Skip to main content
CVE-2025-24447 CRITICAL Act Now

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 28.4% and no vendor patch available.

RCE Deserialization Coldfusion
NVD
CVSS 3.1
9.1
EPSS
28.4%
CVE-2025-32028 CRITICAL POC Act Now

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Haxcms Php
NVD GitHub
CVSS 3.1
9.9
EPSS
0.6%
CVE-2025-30281 CRITICAL Act Now

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Authentication Bypass Coldfusion
NVD
CVSS 3.1
9.1
EPSS
7.3%
CVE-2025-24446 CRITICAL Act Now

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Coldfusion
NVD
CVSS 3.1
9.1
EPSS
6.9%
CVE-2024-41794 CRITICAL Act Now

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
10.0
EPSS
0.3%
CVE-2025-3363 CRITICAL Act Now

The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-3362 CRITICAL Act Now

The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-3361 CRITICAL Act Now

The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-31330 CRITICAL Act Now

SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SAP
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2025-27429 CRITICAL Act Now

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SAP
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2025-30016 CRITICAL Act Now

SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48887 CRITICAL Act Now

A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortiswitch
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-25226 CRITICAL PATCH Act Now

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Joomla
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-41790 CRITICAL Act Now

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
9.4
EPSS
1.0%
CVE-2024-41789 CRITICAL Act Now

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
9.4
EPSS
1.0%
CVE-2024-41788 CRITICAL Act Now

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
9.4
EPSS
1.0%
CVE-2025-2004 CRITICAL Act Now

The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP RCE
NVD
CVSS 3.1
9.1
EPSS
1.8%
CVE-2025-30282 CRITICAL Act Now

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Coldfusion
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-54092 CRITICAL Act Now

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-32020 CRITICAL PATCH Act Now

The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-41792 CRITICAL Act Now

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
9.2
EPSS
0.6%
CVE-2025-22871 CRITICAL PATCH CISA GHSA Act Now

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy