Skip to main content
CVE-2025-71243 CRITICAL POC THREAT Emergency

The Saisies plugin for SPIP CMS versions 5.4.0 through 5.11.0 contains a critical remote code execution vulnerability. Attackers can exploit the vulnerability to execute arbitrary code on the SPIP server, compromising the content management system and its database.

RCE Saisies
NVD
CVSS 3.1
9.8
EPSS
73.5%
Threat
5.7
CVE-2026-0926 CRITICAL POC Act Now

Local File Inclusion in Prodigy Commerce WordPress plugin <= 3.2.9.

WordPress PHP LFI Information Disclosure RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-2686 CRITICAL POC Act Now

Command injection in SECCN Dingcheng G10 3.1.0.181203 router via session_login.cgi. PoC available.

Command Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-1405 CRITICAL POC Act Now

Arbitrary file upload in Slider Future WordPress plugin.

WordPress RCE
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-25242 CRITICAL POC PATCH Act Now

Unauthenticated file upload in Gogs self-hosted Git service 0.13.4 and below. Default configuration exposes file upload endpoints. PoC and patch available.

CSRF Gogs Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26030 CRITICAL PATCH GHSA Act Now

Remote code execution in Microsoft Semantic Kernel Python SDK before 1.39.4. Code injection in the AI orchestration framework. Patch available.

Microsoft Linux Python RCE AI / ML +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27476 CRITICAL Act Now

Command injection in RustFly 2.0.0 via hex-encoded UDP instructions on port 5005. The remote UI control mechanism accepts and executes commands without validation.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-15559 CRITICAL Act Now

Unauthenticated OS command injection in NesterSoft WorkTime via report generation API. Allows executing arbitrary commands.

Command Injection Worktime
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-67304 CRITICAL Act Now

Hardcoded PostgreSQL credentials in Ruckus Network Director OVA < 4.5.0.54.

PostgreSQL Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8350 CRITICAL Act Now

Execution After Redirect + missing auth in BiEticaret CMS.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13851 CRITICAL Act Now

Privilege escalation via registration in Buyent Classified WordPress plugin.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13563 CRITICAL Act Now

Privilege escalation in Lizza LMS Pro WordPress plugin <= 1.0.3.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-12882 CRITICAL Act Now

Privilege escalation in Clasifico Listing WordPress plugin <= 2.0.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1994 CRITICAL Act Now

Privilege escalation via account takeover in s2Member WordPress plugin <= 260127. Broken authentication allows taking over any user account.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67305 CRITICAL Act Now

Hardcoded SSH keys in Ruckus Network Director OVA < 4.5.0.56 for postgres user. Same across all appliances.

PostgreSQL Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-23549 CRITICAL Act Now

PHP Object Injection in WpEvently (mage-eventpress) WordPress plugin.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-23542 CRITICAL Act Now

PHP Object Injection in Grand Restaurant WordPress theme.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-9953 CRITICAL Act Now

Authorization bypass via user-controlled SQL primary key in Databank Accreditation Software.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26339 CRITICAL Act Now

Remote code execution in Hyland's Alfresco Transform Service (and the related Alfresco Transform Core component) lets unauthenticated network attackers inject crafted arguments into the document-processing pipeline to run arbitrary commands on the transformation host. Any exposed Alfresco deployment relying on these transform components is affected, with no login required and full compromise of confidentiality, integrity and availability. No public exploit has been identified at time of analysis, and the EPSS probability is currently low (0.22%, 44th percentile).

RCE Alfresco Transform Core Alfresco Transform Service SSRF
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-55853 CRITICAL Act Now

SSRF in SoftVision webPDF before 10.0.2 via PDF converter function.

SSRF Webpdf
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy