Skip to main content
CVE-2025-6205 CRITICAL POC KEV THREAT Emergency

DELMIA Apriso contains a missing authorization vulnerability allowing attackers to gain privileged access to the manufacturing execution system application.

Authentication Bypass Delmia Apriso
NVD
CVSS 3.1
9.1
EPSS
56.5%
Threat
6.5
CVE-2013-10054 CRITICAL POC THREAT Emergency

An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.7%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
73.7%
Threat
5.6
CVE-2025-51390 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2025-52239 CRITICAL Act Now

An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Zkeacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-50341 CRITICAL Act Now

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-46093 CRITICAL POC Act Now

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Liquidfiles
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-27212 CRITICAL This Week

An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-51387 CRITICAL This Week

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Node.js Gitkraken Desktop
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-50754 CRITICAL POC Act Now

Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2025-34147 CRITICAL This Week

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-51535 CRITICAL POC Act Now

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openatlas
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-44963 CRITICAL This Week

RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ruckus Network Director
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-44961 CRITICAL This Week

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ruckus Smartzone Firmware Ruckus Network Director
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2025-44954 CRITICAL This Week

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ruckus Smartzone Firmware
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-51536 CRITICAL POC Act Now

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Openatlas
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-36594 CRITICAL This Week

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Data Domain Operating System
NVD
CVSS 3.1
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy