Skip to main content
CVE-2025-57052 CRITICAL POC PATCH Act Now

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Cjson Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-55747 CRITICAL POC PATCH GHSA Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 4.0
9.3
EPSS
2.0%
CVE-2025-55748 CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2025-57148 CRITICAL POC Act Now

phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-32444 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.3.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-1740 CRITICAL Act Now

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.03.01 before v2.05.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53690 CRITICAL POC KEV THREAT Act Now

Sitecore Experience Manager/Platform through version 9.0 contains a deserialization vulnerability enabling code injection through untrusted data processing.

Deserialization Experience Commerce Experience Manager Experience Platform Managed Cloud
NVD
CVSS 3.1
9.0
EPSS
9.3%
CVE-2025-56752 CRITICAL This Week

A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rg Es228Gs P Firmware Rg Es209Gc P Firmware Rg Es205Gc P Firmware Rg Es205Gc Firmware +16
NVD GitHub
CVSS 3.1
9.4
EPSS
0.3%
CVE-2025-53693 CRITICAL POC Act Now

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Experience Commerce Experience Manager Experience Platform Managed Cloud
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-43166 CRITICAL PATCH This Week

Incorrect Default Permissions vulnerability in Apache DolphinScheduler.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apache Dolphinscheduler
NVD
CVSS 3.1
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy