Skip to main content
CVE-2025-59834 CRITICAL POC PATCH Act Now

ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Google Adb Mcp Server Android
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-36851 CRITICAL Act Now

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation SSRF
NVD GitHub VulDB
CVSS 4.0
9.5
EPSS
0.8%
CVE-2025-11005 CRITICAL This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.4.0cu.1458_B20250708. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
CVSS 4.0
9.3
EPSS
1.2%
CVE-2025-59841 CRITICAL PATCH This Week

Flag Forge is a Capture The Flag (CTF) platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Session Fixation Flagforge
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-20363 CRITICAL CERT-EU This Week

A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Apple RCE Heap Overflow Cisco +4
NVD
CVSS 3.1
9.0
EPSS
5.7%
CVE-2025-20333 CRITICAL KEV THREAT CISA CERT-EU Act Now

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 18.8%.

Buffer Overflow Cisco RCE Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
9.9
EPSS
18.8%
CVE-2025-59832 CRITICAL POC Act Now

Horilla is a free and open source Human Resource Management System (HRMS). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Horilla
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-59823 CRITICAL PATCH This Week

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Code Injection Kubernetes Suse
NVD GitHub
CVSS 3.0
9.9
EPSS
0.1%
CVE-2025-10542 CRITICAL This Week

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy