ACT NOW CVE-2025-32709 7.8 Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025. | ACT NOW CVE-2025-32706 7.8 Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday. | ACT NOW CVE-2025-32701 7.8 Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a series of CLFS kernel vulnerabilities exploited throughout 2023-2025. | ACT NOW CVE-2025-30400 7.8 Windows Desktop Window Manager (DWM) contains a use-after-free enabling local privilege escalation, exploited in the wild in May 2025 as another DWM zero-day. | ACT NOW CVE-2025-30397 7.5 Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the network through crafted content processed by the scripting engine. | ACT NOW CVE-2025-4428 7.2 Ivanti Endpoint Manager Mobile (EPMM) contains an authenticated code injection in the API component, allowing authenticated attackers to execute arbitrary code through crafted API requests. | EMERGENCY CVE-2025-45858 9.8 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%. | ACT NOW CVE-2024-46506 10.0 NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection through the settings update API. The savesettings function lacks authentication, enabling attackers to modify arbitrary configuration values and inject OS commands that execute on the host system. | ACT NOW CVE-2025-32756 9.8 Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice contain a stack-based buffer overflow enabling unauthenticated remote code execution across multiple Fortinet products. | ACT NOW CVE-2025-4632 9.8 Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary files as SYSTEM authority, enabling complete server compromise. | ACT NOW CVE-2025-42999 9.1 SAP NetWeaver Visual Composer allows privileged users to upload untrusted content that is deserialized on the server, enabling remote code execution. Companion to CVE-2025-31324. | EMERGENCY CVE-2025-3605 9.8 The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.7%. | ACT NOW CVE-2025-35939 6.9 Craft CMS stores arbitrary content provided by unauthenticated users in session files. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 33.1%. | EMERGENCY CVE-2025-2777 9.3 SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.6%. | EMERGENCY CVE-2025-2776 9.3 SysAid On-Prem contains a second unauthenticated XXE injection in Server URL processing, providing an alternative attack path to the Checkin XXE (CVE-2025-2775) for admin takeover. | EMERGENCY CVE-2025-2775 9.3 SysAid On-Prem versions through 23.3.40 contain an unauthenticated XXE injection in the Checkin processing, enabling administrator account takeover and file read primitives. | EMERGENCY CVE-2025-45491 9.8 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%. | ACT NOW CVE-2025-2011 7.5 The Depicter Slider & Popup Builder WordPress plugin through version 3.6.1 contains an unauthenticated SQL injection via the 's' search parameter. The insufficient escaping allows attackers to append additional SQL queries, extracting the entire WordPress database without authentication. | EMERGENCY CVE-2025-45042 9.8 Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%. | ACT NOW CVE-2025-27920 7.2 Output Messenger before 2.0.63 contains a directory traversal vulnerability enabling attackers to access files outside the intended directory through path manipulation in parameters. | EMERGENCY CVE-2025-44877 9.8 Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | EMERGENCY CVE-2025-44872 9.8 Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | EMERGENCY CVE-2025-27007 9.8 The SureTriggers WordPress plugin through version 1.0.82 contains a privilege escalation vulnerability that allows unauthenticated attackers to elevate their access to administrator level. This is a separate, broader vulnerability than the earlier CVE-2025-3102, affecting more installations since it works even on configured instances. | ACT NOW CVE-2025-27134 8.8 Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%. | ACT NOW CVE-2025-31650 7.5 Improper Input Validation vulnerability in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.3%. | ACT NOW CVE-2025-3935 8.1 ConnectWise ScreenConnect 25.2.3 and earlier may be susceptible to ViewState code injection when machine keys are compromised, enabling remote code execution through ASP.NET deserialization. | ACT NOW CVE-2025-3928 8.7 Commvault Web Server allows authenticated remote attackers to create and execute webshells, exploited in the wild alongside CVE-2025-34028 for comprehensive backup infrastructure compromise. | ACT NOW CVE-2025-32432 10.0 Craft CMS versions 3.x through 5.x contain a critical remote code execution vulnerability (CVSS 10.0) that allows unauthenticated attackers to execute arbitrary code on the server, actively exploited in the wild before patches were released. | EMERGENCY CVE-2025-31324 10.0 SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload malicious executable binaries for critical system compromise (CVSS 10.0). | ACT NOW CVE-2025-1976 8.6 Brocade Fabric OS 9.1.0 through 9.1.1d6 contains a code injection vulnerability that allows local admin users to execute arbitrary code with root privileges despite root access being removed. |

ACT NOW CVE-2025-32709 7.8 Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025. | ACT NOW CVE-2025-32706 7.8 Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday. | ACT NOW CVE-2025-32701 7.8 Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a series of CLFS kernel vulnerabilities exploited throughout 2023-2025. | ACT NOW CVE-2025-30400 7.8 Windows Desktop Window Manager (DWM) contains a use-after-free enabling local privilege escalation, exploited in the wild in May 2025 as another DWM zero-day. | ACT NOW CVE-2025-30397 7.5 Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the network through crafted content processed by the scripting engine. | ACT NOW CVE-2025-4428 7.2 Ivanti Endpoint Manager Mobile (EPMM) contains an authenticated code injection in the API component, allowing authenticated attackers to execute arbitrary code through crafted API requests. | EMERGENCY CVE-2025-45858 9.8 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%. | ACT NOW CVE-2024-46506 10.0 NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection through the settings update API. The savesettings function lacks authentication, enabling attackers to modify arbitrary configuration values and inject OS commands that execute on the host system. | ACT NOW CVE-2025-32756 9.8 Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice contain a stack-based buffer overflow enabling unauthenticated remote code execution across multiple Fortinet products. | ACT NOW CVE-2025-4632 9.8 Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary files as SYSTEM authority, enabling complete server compromise. | ACT NOW CVE-2025-42999 9.1 SAP NetWeaver Visual Composer allows privileged users to upload untrusted content that is deserialized on the server, enabling remote code execution. Companion to CVE-2025-31324. | EMERGENCY CVE-2025-3605 9.8 The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.7%. | ACT NOW CVE-2025-35939 6.9 Craft CMS stores arbitrary content provided by unauthenticated users in session files. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 33.1%. | EMERGENCY CVE-2025-2777 9.3 SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.6%. | EMERGENCY CVE-2025-2776 9.3 SysAid On-Prem contains a second unauthenticated XXE injection in Server URL processing, providing an alternative attack path to the Checkin XXE (CVE-2025-2775) for admin takeover. | EMERGENCY CVE-2025-2775 9.3 SysAid On-Prem versions through 23.3.40 contain an unauthenticated XXE injection in the Checkin processing, enabling administrator account takeover and file read primitives. | EMERGENCY CVE-2025-45491 9.8 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%. | ACT NOW CVE-2025-2011 7.5 The Depicter Slider & Popup Builder WordPress plugin through version 3.6.1 contains an unauthenticated SQL injection via the 's' search parameter. The insufficient escaping allows attackers to append additional SQL queries, extracting the entire WordPress database without authentication. | EMERGENCY CVE-2025-45042 9.8 Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%. | ACT NOW CVE-2025-27920 7.2 Output Messenger before 2.0.63 contains a directory traversal vulnerability enabling attackers to access files outside the intended directory through path manipulation in parameters. | EMERGENCY CVE-2025-44877 9.8 Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | EMERGENCY CVE-2025-44872 9.8 Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | EMERGENCY CVE-2025-27007 9.8 The SureTriggers WordPress plugin through version 1.0.82 contains a privilege escalation vulnerability that allows unauthenticated attackers to elevate their access to administrator level. This is a separate, broader vulnerability than the earlier CVE-2025-3102, affecting more installations since it works even on configured instances. | ACT NOW CVE-2025-27134 8.8 Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%. | ACT NOW CVE-2025-31650 7.5 Improper Input Validation vulnerability in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.3%. | ACT NOW CVE-2025-3935 8.1 ConnectWise ScreenConnect 25.2.3 and earlier may be susceptible to ViewState code injection when machine keys are compromised, enabling remote code execution through ASP.NET deserialization. | ACT NOW CVE-2025-3928 8.7 Commvault Web Server allows authenticated remote attackers to create and execute webshells, exploited in the wild alongside CVE-2025-34028 for comprehensive backup infrastructure compromise. | ACT NOW CVE-2025-32432 10.0 Craft CMS versions 3.x through 5.x contain a critical remote code execution vulnerability (CVSS 10.0) that allows unauthenticated attackers to execute arbitrary code on the server, actively exploited in the wild before patches were released. | EMERGENCY CVE-2025-31324 10.0 SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload malicious executable binaries for critical system compromise (CVSS 10.0). | ACT NOW CVE-2025-1976 8.6 Brocade Fabric OS 9.1.0 through 9.1.1d6 contains a code injection vulnerability that allows local admin users to execute arbitrary code with root privileges despite root access being removed. |