Skip to main content
CVE-2025-59157 CRITICAL POC Act Now

Coolify, a self-hosted server management platform, allows authenticated users to inject OS commands through the Git Repository field during project creation. A regular member can achieve root-level code execution on the Coolify host with scope change. PoC available.

Command Injection Coolify
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2025-64420 CRITICAL POC Act Now

Coolify through v4.0.0-beta.434 exposes the root user's SSH private key to low-privileged team members. Any user with basic access can extract the key, SSH to the server as root, and fully compromise the Coolify instance and all managed infrastructure. PoC available.

SSH Coolify
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-64419 CRITICAL POC PATCH Act Now

Coolify before 4.0.0-beta.445 allows command injection through docker-compose.yaml parameters. If a victim creates an application from an attacker-controlled repository using the Docker Compose build pack, the attacker achieves root code execution on the Coolify instance. PoC available, patch available.

Docker Coolify
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-68456 CRITICAL POC PATCH Act Now

Craft CMS (5.0.0-RC1 through 5.8.20, 3.x through 4.16.16) allows unauthenticated users to trigger database backup operations, leading to resource exhaustion or information disclosure if backups are stored in accessible locations. PoC available, patches available.

Information Disclosure Craft Cms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-31048 CRITICAL Act Now

Themify Shopo WordPress theme (through 1.1.4) allows authenticated users to upload web shells. Despite requiring low-level authentication, the scope change to CVSS 9.9 means any subscriber account can achieve full server compromise.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-14346 CRITICAL Act Now

WHILL Model C2 electric wheelchairs and Model F power chairs accept Bluetooth connections without authentication. An attacker within Bluetooth range can pair with the device and issue movement commands, override speed restrictions, and change configuration – creating a direct physical safety hazard for the user.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-15029 CRITICAL PATCH Act Now

Centreon Infra Monitoring's AWIE export module contains SQL injection accessible to unauthenticated users. Combined with CVE-2025-15026 (missing auth on import), the AWIE module has both unauthenticated data extraction and unauthorized configuration access. Patch available.

SQLi Awie
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-15026 CRITICAL PATCH Act Now

Centreon Infra Monitoring's centreon-awie module lacks authentication on critical import functions, allowing unauthenticated attackers to access functionality that should be restricted by ACLs. Affects multiple Centreon versions. Patch available.

Authentication Bypass Awie
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0625 CRITICAL Act Now

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality.

D-Link Authentication Bypass
NVD VulDB
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-39484 CRITICAL Act Now

Waituk Entrada WordPress theme (through 5.7.7) contains blind SQL injection with scope change, allowing unauthenticated database extraction beyond the theme's own data.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-68865 CRITICAL Act Now

Infility Global WordPress plugin (through 2.14.48) contains SQL injection with scope change, enabling unauthenticated database extraction beyond the plugin's own data. No patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-30633 CRITICAL Act Now

Amazon Native Shopping Recommendations WordPress plugin (through 1.3) contains SQL injection that allows unauthenticated attackers to extract database contents with scope change. Abandoned plugin with no expected patch.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-68428 CRITICAL PATCH Act Now

Local file inclusion and path traversal in the Node.js builds of jsPDF (dist/jspdf.node.js and dist/jspdf.node.min.js) prior to version 4.0.0 lets an attacker who controls the path argument passed to loadFile, addImage, html, or addFont read arbitrary files from the host filesystem, with the file contents embedded verbatim into the generated PDF. Applications that forward unsanitized user input into these methods leak secrets such as /etc/passwd, configuration files, or private keys to anyone who can request a PDF. No public exploit identified at time of analysis; EPSS risk is very low (0.02%, 6th percentile) and the issue is not in CISA KEV.

Node.js Path Traversal Jspdf
NVD GitHub
CVSS 4.0
9.2
EPSS
0.0%
CVE-2023-50897 CRITICAL Act Now

Media File Renamer WordPress plugin (through 5.7.7) by Meow Apps allows administrators to upload files with dangerous types, achieving OS-level code execution with scope change. While admin access is required, the scope break makes this critical.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-67397 CRITICAL Act Now

Passy v1.6.3 password manager allows authenticated administrators to execute arbitrary OS commands via crafted HTTP requests. The scope change from application to OS makes this critical despite requiring high privileges.

Command Injection RCE Passy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-27807 CRITICAL Act Now

Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write via malformed NAS (Non-Access Stratum) packets. This baseband vulnerability can be exploited over the cellular network without user interaction, potentially affecting millions of devices.

Samsung Exynos 1080 Firmware Modem 5300 Firmware Exynos 2200 Firmware Exynos 980 Firmware +15
NVD
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy