Skip to main content
CVE-2025-45042 CRITICAL POC THREAT Emergency

Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Command Injection Tenda Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
14.8%
CVE-2024-57235 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57234 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57233 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57232 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57231 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57230 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57229 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-44071 CRITICAL POC Act Now

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2025-45616 CRITICAL POC Act Now

Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Brcc
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-45615 CRITICAL POC Act Now

Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Yaoqishan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-45611 CRITICAL POC Act Now

Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hope Boot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-45612 CRITICAL POC Act Now

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xmall
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-45607 CRITICAL POC Act Now

An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Itranswarp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-44074 CRITICAL POC Act Now

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-44072 CRITICAL POC Act Now

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-45238 CRITICAL POC Act Now

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Foxcms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2025-1909 CRITICAL Act Now

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple WordPress Authentication Bypass Buddyboss Platform PHP
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-4052 CRITICAL PATCH Act Now

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Suse
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-4318 CRITICAL Act Now

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 4.0
9.5
EPSS
0.2%
CVE-2025-24977 CRITICAL PATCH Act Now

OpenCTI is an open cyber threat intelligence (CTI) platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Opencti
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2025-2905 CRITICAL PATCH Act Now

Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Api Manager
NVD
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy