Skip to main content
CVE-2025-49113 CRITICAL POC KEV PATCH THREAT Act Now

Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows authenticated users to achieve remote code execution through a crafted upload URL. With EPSS 90.4% and KEV listing, this vulnerability in one of the most widely deployed open-source webmail platforms enables any email user to compromise the mail server, accessing all hosted mailboxes.

Roundcube PHP RCE Deserialization Authentication Bypass +4
NVD GitHub Exploit-DB
CVSS 3.1
9.9
EPSS
90.4%
Threat
7.7
CVE-2025-5086 CRITICAL POC KEV THREAT Emergency

Dassault Systemes DELMIA Apriso (releases 2020-2025) contains an unauthenticated deserialization vulnerability (CVE-2025-5086, CVSS 9.0) that enables remote code execution on manufacturing execution systems. KEV-listed with EPSS 39.2% and public PoC, this vulnerability threatens industrial manufacturing operations by targeting the MES (Manufacturing Execution System) layer that controls production processes.

Deserialization RCE Delmia Apriso
NVD
CVSS 3.1
9.0
EPSS
39.2%
Threat
6.0
CVE-2025-1750 CRITICAL POC PATCH Act Now

SQL injection in llama_index DuckDB vector store v0.12.19. PoC and patch available.

SQLi RCE Llamaindex
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2025-37096 CRITICAL PATCH Act Now

Command Injection Rce (3Rd) in HPE StoreOnce backup storage software. One of 6 critical CVEs.

RCE Command Injection Storeonce System
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-37092 CRITICAL PATCH Act Now

Command Injection Rce (2Nd) in HPE StoreOnce backup storage software. One of 6 critical CVEs.

RCE Command Injection Storeonce System
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-37089 CRITICAL PATCH Act Now

Command Injection Rce in HPE StoreOnce backup storage software. One of 6 critical CVEs.

RCE Command Injection Storeonce System
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-37095 CRITICAL PATCH Act Now

Directory Traversal in HPE StoreOnce backup storage software. One of 6 critical CVEs.

Information Disclosure Path Traversal Storeonce System
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-20672 CRITICAL Act Now

Heap OOB write in Android Bluetooth driver via incorrect bounds check.

Bluetooth Privilege Escalation Buffer Overflow Mt7902 Firmware Mt7927 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-20674 CRITICAL Act Now

Remote privilege escalation in Android WLAN AP driver via packet injection.

Privilege Escalation Code Injection Software Development Kit Openwrt
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-37090 CRITICAL PATCH Act Now

Ssrf in HPE StoreOnce backup storage software. One of 6 critical CVEs.

SSRF Storeonce System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-37093 CRITICAL PATCH Act Now

Auth Bypass in HPE StoreOnce backup storage software. One of 6 critical CVEs.

Authentication Bypass Storeonce System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-0324 CRITICAL PATCH Act Now

Privilege escalation in Axis VAPIX framework.

Privilege Escalation Axis Os 2024 Axis Os
NVD
CVSS 3.1
9.4
EPSS
0.1%
CVE-2025-23099 CRITICAL Act Now

OOB write in Samsung Exynos 1480/2400 processors.

Buffer Overflow Samsung Exynos 1480 Firmware Exynos 2400 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy