CVE & Exploit Intelligence Database

CVE-2025-40551 9.8 CRITICAL KEV 1 PoC Analysis NUCLEI EPSS 0.81

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

CWE-502 Jan 28, 2026

CVE-2026-24061 9.8 CRITICAL KEV 65 PoCs Analysis NUCLEI EPSS 0.72

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

CWE-88 Jan 21, 2026

CVE-2025-52691 10.0 CRITICAL KEV 12 PoCs Analysis NUCLEI EPSS 0.80

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

CWE-434 Dec 29, 2025

CVE-2025-68613 9.9 CRITICAL EXPLOITED 35 PoCs Analysis NUCLEI EPSS 0.79

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.

CWE-913 Dec 19, 2025

CVE-2025-37164 10.0 CRITICAL KEV 5 PoCs Analysis NUCLEI EPSS 0.87

A remote code execution issue exists in HPE OneView.

CWE-94 Dec 16, 2025

CVE-2025-13486 9.8 CRITICAL EXPLOITED 8 PoCs Analysis NUCLEI EPSS 0.75

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_func_array(). This makes it possible for unauthenticated attackers to execute arbitrary code on the server, which can be leveraged to inject backdoors or create new administrative user accounts.

CWE-94 Dec 03, 2025

CVE-2025-58360 8.2 HIGH KEV 8 PoCs Analysis NUCLEI EPSS 0.86

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.3, and GeoServer 2.27.0.

CWE-611 Nov 25, 2025

CVE-2025-13315 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.82

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.

CWE-420 Nov 19, 2025

CVE-2025-64446 9.8 CRITICAL KEV RANSOMWARE 17 PoCs Analysis NUCLEI EPSS 0.89

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

CWE-23 Nov 14, 2025

CVE-2025-9316 EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.81

N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.

CWE-1284 Nov 12, 2025

CVE-2025-11749 9.8 CRITICAL EXPLOITED 4 PoCs Analysis NUCLEI EPSS 0.86

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation.

CWE-200 Nov 05, 2025

CVE-2025-62368 9.0 CRITICAL 1 PoC Analysis EPSS 0.71

Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0.

CWE-502 Oct 28, 2025

CVE-2025-61757 9.8 CRITICAL KEV 3 PoCs Analysis NUCLEI EPSS 0.84

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CWE-306 Oct 21, 2025

CVE-2025-59287 9.8 CRITICAL KEV RANSOMWARE 25 PoCs Analysis NUCLEI EPSS 0.76

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

CWE-502 Oct 14, 2025

CVE-2025-11371 7.5 HIGH KEV 2 PoCs Analysis NUCLEI EPSS 0.70

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.  This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

CWE-552 Oct 09, 2025

CVE-2025-61882 9.8 CRITICAL KEV RANSOMWARE 17 PoCs Analysis NUCLEI EPSS 0.87

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CWE-287 Oct 05, 2025

CVE-2025-59528 10.0 CRITICAL 2 PoCs Analysis EPSS 0.83

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6.

CWE-94 Sep 22, 2025

CVE-2025-52367 5.4 MEDIUM 2 PoCs Analysis EPSS 0.70

Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field.

CWE-79 Sep 22, 2025

CVE-2009-20006 3 PoCs Analysis EPSS 0.74

osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to upload a .php file containing arbitrary code, which is then executed by the server.

CWE-434 Sep 16, 2025

CVE-2025-54236 9.1 CRITICAL KEV 5 PoCs Analysis NUCLEI EPSS 0.74

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

CWE-20 Sep 09, 2025