Skip to main content
CVE-2025-34073 CRITICAL POC THREAT Emergency

Maltrail network traffic analysis tool versions through 0.54 contain an unauthenticated OS command injection via the username parameter in POST requests to the /login endpoint. The input is passed to subprocess.check_output() without sanitization, enabling remote code execution on the security monitoring server.

Command Injection
NVD GitHub
CVSS 4.0
10.0
EPSS
54.2%
Threat
5.1
CVE-2025-34074 CRITICAL POC THREAT Emergency

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled server, which is written to the Lucee webroot and executed with the privileges of the Lucee service account. Because Lucee does not enforce integrity checks, path restrictions, or execution controls for scheduled task fetches, this feature can be abused to achieve arbitrary code execution. This issue is distinct from CVE-2024-55354.

RCE Code Injection
NVD GitHub
CVSS 4.0
9.4
EPSS
53.3%
Threat
5.0
CVE-2025-34071 CRITICAL POC Act Now

A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts within the upgrade.sh or disk image components. These modified upgrade images are not validated for authenticity or integrity, and are executed by the system post-upload, enabling root access.

RCE Authentication Bypass Kerio Control
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-34070 CRITICAL POC Act Now

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs.

Authentication Bypass Kerio Control
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-34069 CRITICAL POC Act Now

An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent, bypassing firewall restrictions and exposing internal management endpoints. This enables unauthenticated attackers to access the GFIAgent service on ports 7995 and 7996, retrieve the appliance UUID, and issue administrative requests via the proxy. Exploitation results in full administrative access to the Kerio Control appliance.

Authentication Bypass Kerio Control
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-45814 CRITICAL POC Act Now

Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack.

Authentication Bypass Ns3000 Firmware Ns2000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53006 CRITICAL POC PATCH Act Now

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

Information Disclosure PostgreSQL Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-45813 CRITICAL POC Act Now

ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.

Authentication Bypass Ipguardv2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-34067 CRITICAL Act Now

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Deserialization RCE Java Hikvision
NVD GitHub
CVSS 4.0
10.0
EPSS
2.7%
CVE-2025-20309 CRITICAL PATCH Act Now

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

Cisco Authentication Bypass Unified Communications Manager
NVD
CVSS 3.1
10.0
EPSS
0.2%
CVE-2024-13786 CRITICAL Act Now

The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerex_callback_view_more_posts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.

Deserialization PHP WordPress Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-5746 CRITICAL Act Now

The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dnd_upload_cf7_upload_chunks() function in version 5.0 - 5.0.5 (when bundled with the PrintSpace theme) and all versions up to, and including, 1.7.1 (in the standalone version). This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The execution of PHP is disabled via a .htaccess file but is still possible in certain server configurations.

File Upload PHP WordPress RCE
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-4689 CRITICAL Act Now

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerability that can be chained with an image upload. This makes it possible for unauthenticated attackers to execute code on the server upload image files on the server than can be fetched via a SQL injection vulnerability, and ultimately executed as PHP code through the local file inclusion vulnerability.

PHP RCE WordPress LFI SQLi +1
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-34072 CRITICAL Act Now

A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private data.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-34092 CRITICAL PATCH Act Now

Rejected reason: Neither filed by Chrome nor a valid security vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 4.0
9.3
CVE-2025-34090 CRITICAL PATCH Act Now

Rejected reason: Neither filed by Chrome nor a valid security vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 4.0
9.3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy