Skip to main content
CVE-2025-52053 CRITICAL POC THREAT Emergency

TOTOLINK X6000R router firmware V9.4.0cu.1360_B20241207 contains an unauthenticated command injection in the sub_417D74 function via the file_name parameter. Remote attackers can execute arbitrary commands on the router without authentication through crafted HTTP requests.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
66.1%
CVE-2025-57174 CRITICAL POC Act Now

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2025-59360 CRITICAL POC PATCH Act Now

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection RCE Chaos Mesh Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-59359 CRITICAL POC PATCH Act Now

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Chaos Mesh Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-59361 CRITICAL POC PATCH Act Now

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Chaos Mesh Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-57118 CRITICAL POC Act Now

An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Online Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-46408 CRITICAL POC Act Now

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eagleeyes Lite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-43342 CRITICAL PATCH Act Now

A correctness issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-43347 CRITICAL Act Now

This issue was addressed by removing the vulnerable code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-43343 CRITICAL PATCH Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43359 CRITICAL Act Now

A logic issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-31255 CRITICAL Act Now

An authorization issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43362 CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-10452 CRITICAL Act Now

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy