATCH Act Now

Vitest is a testing framework powered by Vite. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Vitest
NVD GitHub
CVSS 3.1
9.6
EPSS
4.4%
CVE-2025-24971 CRITICAL Act Now

DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.1% and no vendor patch available.

Command Injection RCE File Upload
NVD GitHub
CVSS 4.0
9.5
EPSS
13.1%
CVE-2025-22204 CRITICAL Act Now

Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Sourcerer Joomla
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2025-1009 CRITICAL PATCH Act Now

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Mozilla Denial Of Service
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-24677 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion.0.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2025-1020 CRITICAL PATCH Act Now

Memory safety bugs present in Firefox 134 and Thunderbird 134. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Mozilla
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-0960 CRITICAL Act Now

AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD
CVSS 4.0
9.3
EPSS
3.0%
CVE-2025-1016 CRITICAL PATCH Act Now

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Mozilla
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-1017 CRITICAL PATCH Act Now

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Mozilla
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-22699 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Traveler Code.1.0. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2024-9644 CRITICAL POC This Week

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass F3X36 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy