Skip to main content
CVE-2025-34026 CRITICAL POC KEV THREAT Emergency

Versa Concerto SD-WAN orchestration platform contains an authentication bypass in Traefik reverse proxy configuration, exposing Actuator endpoints with heap dumps and trace logs.

Authentication Bypass Concerto
NVD
CVSS 4.0
9.2
EPSS
75.1%
Threat
7.1
CVE-2025-34027 CRITICAL POC Act Now

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass
NVD
CVSS 4.0
10.0
EPSS
5.2%
CVE-2025-4524 CRITICAL POC Act Now

The Madara - Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE WordPress Path Traversal
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2025-36535 CRITICAL Act Now

The embedded web server lacks authentication and access controls, allowing unrestricted remote access. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass
NVD
CVSS 4.0
10.0
EPSS
0.4%
CVE-2025-41426 CRITICAL Act Now

Affected Vertiv products contain a stack based buffer overflow vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 4.0
9.3
EPSS
0.9%
CVE-2025-46412 CRITICAL Act Now

Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-41232 CRITICAL PATCH Act Now

Spring Security Aspects may not correctly locate method security annotations on private methods. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Red Hat
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-44083 CRITICAL This Week

An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Di 8100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-27558 CRITICAL This Week

IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-48200 CRITICAL PATCH This Week

The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization
NVD
CVSS 3.1
10.0
EPSS
2.2%
CVE-2025-4094 CRITICAL POC Act Now

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Digits PHP
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy