Skip to main content
CVE-2025-69542 CRITICAL POC Act Now

D-Link DIR-895L router has command injection in the DHCP daemon via the hostname parameter during lease renewal. Any device requesting a DHCP lease with a malicious hostname achieves root code execution on the router. PoC available.

D-Link Command Injection Dir 895la1 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2025-15501 CRITICAL POC Act Now

Sangfor O&M Management System (through 3.0.8) has a second command injection in /isomp-protocol/protocol/getCmd, also via sessionPath. Public exploit with higher EPSS (1.2%) than the first vulnerability.

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-70161 CRITICAL POC Act Now

EDIMAX BR-6208AC V2 router allows command injection through the pppUserName field via system() without sanitization. PoC available.

Command Injection Br 6208ac Firmware RCE
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-15500 CRITICAL POC Act Now

Sangfor Operation and Maintenance Management System (through 3.0.8) has OS command injection in /isomp-protocol/protocol/getHis via the sessionPath parameter. Public exploit available, vendor unresponsive.

Command Injection Operation And Maintenance Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-14598 CRITICAL POC Act Now

BeeS Software BET Portal has SQL injection in the login functionality, allowing unauthenticated attackers to bypass authentication and extract database contents. PoC available.

SQLi Bet E Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-64093 CRITICAL Act Now

Unauthenticated command injection via the hostname field enabling remote code execution with CVSS 10.0 and scope change. A separate vulnerability from CVE-2025-64090.

RCE Icx510 Firmware Icx500 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-64090 CRITICAL Act Now

Command injection via the hostname field allowing authenticated code execution with maximum CVSS 10.0 and scope change.

Command Injection RCE IoT Tcis 3 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-69425 CRITICAL Act Now

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compr...

Authentication Bypass
NVD
CVSS 4.0
10.0
EPSS
0.0%
CVE-2025-70974 CRITICAL PATCH Act Now

Fastjson before 1.2.48 has a well-known autoType deserialization vulnerability enabling JNDI injection and RCE. Exploited in the wild since 2023 through GodzillaWebShell. Maximum CVSS 10.0 with scope change.

Java Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-69426 CRITICAL Act Now

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can...

Docker RCE
NVD
CVSS 4.0
10.0
EPSS
0.0%
CVE-2026-22584 CRITICAL PATCH Act Now

Salesforce Uni2TS time series forecasting library (through 1.2.0) has a code injection vulnerability that allows leveraging executable code in non-executable files across all platforms.

Linux Windows macOS Code Injection Uni2ts
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-66050 CRITICAL Act Now

Vivotek IP7137 camera ships without any admin password by default, and users are not informed they should set one. End-of-life product with no expected fix – all deployed cameras are likely exposed.

Denial Of Service Ip7137 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14736 CRITICAL Act Now

Frontend Admin by DynamiApps WordPress plugin (through 3.28.25) allows unauthenticated privilege escalation to administrator via insufficient role validation. Attackers can register as admins and take full control of the site.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-13761 CRITICAL Act Now

Cross-site scripting in GitLab CE/EE (18.6 before 18.6.3 and 18.7 before 18.7.1) lets an unauthenticated attacker run arbitrary JavaScript in the browser of a logged-in victim who is lured to a specially crafted webpage, enabling session theft and actions performed as that authenticated user. The flaw carries a critical CVSS 9.6 with a scope change, reflecting impact that crosses from the vulnerable component into the victim's authenticated session. No public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), but the vendor-confirmed nature and HackerOne report indicate a credible, validated issue.

Gitlab XSS RCE
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-14741 CRITICAL Act Now

Frontend Admin by DynamiApps (through 3.28.25) also allows unauthenticated deletion of arbitrary posts, pages, products, taxonomy terms, and user accounts due to missing capability checks.

WordPress PHP
NVD
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy