EMERGENCY CVE-2025-26319 9.8 FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Unauthenticated attackers can upload malicious files including executable scripts, achieving remote code execution on the Flowise server. | ACT NOW CVE-2025-22226 7.1 VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host. | ACT NOW CVE-2025-22225 8.2 VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes, enabling escape from the VMX sandbox to the ESXi kernel. | EMERGENCY CVE-2025-22224 9.3 VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrators on VMs to escape the sandbox and execute code as the VMX process on the host. | ACT NOW CVE-2024-48248 8.6 NAKIVO Backup & Replication contains an absolute path traversal allowing unauthenticated remote attackers to read arbitrary files, including configuration files with cleartext credentials for physical discovery operations. | ACT NOW CVE-2025-26264 8.8 GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.5%. | ACT NOW CVE-2025-22952 9.8 elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.0%. | ACT NOW CVE-2024-13869 7.2 The Migration, Backup, Staging - WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_files' function in all. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%. | ACT NOW CVE-2025-24893 9.8 XWiki Platform allows unauthenticated remote code execution through the SolrSearch endpoint, enabling guests to execute arbitrary code and compromise the entire XWiki installation. | EMERGENCY CVE-2025-0868 9.3 A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.0%. | ACT NOW CVE-2025-24989 8.2 Microsoft Power Pages contains an improper access control vulnerability allowing unauthenticated attackers to elevate privileges and bypass user registration controls over the network. | EMERGENCY CVE-2024-57049 9.8 A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.8%. | ACT NOW CVE-2024-57046 8.8 Netgear DGN2200 router firmware v1.0.0.46 and earlier contains an authentication bypass. By appending ?x=1.gif to any URL, the router's authentication check is fooled into treating the request as an image file, granting unauthenticated access to all management functions including configuration and firmware management. | EMERGENCY CVE-2024-57045 9.8 A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.5%. | ACT NOW CVE-2024-13726 8.6 The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%. | ACT NOW CVE-2025-1094 8.1 PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperly neutralize quoting syntax, enabling SQL injection when function results are used to construct psql input. This vulnerability was used as the initial access vector in the BeyondTrust RS compromise chain. | ACT NOW CVE-2025-0111 7.1 Palo Alto Networks PAN-OS management interface contains an authenticated file read vulnerability allowing reading of files accessible to the 'nobody' user, exploited alongside CVE-2025-0108 for configuration extraction. | ACT NOW CVE-2025-0108 8.8 Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers to invoke PHP scripts, potentially leading to system compromise when chained with other vulnerabilities. | ACT NOW CVE-2025-21418 7.8 Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation to SYSTEM, exploited in the wild in February 2025. | ACT NOW CVE-2025-21391 7.1 Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attackers to delete targeted files, enabling privilege escalation. | ACT NOW CVE-2025-24472 8.1 FortiOS and FortiProxy contain an authentication bypass allowing unauthenticated attackers with knowledge of upstream/downstream device serial numbers to gain super-admin privileges on downstream devices. | EMERGENCY CVE-2025-24016 9.9 Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI that allows remote code execution on Wazuh management servers. | EMERGENCY CVE-2025-24786 10.0 WhoDB open-source database management tool allows unauthenticated path traversal to access any SQLite3 database on the host machine. Beyond data exposure, affected versions enable reading sensitive system files and executing arbitrary commands through SQLite extensions, achieving full server compromise. | ACT NOW CVE-2025-0994 8.6 Trimble Cityworks asset management platform contains a deserialization vulnerability allowing authenticated users to achieve remote code execution on the IIS web server hosting the application. | EMERGENCY CVE-2024-48445 9.8 An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%. | EMERGENCY CVE-2025-0364 9.8 BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.3%. | ACT NOW CVE-2024-40891 8.8 Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication command injection via Telnet management commands, companion vulnerability to CVE-2024-40890 affecting the same unsupported device. | ACT NOW CVE-2024-40890 8.8 Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication OS command injection in the CGI program, allowing authenticated attackers to execute OS commands via crafted HTTP POST requests. No patch available (EOL device). | ACT NOW CVE-2025-25181 5.8 A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | ACT NOW CVE-2024-57968 9.9 Advantive VeraCore warehouse management system allows authenticated users to upload files to unintended directories, enabling web shell deployment through the upload.aspx endpoint. |

EMERGENCY CVE-2025-26319 9.8 FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Unauthenticated attackers can upload malicious files including executable scripts, achieving remote code execution on the Flowise server. | ACT NOW CVE-2025-22226 7.1 VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host. | ACT NOW CVE-2025-22225 8.2 VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes, enabling escape from the VMX sandbox to the ESXi kernel. | EMERGENCY CVE-2025-22224 9.3 VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrators on VMs to escape the sandbox and execute code as the VMX process on the host. | ACT NOW CVE-2024-48248 8.6 NAKIVO Backup & Replication contains an absolute path traversal allowing unauthenticated remote attackers to read arbitrary files, including configuration files with cleartext credentials for physical discovery operations. | ACT NOW CVE-2025-26264 8.8 GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.5%. | ACT NOW CVE-2025-22952 9.8 elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.0%. | ACT NOW CVE-2024-13869 7.2 The Migration, Backup, Staging - WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_files' function in all. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%. | ACT NOW CVE-2025-24893 9.8 XWiki Platform allows unauthenticated remote code execution through the SolrSearch endpoint, enabling guests to execute arbitrary code and compromise the entire XWiki installation. | EMERGENCY CVE-2025-0868 9.3 A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.0%. | ACT NOW CVE-2025-24989 8.2 Microsoft Power Pages contains an improper access control vulnerability allowing unauthenticated attackers to elevate privileges and bypass user registration controls over the network. | EMERGENCY CVE-2024-57049 9.8 A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.8%. | ACT NOW CVE-2024-57046 8.8 Netgear DGN2200 router firmware v1.0.0.46 and earlier contains an authentication bypass. By appending ?x=1.gif to any URL, the router's authentication check is fooled into treating the request as an image file, granting unauthenticated access to all management functions including configuration and firmware management. | EMERGENCY CVE-2024-57045 9.8 A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.5%. | ACT NOW CVE-2024-13726 8.6 The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%. | ACT NOW CVE-2025-1094 8.1 PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperly neutralize quoting syntax, enabling SQL injection when function results are used to construct psql input. This vulnerability was used as the initial access vector in the BeyondTrust RS compromise chain. | ACT NOW CVE-2025-0111 7.1 Palo Alto Networks PAN-OS management interface contains an authenticated file read vulnerability allowing reading of files accessible to the 'nobody' user, exploited alongside CVE-2025-0108 for configuration extraction. | ACT NOW CVE-2025-0108 8.8 Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers to invoke PHP scripts, potentially leading to system compromise when chained with other vulnerabilities. | ACT NOW CVE-2025-21418 7.8 Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation to SYSTEM, exploited in the wild in February 2025. | ACT NOW CVE-2025-21391 7.1 Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attackers to delete targeted files, enabling privilege escalation. | ACT NOW CVE-2025-24472 8.1 FortiOS and FortiProxy contain an authentication bypass allowing unauthenticated attackers with knowledge of upstream/downstream device serial numbers to gain super-admin privileges on downstream devices. | EMERGENCY CVE-2025-24016 9.9 Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI that allows remote code execution on Wazuh management servers. | EMERGENCY CVE-2025-24786 10.0 WhoDB open-source database management tool allows unauthenticated path traversal to access any SQLite3 database on the host machine. Beyond data exposure, affected versions enable reading sensitive system files and executing arbitrary commands through SQLite extensions, achieving full server compromise. | ACT NOW CVE-2025-0994 8.6 Trimble Cityworks asset management platform contains a deserialization vulnerability allowing authenticated users to achieve remote code execution on the IIS web server hosting the application. | EMERGENCY CVE-2024-48445 9.8 An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%. | EMERGENCY CVE-2025-0364 9.8 BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.3%. | ACT NOW CVE-2024-40891 8.8 Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication command injection via Telnet management commands, companion vulnerability to CVE-2024-40890 affecting the same unsupported device. | ACT NOW CVE-2024-40890 8.8 Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication OS command injection in the CGI program, allowing authenticated attackers to execute OS commands via crafted HTTP POST requests. No patch available (EOL device). | ACT NOW CVE-2025-25181 5.8 A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | ACT NOW CVE-2024-57968 9.9 Advantive VeraCore warehouse management system allows authenticated users to upload files to unintended directories, enabling web shell deployment through the upload.aspx endpoint. |