ACT NOW CVE-2025-49619 8.5 Skyvern versions through 0.1.85 contain a server-side template injection (SSTI) vulnerability in the Prompt field of workflow blocks (specifically Navigation v2 Block) that allows authenticated users to inject malicious Jinja2 template expressions. These expressions are evaluated server-side without proper sanitization, enabling blind remote code execution. With a CVSS score of 8.5, this vulnerability requires valid authentication but has high confidentiality impact and crosses trust boundaries (CVSS:3.1/S:C). | ACT NOW CVE-2025-45854 10.0 Unauthenticated RCE in JEHC-BPM 2.0.1 via execParams. EPSS 17.3%. PoC and patch available. CVSS 10.0. | EMERGENCY CVE-2025-44148 9.8 XSS in MailEnable before v10 via failure.aspx. EPSS 11.5%. PoC available. | ACT NOW CVE-2025-21479 8.6 A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized command execution path during specific GPU command sequences. KEV-listed alongside CVE-2025-21480, this indicates a systemic issue in Qualcomm's GPU micronode command validation that is being actively exploited in mobile attack chains. | ACT NOW CVE-2025-27038 7.5 Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory corruption during graphics rendering. KEV-listed, this vulnerability can be triggered through Chrome on Android devices with Qualcomm chipsets, providing a kernel-level exploitation path from web content. | ACT NOW CVE-2025-21480 8.6 Qualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized command execution during specific GPU command sequences. KEV-listed, this vulnerability enables privilege escalation from the GPU context, potentially allowing app-level attackers to gain kernel access through the GPU driver on Qualcomm-based Android devices. | ACT NOW CVE-2025-5419 8.8 Chrome's V8 JavaScript engine contains an out-of-bounds read and write vulnerability (CVE-2025-5419, CVSS 8.8) enabling remote heap corruption through crafted HTML pages. KEV-listed with EPSS 3.0% and public PoC, this vulnerability provides both read and write primitives in V8's heap, making it highly reliable for exploitation. | EMERGENCY CVE-2025-5086 9.0 Dassault Systemes DELMIA Apriso (releases 2020-2025) contains an unauthenticated deserialization vulnerability (CVE-2025-5086, CVSS 9.0) that enables remote code execution on manufacturing execution systems. KEV-listed with EPSS 39.2% and public PoC, this vulnerability threatens industrial manufacturing operations by targeting the MES (Manufacturing Execution System) layer that controls production processes. | ACT NOW CVE-2025-49113 9.9 Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows authenticated users to achieve remote code execution through a crafted upload URL. With EPSS 90.4% and KEV listing, this vulnerability in one of the most widely deployed open-source webmail platforms enables any email user to compromise the mail server, accessing all hosted mailboxes. | ACT NOW CVE-2025-48928 4.0 The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available. | ACT NOW CVE-2025-48927 5.3 The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available. | ACT NOW CVE-2025-48828 9.0 vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 running on PHP 8.1 or later allow unauthenticated access to protected API controllers. The /api.php endpoint fails to properly enforce method visibility on PHP 8.1+, enabling attackers to invoke internal API methods that should be restricted, as exploited in the wild in May 2025. | ACT NOW CVE-2025-48827 10.0 vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 are vulnerable to remote code execution through crafted template conditional expressions. Attackers abuse PHP's alternative function invocation syntax to bypass template engine security checks and execute arbitrary PHP code, as actively exploited in the wild in May 2025. | ACT NOW CVE-2025-34026 9.2 Versa Concerto SD-WAN orchestration platform contains an authentication bypass in Traefik reverse proxy configuration, exposing Actuator endpoints with heap dumps and trace logs. | ACT NOW CVE-2025-4008 8.7 Meteobridge weather station web interface contains a command injection vulnerability allowing unauthenticated remote attackers to execute arbitrary commands through crafted requests to CGI endpoints. | ACT NOW CVE-2025-44882 9.8 A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%. | ACT NOW CVE-2025-44880 9.8 A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%. | ACT NOW CVE-2025-44881 9.8 A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%. | ACT NOW CVE-2025-47916 10.0 Invision Community 5.0.0 through 5.0.6 contains an unauthenticated remote code execution vulnerability in the template engine's themeeditor.php. By crafting template conditional strings using PHP's alternative function call syntax, attackers bypass security filters and execute arbitrary PHP code on the server. | ACT NOW CVE-2025-32709 7.8 Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025. | ACT NOW CVE-2025-32706 7.8 Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday. | ACT NOW CVE-2025-32701 7.8 Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a series of CLFS kernel vulnerabilities exploited throughout 2023-2025. | ACT NOW CVE-2025-30400 7.8 Windows Desktop Window Manager (DWM) contains a use-after-free enabling local privilege escalation, exploited in the wild in May 2025 as another DWM zero-day. | ACT NOW CVE-2025-30397 7.5 Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the network through crafted content processed by the scripting engine. | ACT NOW CVE-2025-4428 7.2 Ivanti Endpoint Manager Mobile (EPMM) contains an authenticated code injection in the API component, allowing authenticated attackers to execute arbitrary code through crafted API requests. | EMERGENCY CVE-2025-45858 9.8 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%. | ACT NOW CVE-2024-46506 10.0 NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection through the settings update API. The savesettings function lacks authentication, enabling attackers to modify arbitrary configuration values and inject OS commands that execute on the host system. | ACT NOW CVE-2025-32756 9.8 Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice contain a stack-based buffer overflow enabling unauthenticated remote code execution across multiple Fortinet products. | ACT NOW CVE-2025-4632 9.8 Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary files as SYSTEM authority, enabling complete server compromise. | ACT NOW CVE-2025-42999 9.1 SAP NetWeaver Visual Composer allows privileged users to upload untrusted content that is deserialized on the server, enabling remote code execution. Companion to CVE-2025-31324. |

ACT NOW CVE-2025-49619 8.5 Skyvern versions through 0.1.85 contain a server-side template injection (SSTI) vulnerability in the Prompt field of workflow blocks (specifically Navigation v2 Block) that allows authenticated users to inject malicious Jinja2 template expressions. These expressions are evaluated server-side without proper sanitization, enabling blind remote code execution. With a CVSS score of 8.5, this vulnerability requires valid authentication but has high confidentiality impact and crosses trust boundaries (CVSS:3.1/S:C). | ACT NOW CVE-2025-45854 10.0 Unauthenticated RCE in JEHC-BPM 2.0.1 via execParams. EPSS 17.3%. PoC and patch available. CVSS 10.0. | EMERGENCY CVE-2025-44148 9.8 XSS in MailEnable before v10 via failure.aspx. EPSS 11.5%. PoC available. | ACT NOW CVE-2025-21479 8.6 A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized command execution path during specific GPU command sequences. KEV-listed alongside CVE-2025-21480, this indicates a systemic issue in Qualcomm's GPU micronode command validation that is being actively exploited in mobile attack chains. | ACT NOW CVE-2025-27038 7.5 Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory corruption during graphics rendering. KEV-listed, this vulnerability can be triggered through Chrome on Android devices with Qualcomm chipsets, providing a kernel-level exploitation path from web content. | ACT NOW CVE-2025-21480 8.6 Qualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized command execution during specific GPU command sequences. KEV-listed, this vulnerability enables privilege escalation from the GPU context, potentially allowing app-level attackers to gain kernel access through the GPU driver on Qualcomm-based Android devices. | ACT NOW CVE-2025-5419 8.8 Chrome's V8 JavaScript engine contains an out-of-bounds read and write vulnerability (CVE-2025-5419, CVSS 8.8) enabling remote heap corruption through crafted HTML pages. KEV-listed with EPSS 3.0% and public PoC, this vulnerability provides both read and write primitives in V8's heap, making it highly reliable for exploitation. | EMERGENCY CVE-2025-5086 9.0 Dassault Systemes DELMIA Apriso (releases 2020-2025) contains an unauthenticated deserialization vulnerability (CVE-2025-5086, CVSS 9.0) that enables remote code execution on manufacturing execution systems. KEV-listed with EPSS 39.2% and public PoC, this vulnerability threatens industrial manufacturing operations by targeting the MES (Manufacturing Execution System) layer that controls production processes. | ACT NOW CVE-2025-49113 9.9 Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows authenticated users to achieve remote code execution through a crafted upload URL. With EPSS 90.4% and KEV listing, this vulnerability in one of the most widely deployed open-source webmail platforms enables any email user to compromise the mail server, accessing all hosted mailboxes. | ACT NOW CVE-2025-48928 4.0 The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available. | ACT NOW CVE-2025-48927 5.3 The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available. | ACT NOW CVE-2025-48828 9.0 vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 running on PHP 8.1 or later allow unauthenticated access to protected API controllers. The /api.php endpoint fails to properly enforce method visibility on PHP 8.1+, enabling attackers to invoke internal API methods that should be restricted, as exploited in the wild in May 2025. | ACT NOW CVE-2025-48827 10.0 vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 are vulnerable to remote code execution through crafted template conditional expressions. Attackers abuse PHP's alternative function invocation syntax to bypass template engine security checks and execute arbitrary PHP code, as actively exploited in the wild in May 2025. | ACT NOW CVE-2025-34026 9.2 Versa Concerto SD-WAN orchestration platform contains an authentication bypass in Traefik reverse proxy configuration, exposing Actuator endpoints with heap dumps and trace logs. | ACT NOW CVE-2025-4008 8.7 Meteobridge weather station web interface contains a command injection vulnerability allowing unauthenticated remote attackers to execute arbitrary commands through crafted requests to CGI endpoints. | ACT NOW CVE-2025-44882 9.8 A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%. | ACT NOW CVE-2025-44880 9.8 A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%. | ACT NOW CVE-2025-44881 9.8 A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%. | ACT NOW CVE-2025-47916 10.0 Invision Community 5.0.0 through 5.0.6 contains an unauthenticated remote code execution vulnerability in the template engine's themeeditor.php. By crafting template conditional strings using PHP's alternative function call syntax, attackers bypass security filters and execute arbitrary PHP code on the server. | ACT NOW CVE-2025-32709 7.8 Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025. | ACT NOW CVE-2025-32706 7.8 Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday. | ACT NOW CVE-2025-32701 7.8 Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a series of CLFS kernel vulnerabilities exploited throughout 2023-2025. | ACT NOW CVE-2025-30400 7.8 Windows Desktop Window Manager (DWM) contains a use-after-free enabling local privilege escalation, exploited in the wild in May 2025 as another DWM zero-day. | ACT NOW CVE-2025-30397 7.5 Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the network through crafted content processed by the scripting engine. | ACT NOW CVE-2025-4428 7.2 Ivanti Endpoint Manager Mobile (EPMM) contains an authenticated code injection in the API component, allowing authenticated attackers to execute arbitrary code through crafted API requests. | EMERGENCY CVE-2025-45858 9.8 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%. | ACT NOW CVE-2024-46506 10.0 NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection through the settings update API. The savesettings function lacks authentication, enabling attackers to modify arbitrary configuration values and inject OS commands that execute on the host system. | ACT NOW CVE-2025-32756 9.8 Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice contain a stack-based buffer overflow enabling unauthenticated remote code execution across multiple Fortinet products. | ACT NOW CVE-2025-4632 9.8 Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary files as SYSTEM authority, enabling complete server compromise. | ACT NOW CVE-2025-42999 9.1 SAP NetWeaver Visual Composer allows privileged users to upload untrusted content that is deserialized on the server, enabling remote code execution. Companion to CVE-2025-31324. |