Skip to main content
CVE-2025-51543 CRITICAL POC Act Now

An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-50567 CRITICAL Act Now

Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE SQLi
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-6758 CRITICAL Act Now

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all versions up to, and including, 3.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-9179 CRITICAL PATCH Act Now

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-55031 CRITICAL Act Now

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Open Redirect Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-54143 CRITICAL Act Now

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8042 CRITICAL PATCH Act Now

Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-9187 CRITICAL PATCH Act Now

Memory safety bugs present in Firefox 141 and Thunderbird 141. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-54145 CRITICAL Act Now

The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Open Redirect Mozilla
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-55736 CRITICAL POC Act Now

flaskBlog is a blog app built with Flask. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Flaskblog
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-55733 CRITICAL POC PATCH Act Now

DeepChat is a smart assistant that connects powerful AI to your personal world. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Deepchat
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%
CVE-2025-55306 CRITICAL This Week

GenX_FX is an advance IA trading platform that will focus on forex trading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-44373 CRITICAL This Week

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.06_06 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-55294 CRITICAL PATCH This Week

screenshot-desktop allows capturing a screenshot of your local machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-54336 CRITICAL This Week

In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8723 CRITICAL This Week

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hook_rest_pre_dispatch() method in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Code Injection RCE PHP Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy