Skip to main content
CVE-2025-25256 CRITICAL POC THREAT CERT-EU Emergency

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 44.9% and no vendor patch available.

Command Injection Fortinet Fortisiem
NVD GitHub
CVSS 3.1
9.8
EPSS
44.9%
Threat
4.8
CVE-2025-55169 CRITICAL POC PATCH Act Now

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Path Traversal Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
1.6%
CVE-2025-50165 CRITICAL CERT-EU Act Now

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 11 24h2 Windows Server 2025
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2025-49457 CRITICAL Act Now

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-24325 CRITICAL Act Now

Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Intel Linux Kernel
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-55168 CRITICAL POC Act Now

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-53766 CRITICAL CERT-EU This Week

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Office Windows 10 1507 +15
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-50171 CRITICAL This Week

Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Windows Server 2022 Windows Server 2022 23h2 Windows Server 2025 Microsoft
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-55167 CRITICAL POC PATCH Act Now

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-55010 CRITICAL POC PATCH Act Now

Kanboard is project management software that focuses on the Kanban methodology. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Deserialization RCE Kanboard
NVD GitHub
CVSS 3.1
9.1
EPSS
3.9%
CVE-2025-40746 CRITICAL This Week

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Simatic Rtls Locating Manager
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2025-8059 CRITICAL This Week

The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-42957 CRITICAL This Week

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-42950 CRITICAL This Week

SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection
NVD
CVSS 3.1
9.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy