Skip to main content
CVE-2025-41243 CRITICAL POC PATCH Act Now

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Java Spring
NVD
CVSS 3.1
10.0
EPSS
5.5%
CVE-2025-57631 CRITICAL POC Act Now

SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload SQLi Tduck
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-57119 CRITICAL POC Act Now

An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Online Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-34186 CRITICAL POC Act Now

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD VulDB
CVSS 4.0
9.3
EPSS
1.7%
CVE-2025-34183 CRITICAL POC Act Now

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eve X1 Server Firmware
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2024-13149 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-7744 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection.09.2025. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-4688 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection.LINK Exam Result Module:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-7743 CRITICAL Act Now

Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.09.2025. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-56557 CRITICAL Act Now

An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Tuya
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-54391 CRITICAL This Week

A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to bypass Two-Factor Authentication (2FA) protection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-34187 CRITICAL POC Act Now

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Privilege Escalation Eve X1 Server Firmware
NVD
CVSS 4.0
9.3
EPSS
0.8%
CVE-2025-34184 CRITICAL POC Act Now

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Command Injection PHP Eve X1 Server Firmware
NVD
CVSS 4.0
9.3
EPSS
1.8%
CVE-2025-59334 CRITICAL POC PATCH Act Now

Linkr is a lightweight file delivery system that downloads files from a webserver. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Jwt Attack Linkr
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-55116 CRITICAL This Week

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Stack Overflow Control M Agent
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-55115 CRITICAL This Week

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Control M Agent
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-55113 CRITICAL This Week

If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Control M Agent
NVD
CVSS 4.0
9.5
EPSS
0.0%
CVE-2025-55109 CRITICAL This Week

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Control M Agent
NVD
CVSS 4.0
9.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy