Skip to main content
CVE-2025-4009 CRITICAL POC THREAT Emergency

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

Command Injection PHP Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
12.3%
CVE-2025-45343 CRITICAL POC Act Now

An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Authentication Bypass W18E Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-48749 CRITICAL This Week

Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Directory Manager
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-3357 CRITICAL This Week

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM RCE Tivoli Monitoring
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-5277 CRITICAL This Week

aws-mcp-server MCP server is vulnerable to command injection. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.4
EPSS
0.7%
CVE-2025-27528 CRITICAL PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-22252 CRITICAL CERT-EU This Week

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortiswitchmanager Fortios
NVD
CVSS 3.1
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy