Skip to main content
CVE-2025-66576 CRITICAL POC Act Now

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.

Command Injection RCE Remote Keyboard Desktop
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-29269 CRITICAL POC Act Now

ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint.

Command Injection All Rut22gw Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-63362 CRITICAL POC Act Now

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the Administrator password and username as blank values, allowing attackers to bypass authentication.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-29268 CRITICAL POC Act Now

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.

Authentication Bypass All Rut22gw Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-66571 CRITICAL POC Act Now

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.

PHP Deserialization
NVD GitHub Exploit-DB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-65346 CRITICAL POC Act Now

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.

Path Traversal Laravel File Manager
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-66509 CRITICAL PATCH Act Now

LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process to automatically execute the ServiceProvider::boot() method, enabling arbitrary PHP code execution.

Authentication Bypass PHP RCE Lara Dashboard
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-54304 CRITICAL Act Now

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from 127.0.0.1 and 192.168.2.15. If a device is powered on and later connected to a network with DHCP, the device may not be assigned the 192.168.2.15 IP address, leaving the display server accessible by other devices on the network. The exposed X11 display server can then be used to gain root privileges and the ability to execute code remotely by interacting with matchbox-desktop and spawning a terminal. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Information Disclosure Ion Torrent Onetouch 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53963 CRITICAL Act Now

A remote code execution vulnerability (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

RCE Ion Torrent Onetouch 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-54303 CRITICAL Act Now

A remote code execution vulnerability in Thermo Fisher Torrent Suite Django application 5.18.1 (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Information Disclosure Python Torrent Suite Software
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-45538 CRITICAL PATCH Act Now

Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.

Synology CSRF RCE Diskstation Manager Diskstation Manager Unified Controller
NVD
CVSS 3.1
9.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy