Skip to main content
CVE-2025-53833 CRITICAL POC PATCH THREAT Act Now

LaRecipe versions prior to 2.8.1 contain a Server-Side Template Injection (SSTI) vulnerability that can lead to Remote Code Execution (RCE) in vulnerable configurations. The vulnerability allows unauthenticated network attackers to execute arbitrary commands on the server, access sensitive environment variables, and escalate privileges without requiring user interaction or special access. With a perfect CVSS 3.1 score of 10.0 and network-based attack vector, this represents a critical threat to all unpatched LaRecipe installations.

RCE Laravel PHP Information Disclosure Code Injection
NVD GitHub
CVSS 3.1
10.0
EPSS
16.8%
Threat
4.0
CVE-2025-50756 CRITICAL POC Act Now

CVE-2025-50756 is a critical unauthenticated command injection vulnerability in the Wavlink WN535K3 router (firmware version 20191010) affecting the set_sys_adm function's newpass parameter. An unauthenticated remote attacker can execute arbitrary system commands with root privileges by sending a crafted request, enabling complete device compromise including data theft, malware installation, and lateral network movement. The CVSS 9.8 score reflects maximum severity; KEV status and active exploitation likelihood are elevated given the high exploitability characteristics (network-accessible, no authentication required, low attack complexity).

Command Injection Wn535k3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-7574 CRITICAL POC Act Now

CVE-2025-7574 is a critical authentication bypass vulnerability in LB-LINK wireless router web interfaces affecting multiple models (BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, BL-WR9000) up to version 20250702. The vulnerability in the /cgi-bin/lighttpd.cgi reboot/restore functions allows unauthenticated remote attackers to achieve complete system compromise with high confidentiality, integrity, and availability impact (CVSS 9.8). A public exploit has been disclosed, the vendor has not responded to responsible disclosure efforts, and the attack requires no user interaction or special network conditions.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-7451 CRITICAL PATCH Act Now

CVE-2025-7451 is a critical OS Command Injection vulnerability in iSherlock (developed by Hgiga) that allows unauthenticated remote attackers to execute arbitrary operating system commands on vulnerable servers with no authentication required. The vulnerability has active in-the-wild exploitation, carries a maximum CVSS score of 9.8, and poses immediate risk to all exposed instances. Organizations running iSherlock must apply patches immediately.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-53639 CRITICAL PATCH Act Now

CVE-2025-53639 is a critical SQL injection vulnerability in MeterSphere's API sorting functionality where the sortField parameter lacks proper input validation and sanitization. All versions prior to 3.6.5-lts are affected, allowing unauthenticated remote attackers to execute arbitrary SQL statements and completely compromise database integrity, availability, and confidentiality. This is a network-exploitable vulnerability with no authentication required and high real-world risk.

SQLi Java Metersphere
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53825 CRITICAL PATCH Act Now

CVE-2025-53825 is a critical unauthenticated remote code execution vulnerability in Dokploy versions prior to 0.24.3, where attackers can execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This vulnerability affects all public Dokploy instances utilizing preview deployments and carries a CVSS score of 9.4 (Critical), with no authentication or user interaction required, making it immediately exploitable by any network-adjacent attacker.

RCE Dokploy
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2025-53835 CRITICAL PATCH Act Now

A cross-site scripting vulnerability in version 5.4.5 and (CVSS 9.0). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy