Skip to main content
CVE-2025-6793 CRITICAL POC THREAT Emergency

Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QLogicDownloadImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files and disclose information in the context of SYSTEM. Was ZDI-CAN-24912.

Information Disclosure Path Traversal Qconvergeconsole
NVD GitHub
CVSS 3.0
9.4
EPSS
18.9%
CVE-2025-45479 CRITICAL POC Act Now

Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container.

RCE Code Injection Challenges
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-53529 CRITICAL POC PATCH Act Now

WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profile_funcionario.php endpoint. The id_funcionario parameter is not properly sanitized or validated before being used in a SQL query, allowing an unauthenticated attacker to inject arbitrary SQL commands. The vulnerability is fixed in 3.4.3.

PHP SQLi Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-25176 CRITICAL POC PATCH Act Now

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.

Buffer Overflow Stack Overflow Ubuntu Debian Luajit +2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53527 CRITICAL POC PATCH Act Now

WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatorio_geracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration. This vulnerability is fixed in 3.4.1.

PHP SQLi Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-6794 CRITICAL Act Now

Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the saveAsText method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24913.

RCE Path Traversal Qconvergeconsole
NVD
CVSS 3.0
9.8
EPSS
16.9%
CVE-2024-25178 CRITICAL POC PATCH Act Now

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.

Information Disclosure Buffer Overflow Ubuntu Debian Luajit +2
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-6805 CRITICAL Act Now

Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteEventLogFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-24925.

Path Traversal Qconvergeconsole
NVD
CVSS 3.1
9.1
EPSS
13.5%
CVE-2025-6798 CRITICAL Act Now

Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteAppFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-24918.

Path Traversal Qconvergeconsole
NVD
CVSS 3.1
9.1
EPSS
13.5%
CVE-2025-6802 CRITICAL Act Now

Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileFromURL method. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24922.

File Upload RCE Qconvergeconsole
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2025-6811 CRITICAL Act Now

Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the TypeResolutionService class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25397.

Deserialization RCE Activereports.Net
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2025-6810 CRITICAL Act Now

Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of the ReadValue method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25246.

Deserialization RCE Activereports.Net
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2025-41672 CRITICAL Act Now

CVE-2025-41672 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.

Information Disclosure
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-48501 CRITICAL Act Now

An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.

Command Injection
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2025-43933 CRITICAL Act Now

A security vulnerability in fblog through 983bede (CVSS 9.8) that allows account takeover. Critical severity with potential for significant impact on affected systems.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43930 CRITICAL Act Now

A security vulnerability in Hashview 0.8.1 (CVSS 9.8) that allows account takeover. Critical severity with potential for significant impact on affected systems.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43932 CRITICAL Act Now

A security vulnerability in JobCenter through 7e7b0b2 (CVSS 9.8) that allows account takeover. Critical severity with potential for significant impact on affected systems.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43931 CRITICAL Act Now

A security vulnerability in flask-boilerplate through a170e7c (CVSS 9.8) that allows account takeover. Critical severity with potential for significant impact on affected systems.

Information Disclosure Python
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-45065 CRITICAL Act Now

employee record management system in php and mysql v1 was discovered to contain a SQL injection vulnerability via the loginerms.php endpoint.

PHP SQLi
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-3626 CRITICAL Act Now

A remote attacker with administrator account can gain full control of the device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') while uploading a config file via webUI.

Command Injection
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-47202 CRITICAL Act Now

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400, the lack of a length check leads to out-of-bounds writes.

Samsung Buffer Overflow Memory Corruption Exynos W930 Firmware Exynos 2100 Firmware +17
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-53499 CRITICAL PATCH Act Now

Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-53495 CRITICAL PATCH Act Now

Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy