Skip to main content
CVE-2025-48703 CRITICAL POC KEV THREAT Emergency

CentOS Web Panel (CWP) allows unauthenticated remote code execution through OS command injection in the filemanager changePerm request's t_total parameter.

Command Injection RCE Webpanel
NVD
CVSS 3.1
9.0
EPSS
59.1%
Threat
6.6
CVE-2025-34192 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Apple Information Disclosure Virtual Appliance Application Virtual Appliance Host +1
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-34203 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Debian Docker PHP Nginx OpenSSL +4
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-34206 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-34199 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 (VA and SaaS deployments) contain insecure defaults and code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2022-4980 CRITICAL Act Now

General Bytes Crypto Application Server (CAS) beginning with version 20201208 prior to 20220531.38 (backport) and 20220725.22 (mainline) contains an authentication bypass in the admin web interface. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
1.0%
CVE-2025-34205 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker PHP Deserialization RCE Virtual Appliance Application +1
NVD
CVSS 4.0
9.3
EPSS
4.3%
CVE-2025-34198 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 (VA and SaaS deployments) contain shared, hardcoded SSH host private keys in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-13990 CRITICAL This Week

MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-57644 CRITICAL This Week

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE SSRF Authentication Bypass Information Disclosure +1
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2025-5948 CRITICAL This Week

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-10690 CRITICAL This Week

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplus_import_pack_install_plugin'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress RCE PHP
NVD
CVSS 3.1
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy