Skip to main content
CVE-2025-9588 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-9846 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload
NVD VulDB
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-9962 CRITICAL Act Now

A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.A.C518o2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
10.0
EPSS
0.1%
CVE-2025-10412 CRITICAL Act Now

The Product Options and Price Calculation Formulas for WooCommerce - Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-9321 CRITICAL Act Now

The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE Code Injection PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-9963 CRITICAL Act Now

A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-9965 CRITICAL Act Now

Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.A.C518o2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-59545 CRITICAL PATCH This Week

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-10147 CRITICAL This Week

The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-26399 CRITICAL KEV PATCH THREAT CERT-EU Act Now

SolarWinds Web Help Desk contains an unauthenticated deserialization RCE via AjaxProxy, a patch bypass of both CVE-2024-28988 and CVE-2024-28986, the third iteration of this vulnerability.

RCE Deserialization Web Help Desk
NVD
CVSS 3.1
9.8
EPSS
28.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy