Skip to main content
CVE-2025-47781 CRITICAL POC Act Now

Rallly is an open-source scheduling and collaboration tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rallly
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-47292 CRITICAL Act Now

Cap Collectif is an online decision making platform that integrates several tools. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization
NVD GitHub
CVSS 4.0
9.5
EPSS
4.9%
CVE-2024-24780 CRITICAL PATCH Act Now

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Code Injection Iotdb
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2025-47889 CRITICAL Act Now

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Wso2 Oauth
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-4641 CRITICAL PATCH Act Now

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Microsoft Java Apple Windows +1
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-3623 CRITICAL PATCH Act Now

The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

WordPress PHP Deserialization Uncanny Automator
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2025-47884 CRITICAL PATCH This Week

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openid Connect Provider
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2025-27891 CRITICAL This Week

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Samsung Exynos 980 Firmware Exynos 990 Firmware +15
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-32363 CRITICAL This Week

mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Deserialization
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2025-4638 CRITICAL PATCH This Week

A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Point Cloud Library Red Hat Suse
NVD GitHub
CVSS 4.0
9.2
EPSS
0.4%
CVE-2025-47777 CRITICAL POC PATCH Act Now

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS 5ire
NVD GitHub
CVSS 3.1
9.6
EPSS
2.2%
CVE-2024-10865 CRITICAL This Week

Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication.5. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
9.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy