Skip to main content
CVE-2025-25291 CRITICAL POC PATCH THREAT CERT-EU Act Now

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.8%.

Jwt Attack Authentication Bypass Omniauth Saml Ruby Saml Storagegrid
NVD GitHub
CVSS 4.0
9.3
EPSS
13.8%
CVE-2025-25292 CRITICAL POC PATCH CERT-EU Act Now

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Authentication Bypass Omniauth Saml Ruby Saml Storagegrid
NVD GitHub
CVSS 4.0
9.3
EPSS
4.1%
CVE-2025-25568 CRITICAL POC Act Now

SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Denial Of Service Vpn
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25565 CRITICAL POC Act Now

SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vpn
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25567 CRITICAL POC Act Now

SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vpn
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-22954 CRITICAL Act Now

GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.9% and no vendor patch available.

SQLi
NVD
CVSS 3.1
10.0
EPSS
11.9%
CVE-2024-13446 CRITICAL Act Now

The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Workreap
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-1960 CRITICAL Act Now

attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-13871 CRITICAL Act Now

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Box Firmware
NVD
CVSS 4.0
9.4
EPSS
0.3%
CVE-2024-13872 CRITICAL Act Now

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Box Firmware
NVD
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-27407 CRITICAL PATCH CERT-EU Act Now

graphql-ruby is a Ruby implementation of GraphQL. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Red Hat
NVD GitHub
CVSS 3.1
9.0
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy