ACT NOW CVE-2025-31161 9.8 CrushFTP 10 and 11 contain an authentication bypass allowing takeover of the crushadmin account through a race condition in the AWS4-HMAC authorization method, massively exploited in March-April 2025. | ACT NOW CVE-2025-30406 9.0 Gladinet CentreStack contains a deserialization vulnerability caused by a hardcoded machineKey in the portal, allowing unauthenticated remote code execution through crafted ViewState payloads. | ACT NOW CVE-2025-22457 9.0 Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated remote code execution, the third major Ivanti VPN zero-day within fifteen months, exploited by UNC5221. | EMERGENCY CVE-2025-2945 9.9 pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoints. The query_commited and high_availability parameters are passed directly to Python's eval() function, allowing authenticated users to execute arbitrary Python code on the pgAdmin server. | EMERGENCY CVE-2024-54804 9.8 Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%. | EMERGENCY CVE-2024-54803 9.8 Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%. | ACT NOW CVE-2025-31125 5.3 Vite is a frontend tooling framework for javascript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available. | EMERGENCY CVE-2025-22941 9.8 A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.3%. | EMERGENCY CVE-2025-22939 9.8 A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.2%. | EMERGENCY CVE-2025-25579 9.8 TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%. | EMERGENCY CVE-2025-2294 9.8 The Kubio AI Page Builder WordPress plugin through version 2.5.1 contains an unauthenticated Local File Inclusion via the kubio_hybrid_theme_load_template function. Attackers can include and execute arbitrary PHP files on the server, achieving remote code execution through techniques like PHP filter chains or log poisoning. | EMERGENCY CVE-2025-29306 9.8 FoxCMS version 1.2.5 contains an unauthenticated remote code execution vulnerability in the case display page of the index.html component. Attackers can inject and execute arbitrary PHP code on the server through crafted requests to the case display functionality. | ACT NOW CVE-2025-2783 8.3 Google Chrome on Windows contains a Mojo IPC handle validation flaw enabling sandbox escape through a malicious file, exploited in targeted attacks against Russian organizations in March 2025. | ACT NOW CVE-2024-55030 9.8 A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.5%. | ACT NOW CVE-2025-24514 8.8 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%. | ACT NOW CVE-2025-1974 9.8 A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access to achieve arbitrary code execution in the controller context. Dubbed 'IngressNightmare', this flaw exposes cluster Secrets including TLS certificates and service account tokens accessible to the ingress controller. | ACT NOW CVE-2025-1098 8.8 Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress annotations. Attackers can inject arbitrary NGINX configuration directives that lead to code execution in the ingress controller context, exposing cluster Secrets. This is a companion vulnerability to CVE-2025-1974 (IngressNightmare). | ACT NOW CVE-2025-1097 8.8 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%. | ACT NOW CVE-2025-2747 9.8 Kentico Xperience contains a second authentication bypass in the Staging Sync Server through None-type password handling, allowing administrative control. Companion to CVE-2025-2746. | ACT NOW CVE-2025-2746 9.8 Kentico Xperience through 13.0.172 contains an authentication bypass in the Staging Sync Server through empty SHA1 username handling in digest authentication, allowing administrative object control. | ACT NOW CVE-2025-2620 9.3 A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.6%. | ACT NOW CVE-2025-29927 9.1 Next.js versions 1.11.4 through 15.2.2 contain a critical middleware authorization bypass via the x-middleware-subrequest header. Attackers can send crafted requests that skip middleware entirely, bypassing authentication, authorization, and security headers enforced at the middleware layer. | ACT NOW CVE-2024-6842 7.5 AnythingLLM version 1.5.5 exposes sensitive system settings including search engine API keys through the unauthenticated /setup-complete endpoint. Attackers can steal API keys, enumerate system configuration, and leverage exposed credentials to compromise integrated services. | ACT NOW CVE-2025-30154 8.6 reviewdog/action-setup GitHub Action was compromised with malicious code that dumped CI/CD secrets to workflow logs, affecting all reviewdog actions that depend on this setup action. | ACT NOW CVE-2025-30066 8.6 tj-actions/changed-files GitHub Action was compromised in a supply chain attack where modified tags pointed to credential-stealing code, exposing secrets from GitHub Actions workflows across thousands of repositories. | EMERGENCY CVE-2025-29384 9.8 In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%. | ACT NOW CVE-2025-2264 7.5 Sante PACS Server contains an unauthenticated path traversal vulnerability that allows remote attackers to download arbitrary files from the server's installation drive. Medical imaging servers typically contain DICOM files with protected health information (PHI), making this a significant healthcare data breach vector. | ACT NOW CVE-2025-25291 9.3 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.8%. | ACT NOW CVE-2025-24201 10.0 A critical out-of-bounds write in WebKit's rendering engine allows maliciously crafted web content to escape the Web Content sandbox, achieving native code execution on Apple devices. Rated CVSS 10.0 and KEV-listed, CVE-2025-24201 is a supplementary fix for a previously patched vulnerability that was being actively exploited in extremely sophisticated targeted attacks. Affects all Apple platforms: iOS, iPadOS, macOS, Safari, visionOS, and watchOS. | ACT NOW CVE-2025-26633 7.0 A security feature bypass in Microsoft Management Console (MMC) allows attackers to evade security warnings and execute malicious code locally. KEV-listed and tracked as CVE-2025-26633, this vulnerability has been actively exploited by the Water Gamayun threat group (also tracked as EncryptHub) using crafted .msc files to deploy info-stealing malware. Public PoC is available and EPSS is 7.1%. |

ACT NOW CVE-2025-31161 9.8 CrushFTP 10 and 11 contain an authentication bypass allowing takeover of the crushadmin account through a race condition in the AWS4-HMAC authorization method, massively exploited in March-April 2025. | ACT NOW CVE-2025-30406 9.0 Gladinet CentreStack contains a deserialization vulnerability caused by a hardcoded machineKey in the portal, allowing unauthenticated remote code execution through crafted ViewState payloads. | ACT NOW CVE-2025-22457 9.0 Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated remote code execution, the third major Ivanti VPN zero-day within fifteen months, exploited by UNC5221. | EMERGENCY CVE-2025-2945 9.9 pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoints. The query_commited and high_availability parameters are passed directly to Python's eval() function, allowing authenticated users to execute arbitrary Python code on the pgAdmin server. | EMERGENCY CVE-2024-54804 9.8 Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%. | EMERGENCY CVE-2024-54803 9.8 Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%. | ACT NOW CVE-2025-31125 5.3 Vite is a frontend tooling framework for javascript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available. | EMERGENCY CVE-2025-22941 9.8 A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.3%. | EMERGENCY CVE-2025-22939 9.8 A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.2%. | EMERGENCY CVE-2025-25579 9.8 TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%. | EMERGENCY CVE-2025-2294 9.8 The Kubio AI Page Builder WordPress plugin through version 2.5.1 contains an unauthenticated Local File Inclusion via the kubio_hybrid_theme_load_template function. Attackers can include and execute arbitrary PHP files on the server, achieving remote code execution through techniques like PHP filter chains or log poisoning. | EMERGENCY CVE-2025-29306 9.8 FoxCMS version 1.2.5 contains an unauthenticated remote code execution vulnerability in the case display page of the index.html component. Attackers can inject and execute arbitrary PHP code on the server through crafted requests to the case display functionality. | ACT NOW CVE-2025-2783 8.3 Google Chrome on Windows contains a Mojo IPC handle validation flaw enabling sandbox escape through a malicious file, exploited in targeted attacks against Russian organizations in March 2025. | ACT NOW CVE-2024-55030 9.8 A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.5%. | ACT NOW CVE-2025-24514 8.8 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%. | ACT NOW CVE-2025-1974 9.8 A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access to achieve arbitrary code execution in the controller context. Dubbed 'IngressNightmare', this flaw exposes cluster Secrets including TLS certificates and service account tokens accessible to the ingress controller. | ACT NOW CVE-2025-1098 8.8 Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress annotations. Attackers can inject arbitrary NGINX configuration directives that lead to code execution in the ingress controller context, exposing cluster Secrets. This is a companion vulnerability to CVE-2025-1974 (IngressNightmare). | ACT NOW CVE-2025-1097 8.8 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%. | ACT NOW CVE-2025-2747 9.8 Kentico Xperience contains a second authentication bypass in the Staging Sync Server through None-type password handling, allowing administrative control. Companion to CVE-2025-2746. | ACT NOW CVE-2025-2746 9.8 Kentico Xperience through 13.0.172 contains an authentication bypass in the Staging Sync Server through empty SHA1 username handling in digest authentication, allowing administrative object control. | ACT NOW CVE-2025-2620 9.3 A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.6%. | ACT NOW CVE-2025-29927 9.1 Next.js versions 1.11.4 through 15.2.2 contain a critical middleware authorization bypass via the x-middleware-subrequest header. Attackers can send crafted requests that skip middleware entirely, bypassing authentication, authorization, and security headers enforced at the middleware layer. | ACT NOW CVE-2024-6842 7.5 AnythingLLM version 1.5.5 exposes sensitive system settings including search engine API keys through the unauthenticated /setup-complete endpoint. Attackers can steal API keys, enumerate system configuration, and leverage exposed credentials to compromise integrated services. | ACT NOW CVE-2025-30154 8.6 reviewdog/action-setup GitHub Action was compromised with malicious code that dumped CI/CD secrets to workflow logs, affecting all reviewdog actions that depend on this setup action. | ACT NOW CVE-2025-30066 8.6 tj-actions/changed-files GitHub Action was compromised in a supply chain attack where modified tags pointed to credential-stealing code, exposing secrets from GitHub Actions workflows across thousands of repositories. | EMERGENCY CVE-2025-29384 9.8 In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%. | ACT NOW CVE-2025-2264 7.5 Sante PACS Server contains an unauthenticated path traversal vulnerability that allows remote attackers to download arbitrary files from the server's installation drive. Medical imaging servers typically contain DICOM files with protected health information (PHI), making this a significant healthcare data breach vector. | ACT NOW CVE-2025-25291 9.3 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.8%. | ACT NOW CVE-2025-24201 10.0 A critical out-of-bounds write in WebKit's rendering engine allows maliciously crafted web content to escape the Web Content sandbox, achieving native code execution on Apple devices. Rated CVSS 10.0 and KEV-listed, CVE-2025-24201 is a supplementary fix for a previously patched vulnerability that was being actively exploited in extremely sophisticated targeted attacks. Affects all Apple platforms: iOS, iPadOS, macOS, Safari, visionOS, and watchOS. | ACT NOW CVE-2025-26633 7.0 A security feature bypass in Microsoft Management Console (MMC) allows attackers to evade security warnings and execute malicious code locally. KEV-listed and tracked as CVE-2025-26633, this vulnerability has been actively exploited by the Water Gamayun threat group (also tracked as EncryptHub) using crafted .msc files to deploy info-stealing malware. Public PoC is available and EPSS is 7.1%. |