Skip to main content
CVE-2025-24893 CRITICAL POC KEV PATCH THREAT Act Now

XWiki Platform allows unauthenticated remote code execution through the SolrSearch endpoint, enabling guests to execute arbitrary code and compromise the entire XWiki installation.

RCE Code Injection Xwiki
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
93.9%
Threat
7.8
CVE-2025-0868 CRITICAL POC THREAT Emergency

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.0%.

Python RCE Code Injection
NVD GitHub Exploit-DB
CVSS 4.0
9.3
EPSS
16.0%
CVE-2024-54756 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2025-25668 CRITICAL POC Act Now

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25667 CRITICAL POC Act Now

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25664 CRITICAL POC Act Now

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25663 CRITICAL POC Act Now

A vulnerability was found in Tenda AC8V4 V16.03.34.06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27096 CRITICAL POC Act Now

WeGIA is a Web Manager for Institutions with a focus on Portuguese language. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.4%
CVE-2024-13789 CRITICAL Act Now

The ravpage plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.31 via deserialization of untrusted input from the 'paramsv2' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress PHP Deserialization
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2025-25675 CRITICAL Act Now

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-37361 CRITICAL Act Now

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2024-57401 CRITICAL Act Now

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-25678 CRITICAL Act Now

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow I12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25676 CRITICAL Act Now

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow I12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25674 CRITICAL Act Now

Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25662 CRITICAL Act Now

Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow O4 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-1265 CRITICAL Act Now

An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
9.4
EPSS
0.7%
CVE-2025-20059 CRITICAL Act Now

Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.10.3, through 2023.11.1, through 2024.9. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
CVSS 4.0
9.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy