Skip to main content
CVE-2025-34299 CRITICAL POC THREAT Emergency

Monsta FTP web-based file manager versions 2.11 and earlier allow unauthenticated arbitrary file uploads. The vulnerability enables attackers to upload malicious files from a compromised FTP server, which are then executed on the Monsta FTP server, achieving remote code execution.

File Upload RCE Monsta Ftp
NVD
CVSS 4.0
9.3
EPSS
58.8%
Threat
5.1
CVE-2025-10230 CRITICAL POC PATCH Act Now

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2020-36870 CRITICAL POC Act Now

Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2025-3222 CRITICAL This Week

Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.3.3 and prior versions for Linux, and 5.3.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-63691 CRITICAL POC Act Now

In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface (/api/admin/sys-token/page) has an improper permission. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pig
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-63690 CRITICAL POC Act Now

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Tomcat Pig
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2025-63689 CRITICAL POC PATCH Act Now

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi RCE Money Pos
NVD GitHub
CVSS 3.1
10.0
EPSS
0.4%
CVE-2025-52425 CRITICAL This Week

An SQL injection vulnerability has been reported to affect QuMagie. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
CVSS 4.0
9.5
EPSS
0.2%
CVE-2025-10870 CRITICAL This Week

SQL injection vulnerability in DIAL's CentrosNet v2.64. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-12352 CRITICAL This Week

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE WordPress PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-64180 CRITICAL This Week

Manager-io/Manager is accounting software. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-11546 CRITICAL This Week

CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy