Skip to main content
CVE-2025-60739 CRITICAL POC Act Now

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS CSRF Eve X1 Server Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2025-63729 CRITICAL POC Act Now

An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sy Gpon 1110 Wdont Firmware
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-61168 CRITICAL Act Now

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP RCE Pmb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13597 CRITICAL Act Now

The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP RCE WordPress
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-13595 CRITICAL Act Now

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP RCE WordPress
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-51746 CRITICAL Act Now

An issue was discovered in jishenghua JSH_ERP 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-51745 CRITICAL Act Now

An issue was discovered in jishenghua JSH_ERP 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-51744 CRITICAL Act Now

An issue was discovered in jishenghua JSH_ERP 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-51743 CRITICAL Act Now

An issue was discovered in jishenghua JSH_ERP 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-51742 CRITICAL Act Now

An issue was discovered in jishenghua JSH_ERP 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-64063 CRITICAL Act Now

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Project Contract Management
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13559 CRITICAL Act Now

The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-6389 CRITICAL Act Now

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE Code Injection PHP
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2025-66016 CRITICAL PATCH Act Now

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-33187 CRITICAL Act Now

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Nvidia Denial Of Service Privilege Escalation +1
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-64693 CRITICAL Act Now

Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft Heap Overflow Windows
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-62691 CRITICAL Act Now

Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow RCE Buffer Overflow Microsoft Windows
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-59366 CRITICAL Act Now

An authentication-bypass vulnerability exists in AiCloud. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
9.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy