Skip to main content
CVE-2025-56385 CRITICAL Act Now

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Harmony
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2021-4464 CRITICAL Act Now

FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-46608 CRITICAL This Week

Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Data Lakehouse
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-64281 CRITICAL This Week

An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Community Development
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-64280 CRITICAL This Week

A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Community Development
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-63353 CRITICAL POC Act Now

A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hg6145F1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2025-63289 CRITICAL This Week

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Sogexia Android
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-11367 CRITICAL This Week

The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE N Central
NVD
CVSS 4.0
10.0
EPSS
1.5%
CVE-2025-11366 CRITICAL This Week

N-central < 2025.4 is vulnerable to authentication bypass via path traversal. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass N Central
NVD
CVSS 4.0
9.4
EPSS
0.2%
CVE-2025-63666 CRITICAL POC Act Now

Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-12871 CRITICAL This Week

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure A Hrd
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-12870 CRITICAL This Week

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure A Hrd
NVD
CVSS 4.0
9.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy