Skip to main content
CVE-2025-25570 CRITICAL POC THREAT Emergency

Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 45.9% and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
45.9%
Threat
4.8
CVE-2025-22952 CRITICAL POC PATCH THREAT Act Now

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.0%.

SSRF Memos Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
35.0%
Threat
4.5
CVE-2025-26325 CRITICAL POC Act Now

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Shopxo
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-55160 CRITICAL POC Act Now

GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gfast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-53944 CRITICAL Act Now

An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-51138 CRITICAL Act Now

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Vigor3912 Firmware Vigor2620 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-51139 CRITICAL Act Now

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Vigor2620 Firmware Vigorlte200 Firmware Vigor2860 Firmware +20
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-38292 CRITICAL Act Now

In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Privilege Escalation Xiq Se
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-36047 CRITICAL Act Now

Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nios
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-36046 CRITICAL Act Now

Infoblox NIOS through 8.6.4 executes with more privileges than required. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nios
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-37566 CRITICAL Act Now

Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nios
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-1751 CRITICAL Act Now

A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-13148 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.01.2025. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-37567 CRITICAL Act Now

Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nios
NVD
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy