EMERGENCY CVE-2025-44877 9.8 Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | EMERGENCY CVE-2025-44872 9.8 Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | EMERGENCY CVE-2025-27007 9.8 The SureTriggers WordPress plugin through version 1.0.82 contains a privilege escalation vulnerability that allows unauthenticated attackers to elevate their access to administrator level. This is a separate, broader vulnerability than the earlier CVE-2025-3102, affecting more installations since it works even on configured instances. | ACT NOW CVE-2025-27134 8.8 Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%. | ACT NOW CVE-2025-31650 7.5 Improper Input Validation vulnerability in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.3%. | ACT NOW CVE-2025-3935 8.1 ConnectWise ScreenConnect 25.2.3 and earlier may be susceptible to ViewState code injection when machine keys are compromised, enabling remote code execution through ASP.NET deserialization. | ACT NOW CVE-2025-3928 8.7 Commvault Web Server allows authenticated remote attackers to create and execute webshells, exploited in the wild alongside CVE-2025-34028 for comprehensive backup infrastructure compromise. | ACT NOW CVE-2025-32432 10.0 Craft CMS versions 3.x through 5.x contain a critical remote code execution vulnerability (CVSS 10.0) that allows unauthenticated attackers to execute arbitrary code on the server, actively exploited in the wild before patches were released. | EMERGENCY CVE-2025-31324 10.0 SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload malicious executable binaries for critical system compromise (CVSS 10.0). | ACT NOW CVE-2025-1976 8.6 Brocade Fabric OS 9.1.0 through 9.1.1d6 contains a code injection vulnerability that allows local admin users to execute arbitrary code with root privileges despite root access being removed. | ACT NOW CVE-2025-32969 9.3 XWiki is a generic wiki platform. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.9%. | ACT NOW CVE-2025-34028 9.3 Commvault Command Center Innovation Release allows unauthenticated remote code execution through path traversal in ZIP file upload handling, enabling malicious JSP deployment on the server. | ACT NOW CVE-2025-42599 9.8 Active! mail 6 contains a stack-based buffer overflow allowing unauthenticated remote code execution and denial of service through crafted requests, exploited in attacks against Japanese organizations in April 2025. | ACT NOW CVE-2025-32433 10.0 Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling, enabling unauthorized system access with CVSS 10.0. | EMERGENCY CVE-2025-31201 9.8 Apple devices contain a vulnerability allowing attackers with arbitrary read/write to bypass Pointer Authentication Codes (PAC), addressed by removing the vulnerable code. Exploited alongside CVE-2025-31200. | EMERGENCY CVE-2025-31200 9.8 Apple CoreAudio contains a memory corruption vulnerability exploitable through maliciously crafted audio streams in media files, enabling code execution. Exploited in extremely sophisticated targeted attacks in April 2025. | ACT NOW CVE-2025-29471 8.3 Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 16.0%. | EMERGENCY CVE-2025-28137 9.8 The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%. | ACT NOW CVE-2025-2563 8.1 The User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their account role when the Membership Addon is enabled. This allows unauthenticated users to register with administrator privileges, bypassing all intended access controls. | ACT NOW CVE-2024-58136 9.0 Yii Framework 2 before 2.0.52 contains a behavior attachment regression that allows attackers to exploit the __class array key for arbitrary class instantiation, exploited in the wild February-April 2025. | ACT NOW CVE-2025-32375 9.8 BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.3%. | ACT NOW CVE-2025-29824 7.8 Windows Common Log File System Driver contains a use-after-free enabling local privilege escalation, exploited in the wild in April 2025. CLFS driver vulnerabilities have become a recurring Windows kernel exploit target. | ACT NOW CVE-2025-3248 9.8 Langflow before 1.3.0 allows unauthenticated remote code injection through the /api/v1/validate/code endpoint, enabling attackers to execute arbitrary Python code on the server without authentication. | ACT NOW CVE-2025-27520 9.8 BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deserialization. The serving endpoint accepts pickled Python objects that are deserialized without validation, allowing attackers to execute arbitrary code on any BentoML inference server. | EMERGENCY CVE-2025-28146 9.8 Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%. | ACT NOW CVE-2025-31161 9.8 CrushFTP 10 and 11 contain an authentication bypass allowing takeover of the crushadmin account through a race condition in the AWS4-HMAC authorization method, massively exploited in March-April 2025. | ACT NOW CVE-2025-30406 9.0 Gladinet CentreStack contains a deserialization vulnerability caused by a hardcoded machineKey in the portal, allowing unauthenticated remote code execution through crafted ViewState payloads. | ACT NOW CVE-2025-22457 9.0 Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated remote code execution, the third major Ivanti VPN zero-day within fifteen months, exploited by UNC5221. | EMERGENCY CVE-2025-2945 9.9 pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoints. The query_commited and high_availability parameters are passed directly to Python's eval() function, allowing authenticated users to execute arbitrary Python code on the pgAdmin server. |

EMERGENCY CVE-2025-44877 9.8 Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | EMERGENCY CVE-2025-44872 9.8 Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | EMERGENCY CVE-2025-27007 9.8 The SureTriggers WordPress plugin through version 1.0.82 contains a privilege escalation vulnerability that allows unauthenticated attackers to elevate their access to administrator level. This is a separate, broader vulnerability than the earlier CVE-2025-3102, affecting more installations since it works even on configured instances. | ACT NOW CVE-2025-27134 8.8 Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%. | ACT NOW CVE-2025-31650 7.5 Improper Input Validation vulnerability in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.3%. | ACT NOW CVE-2025-3935 8.1 ConnectWise ScreenConnect 25.2.3 and earlier may be susceptible to ViewState code injection when machine keys are compromised, enabling remote code execution through ASP.NET deserialization. | ACT NOW CVE-2025-3928 8.7 Commvault Web Server allows authenticated remote attackers to create and execute webshells, exploited in the wild alongside CVE-2025-34028 for comprehensive backup infrastructure compromise. | ACT NOW CVE-2025-32432 10.0 Craft CMS versions 3.x through 5.x contain a critical remote code execution vulnerability (CVSS 10.0) that allows unauthenticated attackers to execute arbitrary code on the server, actively exploited in the wild before patches were released. | EMERGENCY CVE-2025-31324 10.0 SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload malicious executable binaries for critical system compromise (CVSS 10.0). | ACT NOW CVE-2025-1976 8.6 Brocade Fabric OS 9.1.0 through 9.1.1d6 contains a code injection vulnerability that allows local admin users to execute arbitrary code with root privileges despite root access being removed. | ACT NOW CVE-2025-32969 9.3 XWiki is a generic wiki platform. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.9%. | ACT NOW CVE-2025-34028 9.3 Commvault Command Center Innovation Release allows unauthenticated remote code execution through path traversal in ZIP file upload handling, enabling malicious JSP deployment on the server. | ACT NOW CVE-2025-42599 9.8 Active! mail 6 contains a stack-based buffer overflow allowing unauthenticated remote code execution and denial of service through crafted requests, exploited in attacks against Japanese organizations in April 2025. | ACT NOW CVE-2025-32433 10.0 Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling, enabling unauthorized system access with CVSS 10.0. | EMERGENCY CVE-2025-31201 9.8 Apple devices contain a vulnerability allowing attackers with arbitrary read/write to bypass Pointer Authentication Codes (PAC), addressed by removing the vulnerable code. Exploited alongside CVE-2025-31200. | EMERGENCY CVE-2025-31200 9.8 Apple CoreAudio contains a memory corruption vulnerability exploitable through maliciously crafted audio streams in media files, enabling code execution. Exploited in extremely sophisticated targeted attacks in April 2025. | ACT NOW CVE-2025-29471 8.3 Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 16.0%. | EMERGENCY CVE-2025-28137 9.8 The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%. | ACT NOW CVE-2025-2563 8.1 The User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their account role when the Membership Addon is enabled. This allows unauthenticated users to register with administrator privileges, bypassing all intended access controls. | ACT NOW CVE-2024-58136 9.0 Yii Framework 2 before 2.0.52 contains a behavior attachment regression that allows attackers to exploit the __class array key for arbitrary class instantiation, exploited in the wild February-April 2025. | ACT NOW CVE-2025-32375 9.8 BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.3%. | ACT NOW CVE-2025-29824 7.8 Windows Common Log File System Driver contains a use-after-free enabling local privilege escalation, exploited in the wild in April 2025. CLFS driver vulnerabilities have become a recurring Windows kernel exploit target. | ACT NOW CVE-2025-3248 9.8 Langflow before 1.3.0 allows unauthenticated remote code injection through the /api/v1/validate/code endpoint, enabling attackers to execute arbitrary Python code on the server without authentication. | ACT NOW CVE-2025-27520 9.8 BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deserialization. The serving endpoint accepts pickled Python objects that are deserialized without validation, allowing attackers to execute arbitrary code on any BentoML inference server. | EMERGENCY CVE-2025-28146 9.8 Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%. | ACT NOW CVE-2025-31161 9.8 CrushFTP 10 and 11 contain an authentication bypass allowing takeover of the crushadmin account through a race condition in the AWS4-HMAC authorization method, massively exploited in March-April 2025. | ACT NOW CVE-2025-30406 9.0 Gladinet CentreStack contains a deserialization vulnerability caused by a hardcoded machineKey in the portal, allowing unauthenticated remote code execution through crafted ViewState payloads. | ACT NOW CVE-2025-22457 9.0 Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated remote code execution, the third major Ivanti VPN zero-day within fifteen months, exploited by UNC5221. | EMERGENCY CVE-2025-2945 9.9 pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoints. The query_commited and high_availability parameters are passed directly to Python's eval() function, allowing authenticated users to execute arbitrary Python code on the pgAdmin server. |