Skip to main content
CVE-2025-27007 CRITICAL POC THREAT Emergency

The SureTriggers WordPress plugin through version 1.0.82 contains a privilege escalation vulnerability that allows unauthenticated attackers to elevate their access to administrator level. This is a separate, broader vulnerability than the earlier CVE-2025-3102, affecting more installations since it works even on configured instances.

Privilege Escalation
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
84.0%
Threat
6.0
CVE-2024-48905 CRITICAL POC Act Now

Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Replyone
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-46337 CRITICAL PATCH Act Now

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi PostgreSQL
NVD GitHub
CVSS 3.1
10.0
EPSS
0.5%
CVE-2025-32011 CRITICAL Act Now

KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal
NVD
CVSS 4.0
9.3
EPSS
2.4%
CVE-2025-24522 CRITICAL Act Now

KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-47154 CRITICAL Act Now

LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.0
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy