Skip to main content
CVE-2025-9242 CRITICAL POC KEV THREAT Emergency

WatchGuard Fireware OS contains an out-of-bounds write in IKEv2 VPN handling enabling unauthenticated remote code execution on WatchGuard firewalls.

Memory Corruption Buffer Overflow Microsoft RCE Fireware
NVD GitHub
CVSS 4.0
9.3
EPSS
69.0%
Threat
6.9
CVE-2025-59304 CRITICAL POC Act Now

A directory traversal issue in Swetrix Web Analytics API 3.1.1 before 7d8b972 allows a remote attacker to achieve Remote Code Execution via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Swetrix
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2025-10156 CRITICAL POC PATCH GHSA Act Now

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Picklescan
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-10439 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yordam Informatics Yordam Library Automation System allows SQL Injection.5 & 21.6 before 21.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-23316 CRITICAL This Week

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Nvidia RCE Microsoft +4
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-10644 CRITICAL This Week

Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Repairit
NVD
CVSS 3.0
9.4
EPSS
1.9%
CVE-2025-10643 CRITICAL This Week

Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Repairit
NVD
CVSS 3.0
9.1
EPSS
0.4%
CVE-2025-59340 CRITICAL PATCH This Week

jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python RCE Ssti Jinjava
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-58766 CRITICAL This Week

Dyad is a local AI app builder. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker RCE Code Injection
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-8077 CRITICAL PATCH GHSA This Week

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-10157 CRITICAL POC PATCH GHSA Act Now

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Picklescan
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-10155 CRITICAL POC PATCH GHSA Act Now

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Picklescan Pytorch AI / ML
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-9972 CRITICAL This Week

Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-9971 CRITICAL This Week

Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy