Skip to main content
CVE-2025-20281 CRITICAL POC KEV THREAT CERT-EU Emergency

Cisco ISE and ISE-PIC contain a critical input injection vulnerability (CVE-2025-20281, CVSS 10.0) that allows unauthenticated remote attackers to execute arbitrary code as root on the underlying operating system. With EPSS 30.4% and KEV listing, this vulnerability targets the network access control platform that governs who and what can access the enterprise network — compromising ISE means controlling network admission for the entire organization.

RCE Cisco Privilege Escalation Authentication Bypass Identity Services Engine Passive Identity Connector +1
NVD
CVSS 3.1
10.0
EPSS
30.4%
Threat
5.9
CVE-2025-6543 CRITICAL POC KEV EUVD KEV PATCH THREAT CERT-EU Emergency

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended control flow and denial of service when configured as VPN or AAA virtual server. KEV-listed with public PoC, this vulnerability paired with CVE-2025-5777 (memory overread) indicates a systemic weakness in NetScaler's VPN request processing that enables both data theft and remote code execution.

Citrix Denial Of Service Netscaler Gateway Netscaler Application Delivery Controller
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
Threat
5.0
CVE-2024-51978 CRITICAL POC THREAT Emergency

Certain devices expose serial numbers via HTTP/HTTPS/IPP and SNMP that can be used to generate the default administrator password. An unauthenticated attacker who discovers the serial number can calculate the admin password and gain full administrative control of the device without brute force.

Information Disclosure HP Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
48.3%
Threat
4.9
CVE-2021-4457 CRITICAL POC PATCH Act Now

CVE-2021-4457 is an unauthenticated arbitrary file upload vulnerability in the ZoomSounds WordPress plugin versions before 6.05. The vulnerability exists in a PHP file that fails to implement proper access controls, allowing remote attackers to upload malicious files anywhere on the web server without authentication. This critical flaw enables complete system compromise through remote code execution, with a CVSS score of 9.1 indicating severe impact. While specific KEV and EPSS data are not provided in the available intelligence, the combination of unauthenticated access (CVSS AV:N/PR:N), high impact to confidentiality and integrity, and the prevalence of WordPress plugin exploitation in the wild suggests this represents an actively exploited vulnerability in real-world deployments.

PHP WordPress RCE Zoomsounds
NVD WPScan
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-20282 CRITICAL CERT-EU Act Now

CVE-2025-20282 is a critical remote code execution vulnerability in Cisco ISE and ISE-PIC that allows unauthenticated attackers to upload arbitrary files to privileged directories and execute them as root via an internal API lacking file validation. This is a CVSS 10.0 vulnerability with complete system compromise impact; organizations running affected Cisco ISE deployments face immediate risk of total infrastructure takeover without authentication requirements or user interaction.

RCE Cisco Privilege Escalation Authentication Bypass Identity Services Engine Passive Identity Connector +1
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-52480 CRITICAL PATCH Act Now

Registrator, a GitHub app automating Julia package registrations, contains an argument injection vulnerability in the gettreesha() function that can be exploited via malicious clone URLs to achieve remote code execution. All versions prior to 1.9.5 are vulnerable; the vulnerability requires no user interaction or privileges and can be triggered remotely over the network. While no active exploitation or public POC has been confirmed in the provided data, the critical nature of RCE capability and the complete lack of workarounds make immediate patching essential for all Registrator deployments.

RCE Registrator
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-52483 CRITICAL PATCH Act Now

Registrator, a GitHub app automating Julia package registration, contains critical shell injection and argument injection vulnerabilities in versions prior to 1.9.5 that can be exploited through malicious or injected clone URLs returned by GitHub. An unauthenticated remote attacker can achieve arbitrary code execution on systems running vulnerable versions with no user interaction required. No public exploits are confirmed, but the vulnerability is trivial to exploit given the direct code paths involved.

Command Injection RCE Code Injection Github Python +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-49153 CRITICAL Act Now

The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code.

RCE Path Traversal
NVD
CVSS 4.0
9.3
EPSS
1.8%
CVE-2025-49151 CRITICAL Act Now

The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-36038 CRITICAL Act Now

IBM WebSphere Application Server (WAS) versions 8.5 and 9.0 are vulnerable to remote code execution through deserialization of untrusted serialized objects, allowing unauthenticated network attackers to execute arbitrary code with high confidence despite moderate attack complexity. This is a critical Java deserialization vulnerability (CWE-502) affecting enterprise application servers in widespread use; exploitation status and EPSS probability are not yet public but the CVSS 9.0 score and network-accessible attack vector indicate this is a priority concern for organizations running affected WAS versions.

Deserialization RCE IBM Java Websphere Application Server
NVD
CVSS 3.1
9.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy