Skip to main content
CVE-2025-32463 CRITICAL POC KEV PATCH THREAT Act Now

Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot option, which loads /etc/nsswitch.conf from the user-controlled chroot directory instead of the host system. KEV-listed with EPSS 26.5% and public PoC, this vulnerability allows any user with sudo --chroot access to achieve root privileges by placing a malicious nsswitch configuration and library in their chroot.

Information Disclosure Ubuntu Debian Leap Linux Enterprise Desktop +8
NVD Exploit-DB
CVSS 3.1
9.3
EPSS
26.5%
Threat
5.7
CVE-2025-45931 CRITICAL POC Act Now

An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file

RCE Command Injection Dir 816 Firmware D-Link
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2025-53004 CRITICAL POC PATCH Act Now

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

Authentication Bypass Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-26074 CRITICAL PATCH Act Now

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.

Java Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-53076 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.

Information Disclosure Samsung Ubuntu Debian Rlottie
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53075 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.

Samsung Path Traversal Ubuntu Debian Rlottie
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-40731 CRITICAL Act Now

SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pname, pprice and id parameters in /update.php.

PHP SQLi Daily Expense Manager
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-0634 CRITICAL PATCH Act Now

Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.

Samsung Use After Free Memory Corruption Denial Of Service Ubuntu +2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-53074 CRITICAL PATCH Act Now

Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.

Samsung Information Disclosure Buffer Overflow Ubuntu Debian +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy