Skip to main content
CVE-2025-35452 CRITICAL POC PATCH Act Now

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Pt12X Sdi Xx G2 Firmware Pt12X Ndi Xx Firmware Pt12X Usb Xx G2 Firmware Pt20X Sdi Xx G2 Firmware +57
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2025-49401 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in ExpressTech Systems Quiz And Survey Master allows Object Injection.2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-58628 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous allows Blind SQL Injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-58819 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image allows Upload a Web Shell to a Web Server.2.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-58371 CRITICAL PATCH This Week

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection RCE Roo Code
NVD GitHub
CVSS 4.0
9.9
EPSS
0.4%
CVE-2025-58367 CRITICAL PATCH This Week

DeepDiff is a project focused on Deep Difference and search of any Python data. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python RCE Deserialization Suse
NVD GitHub
CVSS 4.0
10.0
EPSS
0.2%
CVE-2025-58366 CRITICAL This Week

Onyxia is a data science environment for kubernetes. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes
NVD GitHub
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-35451 CRITICAL POC Act Now

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pt12X Sdi Xx G2 Firmware Pt12X Ndi Xx Firmware Pt12X Usb Xx G2 Firmware Pt20X Sdi Xx G2 Firmware +47
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-55037 CRITICAL PATCH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy