Skip to main content
CVE-2025-32778 CRITICAL POC THREAT Emergency

Web-Check is an all-in-one OSINT tool for analyzing any website. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 32.4% and no vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
32.4%
Threat
4.3
CVE-2025-28137 CRITICAL POC THREAT Emergency

The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%.

Command Injection A810R Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
11.9%
CVE-2025-28399 CRITICAL POC Act Now

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Xmall
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28100 CRITICAL POC Act Now

A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Dingfanzu
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-25456 CRITICAL POC Act Now

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-22900 CRITICAL POC Act Now

Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N600r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2021-27289 CRITICAL POC Act Now

A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
0.6%
CVE-2025-26927 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server.3.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2025-30727 CRITICAL Act Now

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass E Business Suite
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-32445 CRITICAL PATCH Act Now

Argo Events is an event-driven workflow automation framework for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Privilege Escalation Red Hat Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.4%
CVE-2025-30985 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in NotFound GNUCommerce allows Object Injection.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-30206 CRITICAL PATCH Act Now

Dpanel is a Docker visualization panel system which provides complete Docker management functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Privilege Escalation Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-24797 CRITICAL Act Now

Meshtastic is an open source mesh networking solution. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Meshtastic Firmware
NVD GitHub
CVSS 3.1
9.4
EPSS
2.0%
CVE-2025-30967 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-3579 CRITICAL Act Now

In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Code Injection
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-3578 CRITICAL Act Now

A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-24297 CRITICAL Act Now

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Portal
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-2567 CRITICAL Act Now

An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-30510 CRITICAL Act Now

An attacker can upload an arbitrary file instead of a plant image. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Portal
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-32911 CRITICAL PATCH Act Now

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2025-32428 CRITICAL PATCH Act Now

Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
9.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy