Skip to main content
CVE-2025-32433 CRITICAL POC KEV PATCH THREAT Act Now

Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling, enabling unauthorized system access with CVSS 10.0.

RCE Authentication Bypass Erlang Otp Confd Basic Network Services Orchestrator +21
NVD GitHub
CVSS 3.1
10.0
EPSS
50.3%
Threat
6.5
CVE-2025-31201 CRITICAL POC KEV THREAT Emergency

Apple devices contain a vulnerability allowing attackers with arbitrary read/write to bypass Pointer Authentication Codes (PAC), addressed by removing the vulnerable code. Exploited alongside CVE-2025-31200.

Apple RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
Threat
5.0
CVE-2025-31200 CRITICAL POC KEV THREAT Emergency

Apple CoreAudio contains a memory corruption vulnerability exploitable through maliciously crafted audio streams in media files, enabling code execution. Exploited in extremely sophisticated targeted attacks in April 2025.

Apple Memory Corruption Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
Threat
5.0
CVE-2024-55372 CRITICAL POC Act Now

Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wallos
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2024-40071 CRITICAL POC Act Now

Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Online Id Generator System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-55371 CRITICAL POC Act Now

Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wallos
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2025-29709 CRITICAL POC Act Now

SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Company Website Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-29708 CRITICAL POC Act Now

SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Company Website Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-40073 CRITICAL POC Act Now

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Id Generator System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-40072 CRITICAL POC Act Now

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Id Generator System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-3495 CRITICAL Act Now

Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-1980 CRITICAL Act Now

The Ready_ application's Profile section allows users to upload files of any type and extension without restriction. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD
CVSS 4.0
9.4
EPSS
1.6%
CVE-2025-30215 CRITICAL PATCH GHSA Act Now

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Suse
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-39601 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion.4.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-27540 CRITICAL Act Now

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Telecontrol Server Basic
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-27539 CRITICAL Act Now

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Telecontrol Server Basic
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-27495 CRITICAL Act Now

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Telecontrol Server Basic
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-1981 CRITICAL Act Now

Improper neutralization of input provided by a low-privileged user into a file search functionality in Ready_'s Invoices module allows for SQL Injection attacks. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
9.4
EPSS
0.2%
CVE-2025-0756 CRITICAL Act Now

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure RCE
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2025-39557 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Upload a Web Shell to a Web Server.5.14. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-22036 CRITICAL PATCH Act Now

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Privilege Escalation Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy