Skip to main content
CVE-2025-59245 CRITICAL This Week

Microsoft SharePoint Online Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Online
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-49752 CRITICAL This Week

Azure Bastion Elevation of Privilege Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Azure Bastion Developer
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-63807 CRITICAL POC Act Now

An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Blogin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-63685 CRITICAL POC Act Now

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Quark Cloud Drive
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-10571 CRITICAL CISA This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.2.0.0, 3.2.1.1. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-63888 CRITICAL This Week

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP RCE Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-52410 CRITICAL This Week

Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Institute Of Current Students
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-60738 CRITICAL POC Act Now

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arbitrary code via the ping.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection RCE Eve X1 Server Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-34320 CRITICAL This Week

BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
9.3
EPSS
1.0%
CVE-2025-40604 CRITICAL This Week

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sonicwall Email Security Appliance 5000 Firmware Email Security Appliance 5050 Firmware Email Security Appliance 7000 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-12414 CRITICAL This Week

An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy