EMERGENCY CVE-2025-25579 9.8 TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%. | EMERGENCY CVE-2025-2294 9.8 The Kubio AI Page Builder WordPress plugin through version 2.5.1 contains an unauthenticated Local File Inclusion via the kubio_hybrid_theme_load_template function. Attackers can include and execute arbitrary PHP files on the server, achieving remote code execution through techniques like PHP filter chains or log poisoning. | EMERGENCY CVE-2025-29306 9.8 FoxCMS version 1.2.5 contains an unauthenticated remote code execution vulnerability in the case display page of the index.html component. Attackers can inject and execute arbitrary PHP code on the server through crafted requests to the case display functionality. | ACT NOW CVE-2025-2783 8.3 Google Chrome on Windows contains a Mojo IPC handle validation flaw enabling sandbox escape through a malicious file, exploited in targeted attacks against Russian organizations in March 2025. | ACT NOW CVE-2024-55030 9.8 A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.5%. | ACT NOW CVE-2025-24514 8.8 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%. | ACT NOW CVE-2025-1974 9.8 A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access to achieve arbitrary code execution in the controller context. Dubbed 'IngressNightmare', this flaw exposes cluster Secrets including TLS certificates and service account tokens accessible to the ingress controller. | ACT NOW CVE-2025-1098 8.8 Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress annotations. Attackers can inject arbitrary NGINX configuration directives that lead to code execution in the ingress controller context, exposing cluster Secrets. This is a companion vulnerability to CVE-2025-1974 (IngressNightmare). | ACT NOW CVE-2025-1097 8.8 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%. | ACT NOW CVE-2025-2747 9.8 Kentico Xperience contains a second authentication bypass in the Staging Sync Server through None-type password handling, allowing administrative control. Companion to CVE-2025-2746. | ACT NOW CVE-2025-2746 9.8 Kentico Xperience through 13.0.172 contains an authentication bypass in the Staging Sync Server through empty SHA1 username handling in digest authentication, allowing administrative object control. | ACT NOW CVE-2025-2620 9.3 A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.6%. | ACT NOW CVE-2025-29927 9.1 Next.js versions 1.11.4 through 15.2.2 contain a critical middleware authorization bypass via the x-middleware-subrequest header. Attackers can send crafted requests that skip middleware entirely, bypassing authentication, authorization, and security headers enforced at the middleware layer. | ACT NOW CVE-2024-6842 7.5 AnythingLLM version 1.5.5 exposes sensitive system settings including search engine API keys through the unauthenticated /setup-complete endpoint. Attackers can steal API keys, enumerate system configuration, and leverage exposed credentials to compromise integrated services. | ACT NOW CVE-2025-30154 8.6 reviewdog/action-setup GitHub Action was compromised with malicious code that dumped CI/CD secrets to workflow logs, affecting all reviewdog actions that depend on this setup action. | ACT NOW CVE-2025-30066 8.6 tj-actions/changed-files GitHub Action was compromised in a supply chain attack where modified tags pointed to credential-stealing code, exposing secrets from GitHub Actions workflows across thousands of repositories. | EMERGENCY CVE-2025-29384 9.8 In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%. | ACT NOW CVE-2025-2264 7.5 Sante PACS Server contains an unauthenticated path traversal vulnerability that allows remote attackers to download arbitrary files from the server's installation drive. Medical imaging servers typically contain DICOM files with protected health information (PHI), making this a significant healthcare data breach vector. | ACT NOW CVE-2025-25291 9.3 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.8%. | ACT NOW CVE-2025-24201 10.0 A critical out-of-bounds write in WebKit's rendering engine allows maliciously crafted web content to escape the Web Content sandbox, achieving native code execution on Apple devices. Rated CVSS 10.0 and KEV-listed, CVE-2025-24201 is a supplementary fix for a previously patched vulnerability that was being actively exploited in extremely sophisticated targeted attacks. Affects all Apple platforms: iOS, iPadOS, macOS, Safari, visionOS, and watchOS. | ACT NOW CVE-2025-26633 7.0 A security feature bypass in Microsoft Management Console (MMC) allows attackers to evade security warnings and execute malicious code locally. KEV-listed and tracked as CVE-2025-26633, this vulnerability has been actively exploited by the Water Gamayun threat group (also tracked as EncryptHub) using crafted .msc files to deploy info-stealing malware. Public PoC is available and EPSS is 7.1%. | ACT NOW CVE-2025-24993 7.8 A heap-based buffer overflow in the Windows NTFS driver allows unauthenticated local code execution, providing kernel-level access when a user mounts a crafted NTFS filesystem image. This KEV-listed vulnerability (CVE-2025-24993) targets the most widely used Windows filesystem, making it a significant threat through malicious USB drives, VHD files, or network shares. | ACT NOW CVE-2025-24985 7.8 An integer overflow in the Windows Fast FAT Driver allows unauthenticated local code execution through crafted FAT filesystem images. KEV-listed with public PoC, this vulnerability (CVE-2025-24985) can be triggered by mounting a malicious USB drive or VHD file, making it a potent vector for physical access attacks and social engineering scenarios. | ACT NOW CVE-2025-24984 4.6 Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. [CVSS 4.6 MEDIUM] [CISA KEV - actively exploited] | ACT NOW CVE-2025-24983 7.0 A use-after-free vulnerability in the Windows Win32 Kernel Subsystem enables local privilege escalation from authorized user to SYSTEM level. This KEV-listed vulnerability (CVE-2025-24983) requires the attacker to win a race condition but has been actively exploited in targeted attacks. Microsoft has released patches for all supported Windows versions. | ACT NOW CVE-2025-27363 8.1 A critical out-of-bounds write vulnerability in FreeType versions 2.13.0 and below affects font rendering across virtually all Linux distributions, Android devices, and applications embedding FreeType. The integer signedness error in TrueType GX/variable font parsing leads to heap buffer overflow, enabling arbitrary code execution when processing malicious fonts. KEV-listed with EPSS 76%, this vulnerability has been actively exploited. | EMERGENCY CVE-2024-54085 9.8 A critical authentication bypass in AMI SPx BMC firmware allows unauthenticated remote attackers to gain full control of server hardware through the Redfish Host Interface. This KEV-listed vulnerability (CVSS 9.8) threatens the entire server fleet of organizations using AMI-based BMC implementations, enabling attackers to persist below the OS layer where traditional security tools cannot detect them. | EMERGENCY CVE-2025-24813 9.8 A critical path equivalence vulnerability in Apache Tomcat's Default Servlet allows unauthenticated remote code execution through specially crafted PUT requests using internal dot notation in filenames. With EPSS of 94% and active exploitation in the wild, this represents one of the most dangerous Tomcat vulnerabilities in recent years, affecting versions 9.0.0-9.0.98, 10.1.0-10.1.34, and 11.0.0-11.0.2. | EMERGENCY CVE-2025-25632 9.8 Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%. | EMERGENCY CVE-2025-1316 9.3 Edimax IC-7100 IP camera allows unauthenticated remote code execution through improper neutralization of requests, with no patch available as the device is end-of-life. |

EMERGENCY CVE-2025-25579 9.8 TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%. | EMERGENCY CVE-2025-2294 9.8 The Kubio AI Page Builder WordPress plugin through version 2.5.1 contains an unauthenticated Local File Inclusion via the kubio_hybrid_theme_load_template function. Attackers can include and execute arbitrary PHP files on the server, achieving remote code execution through techniques like PHP filter chains or log poisoning. | EMERGENCY CVE-2025-29306 9.8 FoxCMS version 1.2.5 contains an unauthenticated remote code execution vulnerability in the case display page of the index.html component. Attackers can inject and execute arbitrary PHP code on the server through crafted requests to the case display functionality. | ACT NOW CVE-2025-2783 8.3 Google Chrome on Windows contains a Mojo IPC handle validation flaw enabling sandbox escape through a malicious file, exploited in targeted attacks against Russian organizations in March 2025. | ACT NOW CVE-2024-55030 9.8 A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.5%. | ACT NOW CVE-2025-24514 8.8 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%. | ACT NOW CVE-2025-1974 9.8 A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access to achieve arbitrary code execution in the controller context. Dubbed 'IngressNightmare', this flaw exposes cluster Secrets including TLS certificates and service account tokens accessible to the ingress controller. | ACT NOW CVE-2025-1098 8.8 Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress annotations. Attackers can inject arbitrary NGINX configuration directives that lead to code execution in the ingress controller context, exposing cluster Secrets. This is a companion vulnerability to CVE-2025-1974 (IngressNightmare). | ACT NOW CVE-2025-1097 8.8 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%. | ACT NOW CVE-2025-2747 9.8 Kentico Xperience contains a second authentication bypass in the Staging Sync Server through None-type password handling, allowing administrative control. Companion to CVE-2025-2746. | ACT NOW CVE-2025-2746 9.8 Kentico Xperience through 13.0.172 contains an authentication bypass in the Staging Sync Server through empty SHA1 username handling in digest authentication, allowing administrative object control. | ACT NOW CVE-2025-2620 9.3 A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.6%. | ACT NOW CVE-2025-29927 9.1 Next.js versions 1.11.4 through 15.2.2 contain a critical middleware authorization bypass via the x-middleware-subrequest header. Attackers can send crafted requests that skip middleware entirely, bypassing authentication, authorization, and security headers enforced at the middleware layer. | ACT NOW CVE-2024-6842 7.5 AnythingLLM version 1.5.5 exposes sensitive system settings including search engine API keys through the unauthenticated /setup-complete endpoint. Attackers can steal API keys, enumerate system configuration, and leverage exposed credentials to compromise integrated services. | ACT NOW CVE-2025-30154 8.6 reviewdog/action-setup GitHub Action was compromised with malicious code that dumped CI/CD secrets to workflow logs, affecting all reviewdog actions that depend on this setup action. | ACT NOW CVE-2025-30066 8.6 tj-actions/changed-files GitHub Action was compromised in a supply chain attack where modified tags pointed to credential-stealing code, exposing secrets from GitHub Actions workflows across thousands of repositories. | EMERGENCY CVE-2025-29384 9.8 In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%. | ACT NOW CVE-2025-2264 7.5 Sante PACS Server contains an unauthenticated path traversal vulnerability that allows remote attackers to download arbitrary files from the server's installation drive. Medical imaging servers typically contain DICOM files with protected health information (PHI), making this a significant healthcare data breach vector. | ACT NOW CVE-2025-25291 9.3 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.8%. | ACT NOW CVE-2025-24201 10.0 A critical out-of-bounds write in WebKit's rendering engine allows maliciously crafted web content to escape the Web Content sandbox, achieving native code execution on Apple devices. Rated CVSS 10.0 and KEV-listed, CVE-2025-24201 is a supplementary fix for a previously patched vulnerability that was being actively exploited in extremely sophisticated targeted attacks. Affects all Apple platforms: iOS, iPadOS, macOS, Safari, visionOS, and watchOS. | ACT NOW CVE-2025-26633 7.0 A security feature bypass in Microsoft Management Console (MMC) allows attackers to evade security warnings and execute malicious code locally. KEV-listed and tracked as CVE-2025-26633, this vulnerability has been actively exploited by the Water Gamayun threat group (also tracked as EncryptHub) using crafted .msc files to deploy info-stealing malware. Public PoC is available and EPSS is 7.1%. | ACT NOW CVE-2025-24993 7.8 A heap-based buffer overflow in the Windows NTFS driver allows unauthenticated local code execution, providing kernel-level access when a user mounts a crafted NTFS filesystem image. This KEV-listed vulnerability (CVE-2025-24993) targets the most widely used Windows filesystem, making it a significant threat through malicious USB drives, VHD files, or network shares. | ACT NOW CVE-2025-24985 7.8 An integer overflow in the Windows Fast FAT Driver allows unauthenticated local code execution through crafted FAT filesystem images. KEV-listed with public PoC, this vulnerability (CVE-2025-24985) can be triggered by mounting a malicious USB drive or VHD file, making it a potent vector for physical access attacks and social engineering scenarios. | ACT NOW CVE-2025-24984 4.6 Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. [CVSS 4.6 MEDIUM] [CISA KEV - actively exploited] | ACT NOW CVE-2025-24983 7.0 A use-after-free vulnerability in the Windows Win32 Kernel Subsystem enables local privilege escalation from authorized user to SYSTEM level. This KEV-listed vulnerability (CVE-2025-24983) requires the attacker to win a race condition but has been actively exploited in targeted attacks. Microsoft has released patches for all supported Windows versions. | ACT NOW CVE-2025-27363 8.1 A critical out-of-bounds write vulnerability in FreeType versions 2.13.0 and below affects font rendering across virtually all Linux distributions, Android devices, and applications embedding FreeType. The integer signedness error in TrueType GX/variable font parsing leads to heap buffer overflow, enabling arbitrary code execution when processing malicious fonts. KEV-listed with EPSS 76%, this vulnerability has been actively exploited. | EMERGENCY CVE-2024-54085 9.8 A critical authentication bypass in AMI SPx BMC firmware allows unauthenticated remote attackers to gain full control of server hardware through the Redfish Host Interface. This KEV-listed vulnerability (CVSS 9.8) threatens the entire server fleet of organizations using AMI-based BMC implementations, enabling attackers to persist below the OS layer where traditional security tools cannot detect them. | EMERGENCY CVE-2025-24813 9.8 A critical path equivalence vulnerability in Apache Tomcat's Default Servlet allows unauthenticated remote code execution through specially crafted PUT requests using internal dot notation in filenames. With EPSS of 94% and active exploitation in the wild, this represents one of the most dangerous Tomcat vulnerabilities in recent years, affecting versions 9.0.0-9.0.98, 10.1.0-10.1.34, and 11.0.0-11.0.2. | EMERGENCY CVE-2025-25632 9.8 Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%. | EMERGENCY CVE-2025-1316 9.3 Edimax IC-7100 IP camera allows unauthenticated remote code execution through improper neutralization of requests, with no patch available as the device is end-of-life. |