Skip to main content
CVE-2025-22467 CRITICAL Emergency

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 42.0% and no vendor patch available.

Ivanti Buffer Overflow RCE Stack Overflow Connect Secure
NVD
CVSS 3.1
9.9
EPSS
42.0%
CVE-2024-47908 CRITICAL Emergency

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 44.0% and no vendor patch available.

Command Injection RCE Ivanti Cloud Services Appliance
NVD
CVSS 3.1
9.1
EPSS
44.0%
CVE-2022-3180 CRITICAL Act Now

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.5% and no vendor patch available.

WordPress Authentication Bypass Privilege Escalation Wpgateway
NVD
CVSS 3.1
9.8
EPSS
23.5%
CVE-2024-10644 CRITICAL Act Now

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
9.1
EPSS
6.8%
CVE-2025-1044 CRITICAL Act Now

Logsign Unified SecOps Platform Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Unified Secops Platform
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-0181 CRITICAL Act Now

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-0180 CRITICAL Act Now

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-26410 CRITICAL Act Now

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-1144 CRITICAL Act Now

School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-25530 CRITICAL Act Now

Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway 1.0 due to the lack of length verification, which is related to saving parental control configuration information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-24973 CRITICAL Act Now

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-1126 CRITICAL Act Now

A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-24434 CRITICAL PATCH Act Now

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Privilege Escalation Commerce Commerce B2b +1
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-21198 CRITICAL PATCH Act Now

Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Microsoft RCE Authentication Bypass Hpc Pack 2016 Hpc Pack 2019
NVD
CVSS 3.1
9.0
EPSS
0.2%
CVE-2024-12366 CRITICAL POC This Week

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
5.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy