Skip to main content
CVE-2025-32969 CRITICAL POC PATCH THREAT Act Now

XWiki is a generic wiki platform. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.9%.

SQLi Xwiki
NVD GitHub
CVSS 4.0
9.3
EPSS
26.9%
Threat
4.2
CVE-2025-45429 CRITICAL POC Act Now

In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow RCE Stack Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2025-45428 CRITICAL POC Act Now

In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow RCE Stack Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2025-45427 CRITICAL POC Act Now

In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow RCE Stack Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2025-2767 CRITICAL Act Now

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Ng Firewall
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2025-42605 CRITICAL Act Now

This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy