Skip to main content
CVE-2025-57105 CRITICAL POC Act Now

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Di 7400G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-52095 CRITICAL POC Act Now

An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Smart Deploy
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2022-31491 CRITICAL Act Now

Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2022-45134 CRITICAL Act Now

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Mahara
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-43110 CRITICAL Act Now

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-51092 CRITICAL Act Now

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Login Signup
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-26496 CRITICAL Act Now

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.1.3,. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption File Upload Microsoft Tableau Server Windows +1
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-4609 CRITICAL POC PATCH Act Now

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Information Disclosure Chrome Windows +1
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-55613 CRITICAL POC Act Now

Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda O3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-53499 CRITICAL POC Act Now

Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeewms
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-53496 CRITICAL POC Act Now

Incorrect access control in the doFilter function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass My Site
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-52786 CRITICAL This Week

An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Code Injection
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-50645 CRITICAL This Week

MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-55637 CRITICAL POC Act Now

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Smart 2K Plug In Wi Fi Video Doorbell With Chime Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-55619 CRITICAL POC Act Now

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Reolink
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-55398 CRITICAL This Week

An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-50644 CRITICAL This Week

zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-29366 CRITICAL This Week

In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary commands on the host machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-29365 CRITICAL POC Act Now

spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Spim
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-9254 CRITICAL This Week

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webitr
NVD
CVSS 4.0
9.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy