Skip to main content
CVE-2025-1974 CRITICAL POC PATCH THREAT CERT-EU Act Now

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access to achieve arbitrary code execution in the controller context. Dubbed 'IngressNightmare', this flaw exposes cluster Secrets including TLS certificates and service account tokens accessible to the ingress controller.

Nginx RCE Kubernetes Red Hat Suse
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
90.3%
Threat
6.2
CVE-2025-30216 CRITICAL POC PATCH Act Now

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE Cryptolib
NVD GitHub
CVSS 3.1
9.4
EPSS
5.9%
CVE-2025-25373 CRITICAL POC Act Now

The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-42533 CRITICAL Act Now

SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-27837 CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ghostscript Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-27836 CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27831 CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27832 CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-30091 CRITICAL Act Now

In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE
NVD
CVSS 4.0
9.4
EPSS
1.0%
CVE-2025-28904 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shamalli Web Directory Free allows Blind SQL Injection.7.6. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2024-45480 CRITICAL Act Now

An improper control of generation of code ('Code Injection') vulnerability in the AprolCreateReport component of B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to read files. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2024-55030 CRITICAL POC THREAT Act Now

A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.5%.

Command Injection Fprime
NVD
CVSS 3.1
9.8
EPSS
14.5%
CVE-2024-55028 CRITICAL POC Act Now

A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Fprime
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-48818 CRITICAL This Week

An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
9.8
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy