Skip to main content
CVE-2025-1316 CRITICAL KEV THREAT Emergency

Edimax IC-7100 IP camera allows unauthenticated remote code execution through improper neutralization of requests, with no patch available as the device is end-of-life.

Command Injection RCE Ic 7100 Firmware
NVD
CVSS 4.0
9.3
EPSS
85.1%
CVE-2025-25632 CRITICAL POC THREAT Emergency

Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Command Injection Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.8%
CVE-2025-25015 CRITICAL Act Now

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution RCE Elastic File Upload Kibana
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2025-27657 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Code Execution V-2023-008. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-12799 CRITICAL Act Now

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 4.0
10.0
EPSS
0.1%
CVE-2025-27678 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-13787 CRITICAL Act Now

The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress PHP Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-1515 CRITICAL Act Now

The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-12281 CRITICAL Act Now

The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-11951 CRITICAL Act Now

The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-25362 CRITICAL PATCH Act Now

A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-1393 CRITICAL Act Now

An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-27675 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Vulnerable OpenID Implementation V-2023-004. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27668 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27667 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative User Email Enumeration OVE-20230524-0011. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27665 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Antivirus Protection and thus drivers can have known malicious code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27647 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27677 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Symbolic Links For Unprivileged File Interaction V-2022-002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27674 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27656 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27655 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27652 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: rfIDEAS V-2023-015. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27651 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27650 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27649 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.893 Application 20.0.2140 allows Incorrect Access Control: PHP V-2023-016. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27648 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-2024-003. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27646 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Edit User Account Exposure V-2024-001. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27645 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27643 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27642 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27641 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27638 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27681 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27672 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27671 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Device Impersonation OVE-20230524-0015. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27666 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Authorization Checks OVE-20230524-0010. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27662 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27658 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Authentication Bypass OVE-20230524-0001. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27659 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows SQL Injection OVE-20230524-0002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27640 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-38693 CRITICAL PATCH Act Now

Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid web application development. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27682 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27670 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Signature Validation OVE-20230524-0014. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27663 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-13147 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.01.2025. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-12097 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.12.2024. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-27517 CRITICAL PATCH Act Now

Volt is an elegantly crafted functional API for Livewire. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 4.0
9.3
EPSS
0.8%
CVE-2025-23410 CRITICAL Act Now

When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-24924 CRITICAL Act Now

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-27673 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.1
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy