Skip to main content
CVE-2025-63958 CRITICAL POC Act Now

MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vision Tools Workspace
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2018-25126 CRITICAL POC Act Now

Shenzhen TVT Digital Technology Co., Ltd. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
1.3%
CVE-2025-54347 CRITICAL Act Now

A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Pingalert Application Server
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-47856 CRITICAL Act Now

In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Authentication Agent For Windows Windows
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-7330 CRITICAL Act Now

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP RCE
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-12977 CRITICAL This Week

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Elastic Fluent Bit
NVD
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy