Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.9%.
Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 69.1%.
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 58.9%.
RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.7%.
Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.6%.
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable. No vendor patch available.
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cherry Studio is a desktop client that supports for multiple LLM providers. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.