Skip to main content
CVE-2025-49533 CRITICAL POC THREAT Emergency

Adobe Experience Manager versions 6.5.23.0 and earlier contain a deserialization of untrusted data vulnerability that allows unauthenticated remote code execution. No user interaction is required, making this a direct attack against enterprise content management infrastructure.

Deserialization RCE Adobe Experience Manager
NVD
CVSS 3.1
9.8
EPSS
47.0%
Threat
4.9
CVE-2025-47981 CRITICAL POC PATCH Act Now

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows 10 21h2 Windows 11 23h2 +14
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-27203 CRITICAL Act Now

Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed.

Deserialization RCE Adobe
NVD
CVSS 3.1
9.6
EPSS
14.7%
CVE-2025-42967 CRITICAL Act Now

SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.

SAP RCE Code Injection
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2025-25270 CRITICAL PATCH Act Now

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.

RCE Charx Sec 3000 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware Charx Sec 3050 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-37103 CRITICAL Act Now

Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-20684 CRITICAL Act Now

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416939; Issue ID: MSV-3422.

Buffer Overflow Memory Corruption Privilege Escalation Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-20683 CRITICAL Act Now

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416938; Issue ID: MSV-3444.

Buffer Overflow Memory Corruption Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-20682 CRITICAL Act Now

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416937; Issue ID: MSV-3445.

Buffer Overflow Memory Corruption Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-20681 CRITICAL Act Now

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416936; Issue ID: MSV-3446.

Buffer Overflow Memory Corruption Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-20680 CRITICAL Act Now

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418044; Issue ID: MSV-3482.

Heap Overflow Buffer Overflow Privilege Escalation Nbiot Sdk
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-40736 CRITICAL Act Now

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).

Authentication Bypass Sinec Nms
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-40711 CRITICAL PATCH Act Now

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/VerFacturaPDF.

SQLi Quiter Gateway
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-40717 CRITICAL PATCH Act Now

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagina.

SQLi Quiter Gateway
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-40716 CRITICAL PATCH Act Now

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action.

SQLi Quiter Gateway
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-40715 CRITICAL PATCH Act Now

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo mensaje in /QISClient/api/v1/sucesospaginas.

SQLi Quiter Gateway
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-40714 CRITICAL PATCH Act Now

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo id_factura in /<Client>FacturaE/listado_facturas_ficha.jsp.

SQLi Quiter Gateway
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-40713 CRITICAL PATCH Act Now

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/<Client>FacturaE/BusquedasFacturasSesion.

SQLi Quiter Gateway
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-40712 CRITICAL PATCH Act Now

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/DescargarFactura.

SQLi Quiter Gateway
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-49535 CRITICAL Act Now

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access sensitive information or denial of service by bypassing security measures. Exploitation of this issue does not require user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses.

XXE Denial Of Service Coldfusion
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-42966 CRITICAL Act Now

SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.

Deserialization SAP Java
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-42963 CRITICAL Act Now

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.

Deserialization SAP Java
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-42980 CRITICAL Act Now

SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

Deserialization SAP
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-42964 CRITICAL Act Now

SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

Deserialization SAP
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-21450 CRITICAL Act Now

Cryptographic issue occurs due to use of insecure connection method while downloading.

Authentication Bypass Snapdragon 480 5g Mobile Firmware Wcd9375 Firmware Sdx61 Firmware Qca6584au Firmware +98
NVD
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy