Skip to main content
CVE-2025-56513 CRITICAL POC Act Now

NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-10659 CRITICAL This Week

The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to unauthenticated network users that improperly handles user-supplied input. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP RCE
NVD
CVSS 4.0
9.3
EPSS
1.3%
CVE-2025-10725 CRITICAL PATCH This Week

A flaw was found in Red Hat Openshift AI Service. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-7493 CRITICAL PATCH This Week

A privilege escalation flaw from host to domain administrator was found in FreeIPA. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Canonical Privilege Escalation Information Disclosure Red Hat Suse
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-34217 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
10.0
EPSS
0.1%
CVE-2025-9762 CRITICAL This Week

The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the save_attachments function in all versions up to, and including, 1.0.4b. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Command Injection RCE PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-8625 CRITICAL This Week

The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP RCE
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-8120 CRITICAL This Week

Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Pad Cms
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2025-7065 CRITICAL This Week

Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Pad Cms
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2025-7063 CRITICAL This Week

Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Pad Cms
NVD
CVSS 4.0
10.0
EPSS
0.5%
CVE-2025-61584 CRITICAL This Week

serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-59954 CRITICAL POC PATCH Act Now

Knowage is an open source analytics and business intelligence suite. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Java Code Injection Apache Knowage
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-11148 CRITICAL This Week

All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-58040 CRITICAL This Week

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crypt
NVD
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy