EMERGENCY CVE-2025-3605 9.8 The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.7%. | ACT NOW CVE-2025-35939 6.9 Craft CMS stores arbitrary content provided by unauthenticated users in session files. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 33.1%. | EMERGENCY CVE-2025-2777 9.3 SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.6%. | EMERGENCY CVE-2025-2776 9.3 SysAid On-Prem contains a second unauthenticated XXE injection in Server URL processing, providing an alternative attack path to the Checkin XXE (CVE-2025-2775) for admin takeover. | EMERGENCY CVE-2025-2775 9.3 SysAid On-Prem versions through 23.3.40 contain an unauthenticated XXE injection in the Checkin processing, enabling administrator account takeover and file read primitives. | EMERGENCY CVE-2025-45491 9.8 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%. | ACT NOW CVE-2025-2011 7.5 The Depicter Slider & Popup Builder WordPress plugin through version 3.6.1 contains an unauthenticated SQL injection via the 's' search parameter. The insufficient escaping allows attackers to append additional SQL queries, extracting the entire WordPress database without authentication. | EMERGENCY CVE-2025-45042 9.8 Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%. | ACT NOW CVE-2025-27920 7.2 Output Messenger before 2.0.63 contains a directory traversal vulnerability enabling attackers to access files outside the intended directory through path manipulation in parameters. | EMERGENCY CVE-2025-44877 9.8 Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | EMERGENCY CVE-2025-44872 9.8 Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | EMERGENCY CVE-2025-27007 9.8 The SureTriggers WordPress plugin through version 1.0.82 contains a privilege escalation vulnerability that allows unauthenticated attackers to elevate their access to administrator level. This is a separate, broader vulnerability than the earlier CVE-2025-3102, affecting more installations since it works even on configured instances. | ACT NOW CVE-2025-27134 8.8 Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%. | ACT NOW CVE-2025-31650 7.5 Improper Input Validation vulnerability in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.3%. | ACT NOW CVE-2025-3935 8.1 ConnectWise ScreenConnect 25.2.3 and earlier may be susceptible to ViewState code injection when machine keys are compromised, enabling remote code execution through ASP.NET deserialization. | ACT NOW CVE-2025-3928 8.7 Commvault Web Server allows authenticated remote attackers to create and execute webshells, exploited in the wild alongside CVE-2025-34028 for comprehensive backup infrastructure compromise. | ACT NOW CVE-2025-32432 10.0 Craft CMS versions 3.x through 5.x contain a critical remote code execution vulnerability (CVSS 10.0) that allows unauthenticated attackers to execute arbitrary code on the server, actively exploited in the wild before patches were released. | EMERGENCY CVE-2025-31324 10.0 SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload malicious executable binaries for critical system compromise (CVSS 10.0). | ACT NOW CVE-2025-1976 8.6 Brocade Fabric OS 9.1.0 through 9.1.1d6 contains a code injection vulnerability that allows local admin users to execute arbitrary code with root privileges despite root access being removed. | ACT NOW CVE-2025-32969 9.3 XWiki is a generic wiki platform. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.9%. | ACT NOW CVE-2025-34028 9.3 Commvault Command Center Innovation Release allows unauthenticated remote code execution through path traversal in ZIP file upload handling, enabling malicious JSP deployment on the server. | ACT NOW CVE-2025-42599 9.8 Active! mail 6 contains a stack-based buffer overflow allowing unauthenticated remote code execution and denial of service through crafted requests, exploited in attacks against Japanese organizations in April 2025. | ACT NOW CVE-2025-32433 10.0 Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling, enabling unauthorized system access with CVSS 10.0. | EMERGENCY CVE-2025-31201 9.8 Apple devices contain a vulnerability allowing attackers with arbitrary read/write to bypass Pointer Authentication Codes (PAC), addressed by removing the vulnerable code. Exploited alongside CVE-2025-31200. | EMERGENCY CVE-2025-31200 9.8 Apple CoreAudio contains a memory corruption vulnerability exploitable through maliciously crafted audio streams in media files, enabling code execution. Exploited in extremely sophisticated targeted attacks in April 2025. | ACT NOW CVE-2025-29471 8.3 Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 16.0%. | EMERGENCY CVE-2025-28137 9.8 The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%. | ACT NOW CVE-2025-2563 8.1 The User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their account role when the Membership Addon is enabled. This allows unauthenticated users to register with administrator privileges, bypassing all intended access controls. |

EMERGENCY CVE-2025-3605 9.8 The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.7%. | ACT NOW CVE-2025-35939 6.9 Craft CMS stores arbitrary content provided by unauthenticated users in session files. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 33.1%. | EMERGENCY CVE-2025-2777 9.3 SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.6%. | EMERGENCY CVE-2025-2776 9.3 SysAid On-Prem contains a second unauthenticated XXE injection in Server URL processing, providing an alternative attack path to the Checkin XXE (CVE-2025-2775) for admin takeover. | EMERGENCY CVE-2025-2775 9.3 SysAid On-Prem versions through 23.3.40 contain an unauthenticated XXE injection in the Checkin processing, enabling administrator account takeover and file read primitives. | EMERGENCY CVE-2025-45491 9.8 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%. | ACT NOW CVE-2025-2011 7.5 The Depicter Slider & Popup Builder WordPress plugin through version 3.6.1 contains an unauthenticated SQL injection via the 's' search parameter. The insufficient escaping allows attackers to append additional SQL queries, extracting the entire WordPress database without authentication. | EMERGENCY CVE-2025-45042 9.8 Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%. | ACT NOW CVE-2025-27920 7.2 Output Messenger before 2.0.63 contains a directory traversal vulnerability enabling attackers to access files outside the intended directory through path manipulation in parameters. | EMERGENCY CVE-2025-44877 9.8 Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | EMERGENCY CVE-2025-44872 9.8 Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | EMERGENCY CVE-2025-27007 9.8 The SureTriggers WordPress plugin through version 1.0.82 contains a privilege escalation vulnerability that allows unauthenticated attackers to elevate their access to administrator level. This is a separate, broader vulnerability than the earlier CVE-2025-3102, affecting more installations since it works even on configured instances. | ACT NOW CVE-2025-27134 8.8 Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%. | ACT NOW CVE-2025-31650 7.5 Improper Input Validation vulnerability in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.3%. | ACT NOW CVE-2025-3935 8.1 ConnectWise ScreenConnect 25.2.3 and earlier may be susceptible to ViewState code injection when machine keys are compromised, enabling remote code execution through ASP.NET deserialization. | ACT NOW CVE-2025-3928 8.7 Commvault Web Server allows authenticated remote attackers to create and execute webshells, exploited in the wild alongside CVE-2025-34028 for comprehensive backup infrastructure compromise. | ACT NOW CVE-2025-32432 10.0 Craft CMS versions 3.x through 5.x contain a critical remote code execution vulnerability (CVSS 10.0) that allows unauthenticated attackers to execute arbitrary code on the server, actively exploited in the wild before patches were released. | EMERGENCY CVE-2025-31324 10.0 SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload malicious executable binaries for critical system compromise (CVSS 10.0). | ACT NOW CVE-2025-1976 8.6 Brocade Fabric OS 9.1.0 through 9.1.1d6 contains a code injection vulnerability that allows local admin users to execute arbitrary code with root privileges despite root access being removed. | ACT NOW CVE-2025-32969 9.3 XWiki is a generic wiki platform. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.9%. | ACT NOW CVE-2025-34028 9.3 Commvault Command Center Innovation Release allows unauthenticated remote code execution through path traversal in ZIP file upload handling, enabling malicious JSP deployment on the server. | ACT NOW CVE-2025-42599 9.8 Active! mail 6 contains a stack-based buffer overflow allowing unauthenticated remote code execution and denial of service through crafted requests, exploited in attacks against Japanese organizations in April 2025. | ACT NOW CVE-2025-32433 10.0 Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling, enabling unauthorized system access with CVSS 10.0. | EMERGENCY CVE-2025-31201 9.8 Apple devices contain a vulnerability allowing attackers with arbitrary read/write to bypass Pointer Authentication Codes (PAC), addressed by removing the vulnerable code. Exploited alongside CVE-2025-31200. | EMERGENCY CVE-2025-31200 9.8 Apple CoreAudio contains a memory corruption vulnerability exploitable through maliciously crafted audio streams in media files, enabling code execution. Exploited in extremely sophisticated targeted attacks in April 2025. | ACT NOW CVE-2025-29471 8.3 Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 16.0%. | EMERGENCY CVE-2025-28137 9.8 The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%. | ACT NOW CVE-2025-2563 8.1 The User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their account role when the Membership Addon is enabled. This allows unauthenticated users to register with administrator privileges, bypassing all intended access controls. |