Skip to main content
CVE-2024-46484 CRITICAL Act Now

TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tv Ip410 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-52856 CRITICAL Act Now

An improper authentication vulnerability has been reported to affect VioStor. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qvr
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-8861 CRITICAL Act Now

TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-58159 CRITICAL POC Act Now

WeGIA is a Web manager for charitable institutions. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Wegia
NVD GitHub
CVSS 3.1
9.9
EPSS
0.6%
CVE-2025-44033 CRITICAL POC Act Now

SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE SQLi Oa System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-8857 CRITICAL This Week

Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy