| CVE-2026-22719 |
2026-02-25 |
π΄ HIGH RISK |
8.1 |
6 days |
No |
VMware Aria Operations, VMware Cloud Foundation, VMware Telco Cloud Platform (+1 more) |
Command injection vulnerability in VMware Aria Operations allows unauthenticated remote code execution during support-assisted product migration. Affects critical enterprise infrastructure management platforms commonly exposed to internet. |
| CVE-2026-20127 |
2026-02-25 |
π΄ HIGH RISK |
10.0 |
0 days (same day) |
No |
Cisco Catalyst SD-WAN Manager |
Critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Manager allowing unauthenticated remote attackers to gain administrative privileges. CISA has issued Emergency Directive ED 26-03 due to active exploitation in the wild. |
| CVE-2026-22769 |
2026-02-17 |
π΄ HIGH RISK |
10.0 |
1 day |
No |
Dell RecoverPoint for Virtual Machines |
Dell RecoverPoint for VMs contains hardcoded credentials allowing unauthenticated remote attackers to gain root-level access to the underlying OS. This critical vulnerability is under active exploitation in the wild. |
| CVE-2026-2441 |
2026-02-13 |
π’ LOW RISK |
8.8 |
4 days |
No |
Chrome |
CVE-2026-2441 is a use-after-free vulnerability in Chrome's CSS processing that allows remote code execution via malicious HTML pages. Despite active exploitation, this affects client-side browser software, not internet-facing servers, requiring user interaction to visit malicious websites. |
| CVE-2026-25108 |
2026-02-13 |
π΄ HIGH RISK |
8.8 |
11 days |
No |
FileZen V5.0.0-V5.0.10, FileZen V4.2.1-V4.2.8 |
FileZen contains an OS command injection vulnerability allowing authenticated users to execute arbitrary OS commands via specially crafted HTTP requests when the Antivirus Check Option is enabled. This is a critical server-side vulnerability in a file sharing platform commonly deployed as internet-facing infrastructure. |
| CVE-2026-21510 |
2026-02-10 |
π’ LOW RISK |
8.8 |
0 days (same day) |
No |
Windows, Windows Server 2012/2012 R2, Windows Server |
Windows Shell security feature bypass vulnerability with high CVSS score but requires user interaction. Affects primarily client systems with minimal internet-facing deployment likelihood. |
| CVE-2026-21513 |
2026-02-10 |
π’ LOW RISK |
8.8 |
0 days (same day) |
No |
Windows, Windows Server, Windows Server 2012/2012 R2 |
MSHTML Framework security feature bypass vulnerability requiring user interaction. While CVSS shows network attack vector, MSHTML is a client-side HTML rendering engine used in browsers and applications, not an internet-facing server service. |
| CVE-2026-1603 |
2026-02-10 |
π΄ HIGH RISK |
8.6 |
27 days |
No |
Ivanti Endpoint Manager |
CVE-2026-1603 is an authentication bypass vulnerability in Ivanti Endpoint Manager that allows remote unauthenticated attackers to leak stored credential data. This vulnerability is actively exploited according to CISA KEV listing and can be directly exploited against internet-facing EPM instances. |
| CVE-2026-1731 |
2026-02-06 |
π΄ HIGH RISK |
9.9 |
7 days |
Yes (+6d) |
BeyondTrust Remote Support, BeyondTrust Privileged Remote Access |
Critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access allowing unauthenticated attackers to execute OS commands via specially crafted requests. Active exploitation confirmed with CISA KEV listing. |
| CVE-2025-15556 |
2026-02-03 |
π’ LOW RISK |
7.7 |
9 days |
No |
Notepad++ |
Notepad++ WinGUp updater lacks cryptographic verification of updates, allowing man-in-the-middle attacks to deliver malicious installers. This is a client application vulnerability requiring user interaction (running the updater) and is not directly exploitable against internet-facing services. |
| CVE-2026-1281 |
2026-01-29 |
π΄ HIGH RISK |
9.8 |
0 days (same day) |
No |
Ivanti Endpoint Manager Mobile |
Critical code injection vulnerability in Ivanti Endpoint Manager Mobile allowing unauthenticated remote code execution. This vulnerability is actively exploited in zero-day attacks and listed on CISA's KEV catalog. |
| CVE-2025-40551 |
2026-01-28 |
π΄ HIGH RISK |
9.8 |
6 days |
No |
SolarWinds Web Help Desk 12.8.8 HF1 and below |
Critical unauthenticated remote code execution vulnerability in SolarWinds Web Help Desk via untrusted data deserialization. Actively exploited in the wild with no authentication required. |
| CVE-2025-40536 |
2026-01-28 |
π΄ HIGH RISK |
8.1 |
15 days |
No |
SolarWinds Web Help Desk 12.8.8 HF1 and below |
CVE-2025-40536 is a security control bypass vulnerability in SolarWinds Web Help Desk that allows unauthenticated attackers to gain access to restricted functionality. This vulnerability is being actively exploited in the wild against internet-facing WHD instances for initial access and lateral movement. |
| CVE-2026-24858 |
2026-01-27 |
π΄ HIGH RISK |
9.4 |
0 days (same day) |
No |
FortiOS, FortiAnalyzer, FortiManager |
Authentication bypass vulnerability in Fortinet FortiOS, FortiAnalyzer, and FortiManager allowing attackers with FortiCloud accounts to access other organizations' devices when FortiCloud SSO is enabled. CISA KEV listing indicates active exploitation in the wild. |
| CVE-2026-24423 |
2026-01-23 |
π΄ HIGH RISK |
9.3 |
13 days |
Yes (+9d) |
SmarterMail |
Critical unauthenticated remote code execution vulnerability in SmarterMail servers through the ConnectToHub API method. Attackers can execute arbitrary OS commands by pointing the server to a malicious HTTP server, with active exploitation confirmed by CISA KEV listing. |
| CVE-2026-23760 |
2026-01-22 |
π΄ HIGH RISK |
9.3 |
4 days |
Yes (+31d) |
SmarterMail |
Critical authentication bypass vulnerability in SmarterMail email server allowing complete administrative takeover via password reset API. Over 6,000 vulnerable instances are internet-facing with active exploitation confirmed by CISA KEV listing. |
| CVE-2026-20045 |
2026-01-21 |
π΄ HIGH RISK |
8.2 |
0 days (same day) |
No |
Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Unified Communications Manager IM and Presence Service |
Critical remote code execution vulnerability in Cisco Unified Communications products allowing unauthenticated attackers to execute arbitrary commands via crafted HTTP requests to web management interfaces. Cisco confirms active exploitation attempts in the wild with potential for privilege escalation to root access. |
| CVE-2026-24061 |
2026-01-21 |
π΄ HIGH RISK |
9.8 |
5 days |
No |
GNU InetUtils telnetd |
Critical authentication bypass vulnerability in GNU InetUtils telnetd allows remote attackers to gain root access without credentials via malformed USER environment variable. Over 800,000 telnet servers are exposed on the internet with active exploitation observed in the wild. |
| CVE-2025-52691 |
2025-12-29 |
π΄ HIGH RISK |
10.0 |
28 days |
No |
SmarterMail Build 9406 and earlier |
Critical unauthenticated file upload vulnerability in SmarterMail email servers allowing arbitrary file upload to any server location, leading to remote code execution. Active exploitation is occurring in the wild against internet-facing mail servers. |
| CVE-2025-68645 |
2025-12-22 |
π΄ HIGH RISK |
8.8 |
31 days |
No |
Zimbra Collaboration |
Local File Inclusion vulnerability in Zimbra Collaboration webmail allows unauthenticated remote attackers to include arbitrary files via crafted requests to /h/rest endpoint. Zimbra is commonly deployed as internet-facing email server infrastructure. |
| CVE-2025-68613 |
2025-12-19 |
π΄ HIGH RISK |
10.0 |
82 days |
No |
n8n workflow automation platform |
Critical Remote Code Execution vulnerability in n8n workflow automation platform allowing authenticated users to execute arbitrary code through expression injection. n8n is commonly deployed as an internet-facing service for workflow automation and API integrations. |
| CVE-2025-14847 |
2025-12-19 |
π΄ HIGH RISK |
7.5 |
10 days |
No |
MongoDB Server |
Critical memory disclosure vulnerability in MongoDB Server allowing unauthenticated remote attackers to read heap memory through malformed Zlib compressed protocol headers. CISA has added this to KEV catalog due to confirmed active exploitation in the wild. |
| CVE-2025-14733 |
2025-12-19 |
π΄ HIGH RISK |
9.3 |
0 days (same day) |
No |
WatchGuard Fireware OS |
Critical out-of-bounds write vulnerability in WatchGuard Fireware OS affecting IKEv2 VPN services. Remote unauthenticated attackers can execute arbitrary code on internet-facing firewall systems through direct network exploitation. |
| CVE-2025-40602 |
2025-12-18 |
π΄ HIGH RISK |
6.6 |
-1 days |
No |
SonicWall SMA1000 |
CVE-2025-40602 is a local privilege escalation vulnerability in SonicWall SMA1000 appliances that is being actively exploited in the wild when chained with CVE-2025-23006. CISA has added this to the KEV catalog due to confirmed exploitation. |
| CVE-2025-68461 |
2025-12-18 |
π΄ HIGH RISK |
7.2 |
64 days |
No |
Roundcube Webmail <, Roundcube Webmail 1.6.x < |
CVE-2025-68461 is a Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail that allows attackers to execute malicious JavaScript via SVG animate tags. This directly affects internet-facing webmail servers and can lead to email account takeover without user credentials. |
| CVE-2025-43529 |
2025-12-17 |
π’ LOW RISK |
9.8 |
-2 days |
No |
Safari, iOS and iPadOS, macOS (+3 more) |
CVE-2025-43529 is a use-after-free vulnerability in WebKit that affects client applications (Safari browser, iOS/iPadOS, tvOS, visionOS) when processing malicious web content. While actively exploited and on CISA KEV, this requires user interaction to visit malicious websites rather than direct exploitation of internet-facing servers. |
| CVE-2025-20393 |
2025-12-17 |
π΄ HIGH RISK |
10.0 |
0 days (same day) |
No |
Cisco Secure Email Gateway, Cisco Secure Email and Web Manager |
Critical remote command execution vulnerability in Cisco Secure Email Gateway and Manager appliances with CVSS 10.0 score requiring no authentication or user interaction. CISA has added this to their KEV catalog due to active exploitation in the wild targeting these internet-facing email security appliances. |
| CVE-2025-59374 |
2025-12-17 |
π’ LOW RISK |
9.3 |
0 days (same day) |
No |
ASUS Live Update |
CVE-2025-59374 affects ASUS Live Update, a client-side software utility that was compromised through a supply chain attack with embedded malicious code. While it has network attack vector and is in CISA KEV, it's a client application not typically internet-facing. |
| CVE-2025-37164 |
2025-12-16 |
π΄ HIGH RISK |
10.0 |
22 days |
No |
HPE OneView |
CVE-2025-37164 is a critical unauthenticated remote code execution vulnerability in HPE OneView with a perfect CVSS score of 10.0. CISA has added this to their KEV catalog due to active exploitation in the wild, and a Metasploit module exists for exploitation. |
| CVE-2025-14611 |
2025-12-12 |
π΄ HIGH RISK |
7.1 |
3 days |
No |
Gladinet CentreStack, Gladinet TrioFox |
Gladinet CentreStack and TrioFox use hardcoded AES keys enabling unauthenticated arbitrary local file inclusion on public-facing endpoints. This vulnerability is actively exploited and listed in CISA's KEV catalog. |
| CVE-2025-14174 |
2025-12-12 |
π’ LOW RISK |
8.8 |
0 days (same day) |
No |
Chrome, Microsoft Edge |
CVE-2025-14174 is an out-of-bounds memory access vulnerability in Google Chrome that requires user interaction with a crafted HTML page. While actively exploited and in CISA KEV, it affects client-side browser software, not internet-facing servers. |
| CVE-2025-8110 |
2025-12-10 |
π΄ HIGH RISK |
8.7 |
33 days |
No |
Gogs versions |
Critical RCE vulnerability in Gogs Git service allows authenticated users to achieve remote code execution via symbolic link bypass in the PutContents API. Over 700 internet-facing instances have been compromised with active exploitation ongoing. |
| CVE-2025-59718 |
2025-12-09 |
π΄ HIGH RISK |
9.1 |
7 days |
No |
FortiOS, FortiProxy, FortiSwitchManager |
Critical SAML authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allowing unauthenticated attackers to bypass FortiCloud SSO login authentication via crafted SAML response messages. CISA has confirmed active exploitation of this vulnerability. |
| CVE-2025-66644 |
2025-12-05 |
π΄ HIGH RISK |
7.2 |
3 days |
No |
Array Networks ArrayOS AG |
Critical OS command injection vulnerability in Array Networks ArrayOS AG VPN appliances affecting versions before 9.4.5.9. Active exploitation confirmed in the wild from August-December 2025 with attackers deploying webshells for persistent access. |
| CVE-2025-55182 |
2025-12-03 |
π΄ HIGH RISK |
10.0 |
2 days |
Yes (+71d) |
React Server Components, Next.js applications with App Router and Server Actions, react-server-dom-webpack (+2 more) |
Critical pre-authentication remote code execution vulnerability in React Server Components allowing arbitrary code execution through unsafe deserialization of HTTP requests. Multiple threat actors are actively exploiting this vulnerability against internet-facing React applications. |
| CVE-2025-58360 |
2025-11-25 |
π΄ HIGH RISK |
8.2 |
16 days |
No |
GeoServer |
GeoServer has an unauthenticated XML External Entity (XXE) vulnerability in the WMS GetMap feature that can be exploited directly over the network. CISA has confirmed active exploitation in the wild. |
| CVE-2025-58034 |
2025-11-18 |
π΄ HIGH RISK |
6.7 |
0 days (same day) |
No |
Fortinet FortiWeb |
OS command injection vulnerability in Fortinet FortiWeb allowing authenticated attackers to execute unauthorized code via crafted HTTP requests or CLI commands. FortiWeb is a web application firewall that is almost universally deployed as an internet-facing service to protect web applications. |
| CVE-2025-13223 |
2025-11-17 |
π’ LOW RISK |
8.8 |
2 days |
No |
Chrome |
CVE-2025-13223 is a type confusion vulnerability in Chrome's V8 engine exploited via crafted HTML pages. While actively exploited in the wild, it requires user interaction to visit malicious websites, making it primarily a client-side phishing attack rather than direct server exploitation. |
| CVE-2025-64446 |
2025-11-14 |
π΄ HIGH RISK |
9.1 |
0 days (same day) |
No |
Fortinet FortiWeb |
Critical path traversal vulnerability in Fortinet FortiWeb web application firewalls allows remote execution of administrative commands via crafted HTTP/HTTPS requests. Active exploitation is occurring in the wild with attackers creating administrative accounts for persistent access. |
| CVE-2025-12480 |
2025-11-10 |
π΄ HIGH RISK |
9.1 |
2 days |
No |
TrioFox File Sharing Platform |
CVE-2025-12480 is a critical authentication bypass vulnerability in TrioFox file sharing platforms that allows unauthenticated attackers to access administrative setup pages. The vulnerability is being actively exploited in the wild and has been added to CISA's KEV catalog. |
| CVE-2025-64328 |
2025-11-07 |
π΄ HIGH RISK |
8.6 |
88 days |
No |
FreePBX Endpoint Manager, FreePBX Administration GUI |
FreePBX Administration GUI contains an authenticated OS command injection vulnerability that allows attackers to execute arbitrary commands on the system. This vulnerability is actively exploited in the wild and listed in CISA KEV catalog. |
| CVE-2023-43000 |
2025-11-05 |
π’ LOW RISK |
8.8 |
120 days |
No |
Safari, iOS/iPadOS, macOS |
CVE-2023-43000 is a use-after-free vulnerability in WebKit that affects client-side applications (Safari, iOS/iPadOS browsers, macOS Safari). Despite evidence of active exploitation, this requires user interaction to visit malicious websites and does not qualify as direct internet exploitation of public-facing applications. |
| CVE-2025-11953 |
2025-11-03 |
π΄ HIGH RISK |
9.8 |
94 days |
No |
React Native Metro Development Server, React Native Community CLI |
Critical OS command injection vulnerability in React Native Metro Development Server that binds to external interfaces by default. Allows unauthenticated remote attackers to execute arbitrary commands via HTTP POST requests. |
| CVE-2025-61757 |
2025-10-21 |
π΄ HIGH RISK |
9.8 |
31 days |
No |
Oracle Identity Manager |
Critical pre-authentication remote code execution vulnerability in Oracle Identity Manager REST WebServices component. Allows complete system takeover via unauthenticated HTTP requests with CISA-confirmed active exploitation. |
| CVE-2025-61932 |
2025-10-20 |
π‘ MEDIUM RISK |
9.8 |
2 days |
No |
Motex Lanscope Endpoint Manager On-Premises v9.4.7.1 and earlier |
Critical vulnerability in Motex Lanscope Endpoint Manager allowing remote code execution through improper verification of incoming network requests. Active exploitation confirmed with CISA KEV listing. |
| CVE-2025-59287 |
2025-10-14 |
π΄ HIGH RISK |
9.8 |
10 days |
No |
Windows Server, Windows Server 2012 R2 |
Critical deserialization vulnerability in Windows Server Update Services (WSUS) allows unauthenticated remote code execution over the network. WSUS servers are commonly deployed as centralized internet-facing infrastructure for managing Windows updates in enterprise environments. |
| CVE-2025-61884 |
2025-10-12 |
π΄ HIGH RISK |
7.5 |
8 days |
Yes (+117d) |
Oracle E-Business Suite Configurator |
CVE-2025-61884 is a high-severity vulnerability in Oracle E-Business Suite Configurator that allows unauthenticated remote attackers to access critical data via HTTP. The vulnerability has been actively exploited in the wild and added to CISA's KEV catalog. |
| CVE-2025-11371 |
2025-10-09 |
π΄ HIGH RISK |
7.5 |
26 days |
No |
CentreStack, TrioFox |
CVE-2025-11371 is an unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and TrioFox file-sharing platforms. This zero-day vulnerability has been actively exploited in the wild and allows attackers to access system files without authentication. |
| CVE-2025-61882 |
2025-10-05 |
π΄ HIGH RISK |
9.8 |
1 day |
Yes (+131d) |
Oracle E-Business Suite Concurrent Processing |
Critical unauthenticated remote code execution vulnerability in Oracle E-Business Suite Concurrent Processing component accessible via HTTP. Actively exploited by Cl0p ransomware group for data theft attacks with complete system takeover potential. |
| CVE-2025-20362 |
2025-09-25 |
π΄ HIGH RISK |
6.5 |
0 days (same day) |
No |
Cisco ASA Software, Cisco Firepower Threat Defense Software |
CVE-2025-20362 is a missing authorization vulnerability in Cisco ASA and FTD VPN web servers that allows unauthenticated remote attackers to access restricted URL endpoints. The vulnerability is being actively exploited in the wild and affects internet-facing firewall appliances. |
| CVE-2025-20333 |
2025-09-25 |
π΄ HIGH RISK |
9.9 |
0 days (same day) |
No |
Cisco ASA Software, Cisco Firepower Threat Defense Software |
CVE-2025-20333 is a critical buffer overflow vulnerability in the VPN web server component of Cisco ASA and Firepower Threat Defense Software that allows authenticated remote attackers to execute arbitrary code as root. This vulnerability is actively being exploited in the wild and affects internet-facing VPN appliances that are commonly deployed with public internet access. |
| CVE-2025-20352 |
2025-09-24 |
π΄ HIGH RISK |
7.7 |
5 days |
No |
Cisco IOS, Cisco IOS XE, Cisco IOS XE Catalyst SD-WAN |
Critical SNMP stack overflow vulnerability in Cisco IOS/IOS XE that allows remote code execution with high privileges or denial of service with low privileges. Actively exploited in the wild against network infrastructure devices commonly exposed to the internet. |
| CVE-2025-10585 |
2025-09-24 |
π’ LOW RISK |
Not provided in CIRCL data |
-1 days |
No |
Chrome |
CVE-2025-10585 is a type confusion vulnerability in Chrome's V8 engine that allows remote code execution via crafted HTML pages. While actively exploited as a zero-day, it requires user interaction to visit malicious websites, making it a client-side attack rather than direct server exploitation. |
| CVE-2025-26399 |
2025-09-23 |
π΄ HIGH RISK |
9.8 |
167 days |
No |
SolarWinds Web Help Desk |
Critical unauthenticated remote code execution vulnerability in SolarWinds Web Help Desk affecting the AjaxProxy component. This is a bypass of previous patches and allows direct exploitation over the internet without authentication. |
| CVE-2025-48703 |
2025-09-19 |
π΄ HIGH RISK |
9.0 |
46 days |
No |
CentOS Web Panel, Control Web Panel |
Critical unauthenticated remote code execution vulnerability in CentOS Web Panel through OS command injection in the filemanager module. Actively exploited in the wild with public PoC exploits and Metasploit modules available. |
| CVE-2025-59689 |
2025-09-19 |
π΄ HIGH RISK |
6.1 |
10 days |
No |
Libraesva Email Security Gateway 4.5 - 5.5.x |
Critical command injection vulnerability in Libraesva Email Security Gateway allowing remote code execution via malicious compressed email attachments. This vulnerability is actively exploited in the wild and affects internet-facing email security appliances. |
| CVE-2025-10035 |
2025-09-18 |
π΄ HIGH RISK |
10.0 |
11 days |
Yes (+138d) |
Fortra GoAnywhere MFT versions <= |
CVE-2025-10035 is a critical deserialization vulnerability in Fortra GoAnywhere MFT's License Servlet that allows unauthenticated remote code execution. This vulnerability has been actively exploited as a zero-day and affects internet-facing managed file transfer servers. |
| CVE-2025-9242 |
2025-09-17 |
π΄ HIGH RISK |
9.3 |
56 days |
No |
WatchGuard Firewall/Fireware OS |
Critical out-of-bounds write vulnerability in WatchGuard Fireware OS affecting IKEv2 VPN services that allows unauthenticated remote code execution. This is actively exploited in the wild according to CISA KEV and affects security appliances that are inherently internet-facing by design. |
| CVE-2025-21043 |
2025-09-12 |
π’ LOW RISK |
8.8 |
20 days |
No |
Samsung Android devices |
CVE-2025-21043 is an out-of-bounds write vulnerability in Samsung Android devices' image codec library that requires user interaction for exploitation. While actively exploited as a zero-day, it affects client devices rather than internet-facing servers. |
| CVE-2025-21042 |
2025-09-12 |
π’ LOW RISK |
8.8 |
59 days |
No |
Samsung Galaxy Mobile Devices |
CVE-2025-21042 is an out-of-bounds write vulnerability in Samsung mobile devices' image processing library that requires user interaction with malicious DNG image files. While actively exploited via messaging apps like WhatsApp, it targets client devices rather than internet-facing servers. |
| CVE-2025-54236 |
2025-09-09 |
π΄ HIGH RISK |
9.1 |
45 days |
No |
Adobe Commerce 2.4.4-p15 and earlier, Magento Open Source |
CVE-2025-54236 is a critical improper input validation vulnerability in Adobe Commerce (Magento) that enables session takeover and potentially remote code execution without user interaction. This vulnerability is being actively exploited in the wild against internet-facing e-commerce platforms. |
| CVE-2025-53690 |
2025-09-03 |
π΄ HIGH RISK |
9.0 |
1 day |
No |
Sitecore Experience Manager to, Sitecore Experience Platform to |
Critical ViewState deserialization vulnerability in Sitecore Experience Manager/Platform allowing remote code execution. Actively exploited in the wild since December 2024, affecting internet-facing Sitecore deployments using default sample machine keys. |
| CVE-2025-9377 |
2025-08-29 |
π΄ HIGH RISK |
8.6 |
5 days |
No |
TP-Link Systems Inc. Archer C7 V2, TP-Link Systems Inc. TL-WR841N/ND V9 |
CVE-2025-9377 is an authenticated remote command execution vulnerability in TP-Link router web interfaces that allows network-based exploitation of internet-facing devices. CISA has confirmed active exploitation and added it to the KEV catalog. |
| CVE-2025-55177 |
2025-08-29 |
π’ LOW RISK |
5.4 |
4 days |
No |
WhatsApp Desktop for Mac, WhatsApp Business for iOS, WhatsApp for iOS |
CVE-2025-55177 affects WhatsApp client applications on iOS and macOS, allowing unauthorized processing of content from arbitrary URLs through crafted synchronization messages. While it has network attack vector and active exploitation evidence, it targets client applications rather than internet-facing servers. |
| CVE-2025-57819 |
2025-08-28 |
π΄ HIGH RISK |
10.0 |
1 day |
No |
FreePBX security-reporting < |
FreePBX security-reporting module contains an authentication bypass vulnerability leading to SQL injection and RCE. This web-based PBX management interface is commonly exposed to the internet for remote administration and has been actively exploited since August 2025. |
| CVE-2025-7775 |
2025-08-26 |
π΄ HIGH RISK |
9.2 |
0 days (same day) |
No |
NetScaler ADC, NetScaler Gateway |
Critical memory overflow vulnerability in NetScaler ADC and Gateway allowing unauthenticated remote code execution. Active zero-day exploitation confirmed against internet-facing appliances with CISA KEV listing. |
| CVE-2025-43300 |
2025-08-21 |
π’ LOW RISK |
8.8 |
0 days (same day) |
No |
Apple macOS, Apple iOS and iPadOS, Apple iPadOS |
CVE-2025-43300 is an out-of-bounds write vulnerability in Apple's Image I/O framework affecting macOS, iOS, and iPadOS that requires user interaction to process a malicious image file. While actively exploited as a zero-day, it primarily affects client-side operating systems rather than internet-facing server applications. |
| CVE-2025-8876 |
2025-08-14 |
π΄ HIGH RISK |
9.4 |
-1 days |
No |
N-able N-central before version |
CVE-2025-8876 is a critical OS command injection vulnerability in N-able N-central RMM platform that allows authenticated attackers to execute arbitrary commands. CISA has confirmed active exploitation in the wild, and the vulnerability affects internet-facing management platforms used by MSPs. |
| CVE-2025-8088 |
2025-08-08 |
π’ LOW RISK |
8.4 |
4 days |
No |
win.rar GmbH WinRAR |
CVE-2025-8088 is a path traversal vulnerability in WinRAR that allows arbitrary code execution through malicious archive files. This requires user interaction to open/extract crafted archives and is not directly exploitable over the internet against public-facing services. |
| CVE-2025-54253 |
2025-08-05 |
π΄ HIGH RISK |
10.0 |
71 days |
No |
Adobe Experience Manager Forms on JEE versions 6.5.23 and earlier |
Critical misconfiguration vulnerability in Adobe Experience Manager Forms on JEE allowing pre-authentication remote code execution via OGNL injection. The vulnerability requires no user interaction and can be exploited directly over the network against internet-facing AEM instances. |
| CVE-2025-54948 |
2025-08-05 |
π΄ HIGH RISK |
9.4 |
13 days |
No |
Trend Micro Apex One 2019 versions < |
CVE-2025-54948 is a critical OS command injection vulnerability in Trend Micro Apex One on-premise management console that allows pre-authenticated remote attackers to upload malicious code and execute arbitrary commands. CISA has added this vulnerability to the KEV catalog due to active exploitation in the wild. |
| CVE-2025-6205 |
2025-08-04 |
π΄ HIGH RISK |
9.1 |
85 days |
No |
DELMIA Apriso |
Critical missing authorization vulnerability in DELMIA Apriso manufacturing execution system allows unauthenticated attackers to gain privileged access over the network. CISA coordinator notes active exploitation is occurring in the wild. |
| CVE-2025-6204 |
2025-08-04 |
π‘ MEDIUM RISK |
8.0 |
85 days |
No |
Dassault DELMIA Apriso |
Code injection vulnerability in Dassault Systèmes DELMIA Apriso manufacturing operations management platform allows arbitrary code execution. Requires high privileges but exploitable over network without user interaction. |
| CVE-2025-53770 |
2025-07-20 |
π΄ HIGH RISK |
9.8 |
0 days (same day) |
Yes (+209d) |
Microsoft SharePoint Enterprise Server, Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition |
Critical deserialization vulnerability in on-premises SharePoint Server allowing unauthenticated remote code execution over the network. Actively exploited in the wild with public exploits available. |
| CVE-2025-54309 |
2025-07-18 |
π΄ HIGH RISK |
9.0 |
4 days |
No |
CrushFTP CrushFTP versions 10 before, CrushFTP CrushFTP versions 11 before 11.3.4_23 |
Critical vulnerability in CrushFTP file transfer server allows remote attackers to obtain admin access via HTTPS through mishandled AS2 validation. Actively exploited in the wild with large numbers of internet-facing instances vulnerable. |
| CVE-2025-25257 |
2025-07-17 |
π΄ HIGH RISK |
9.6 |
1 day |
No |
Fortinet FortiWeb, FortiWeb |
Critical SQL injection vulnerability in Fortinet FortiWeb WAF allowing unauthenticated attackers to execute arbitrary SQL and code via crafted HTTP/HTTPS requests. CISA has confirmed active exploitation in the wild with public PoC available. |
| CVE-2025-20337 |
2025-07-16 |
π΄ HIGH RISK |
10.0 |
12 days |
No |
Cisco Identity Services Engine Software, Cisco ISE Passive Identity Connector |
Critical unauthenticated remote code execution vulnerability in Cisco ISE API that allows attackers to execute arbitrary code as root. The vulnerability is actively exploited in the wild and requires no authentication or user interaction. |
| CVE-2025-6558 |
2025-07-15 |
π’ LOW RISK |
8.8 |
7 days |
No |
Google Chrome |
CVE-2025-6558 is a Google Chrome vulnerability allowing sandbox escape via crafted HTML pages. While actively exploited and on CISA KEV, it requires user interaction to visit malicious websites, making it unsuitable for T1190 direct network exploitation. |
| CVE-2025-47812 |
2025-07-10 |
π΄ HIGH RISK |
10.0 |
4 days |
No |
wftpserver Wing FTP Server versions before |
Critical RCE vulnerability in Wing FTP Server allowing arbitrary Lua code injection through null byte mishandling in web interfaces. Exploitable remotely without authentication, including via anonymous FTP accounts, leading to total server compromise. |
| CVE-2025-48384 |
2025-07-08 |
π’ LOW RISK |
8.1 |
48 days |
No |
git git |
Git vulnerability allowing arbitrary code execution through malicious repositories with crafted submodule paths. Requires user interaction (git clone --recursive) and primarily affects client-side Git operations rather than internet-facing server applications. |
| CVE-2025-49706 |
2025-07-08 |
π΄ HIGH RISK |
6.5 |
14 days |
Yes (+207d) |
Microsoft SharePoint Enterprise Server, Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition |
CVE-2025-49706 is an improper authentication vulnerability in Microsoft SharePoint Server that allows network-based spoofing attacks without authentication. The vulnerability is actively exploited in the wild and enables attackers to bypass authentication by manipulating HTTP headers. |
| CVE-2025-49704 |
2025-07-08 |
π΄ HIGH RISK |
8.8 |
14 days |
Yes (+207d) |
Microsoft SharePoint Enterprise Server, Microsoft SharePoint Server |
CVE-2025-49704 is a critical code injection vulnerability in Microsoft SharePoint that allows remote code execution over the network with only low-privilege authentication required. SharePoint servers are commonly deployed as internet-facing enterprise applications, making this vulnerability highly exploitable via T1190. |
| CVE-2025-6554 |
2025-06-30 |
π’ LOW RISK |
8.1 |
2 days |
No |
Google Chrome |
CVE-2025-6554 is a type confusion vulnerability in Google Chrome's V8 JavaScript engine that allows arbitrary read/write via crafted HTML pages. While actively exploited and on CISA KEV, it requires user interaction and affects client-side browser software, not internet-facing server applications. |
| CVE-2025-20281 |
2025-06-25 |
π΄ HIGH RISK |
10.0 |
33 days |
No |
Cisco Identity Services Engine Software |
Critical unauthenticated remote code execution vulnerability in Cisco ISE API that allows attackers to execute arbitrary code as root via crafted API requests. Actively exploited in the wild with CVSS 10.0 severity. |
| CVE-2025-6543 |
2025-06-25 |
π΄ HIGH RISK |
9.2 |
5 days |
No |
NetScaler ADC, NetScaler Gateway |
Critical memory overflow vulnerability in NetScaler ADC and Gateway that allows remote network exploitation leading to denial of service and potential code execution. The vulnerability is actively exploited in the wild as a zero-day since May 2025. |
| CVE-2025-6264 |
2025-06-20 |
π‘ MEDIUM RISK |
5.5 |
N/A |
No |
Rapid7 Velociraptor < |
CVE-2025-6264 is a privilege escalation vulnerability in Rapid7 Velociraptor that allows users with COLLECT_CLIENT permissions to execute arbitrary commands and take over endpoints. The vulnerability has been actively exploited in ransomware attacks and affects internet-facing Velociraptor server deployments. |
| CVE-2025-5777 |
2025-06-17 |
π΄ HIGH RISK |
9.3 |
23 days |
Yes (+219d) |
NetScaler ADC, NetScaler Gateway |
Critical memory overread vulnerability in NetScaler ADC/Gateway allowing unauthenticated remote attackers to read sensitive memory contents including session tokens. Actively exploited in the wild with CISA KEV listing. |
| CVE-2025-43200 |
2025-06-16 |
π’ LOW RISK |
4.8 |
0 days (same day) |
No |
Apple iOS and iPadOS, Apple macOS, Apple iPadOS (+2 more) |
CVE-2025-43200 is a logic issue in Apple client operating systems (iOS, macOS, iPadOS, watchOS, visionOS) that processes malicious media shared via iCloud Links. While it has network attack vector and is actively exploited, it targets client devices rather than internet-facing server applications. |
| CVE-2025-33073 |
2025-06-10 |
π’ LOW RISK |
8.8 |
132 days |
No |
Windows, Windows Server 2008 SP2, Windows Server 2008 R2 SP1 (+2 more) |
CVE-2025-33073 is an SMB client elevation of privilege vulnerability that allows authenticated attackers to perform NTLM reflection attacks. While it has a network attack vector, it targets SMB client functionality rather than internet-facing server services, making direct internet exploitation unlikely. |
| CVE-2025-33053 |
2025-06-10 |
π‘ MEDIUM RISK |
8.8 |
0 days (same day) |
No |
Microsoft Windows 10 Version, Microsoft Windows Server, Microsoft Windows 10 Version 21H2 (+1 more) |
CVE-2025-33053 is a remote code execution vulnerability in Windows Internet Shortcut Files that requires user interaction (clicking malicious WebDAV links). While it has CVSS attack vector NETWORK, it primarily relies on spearphishing rather than direct exploitation of internet-facing services. |
| CVE-2025-5086 |
2025-06-02 |
π΄ HIGH RISK |
9.0 |
101 days |
No |
DELMIA Apriso Release |
Critical deserialization vulnerability in DELMIA Apriso manufacturing execution system allowing remote code execution without authentication. Active exploitation observed in the wild targeting internet-facing instances. |
| CVE-2025-48927 |
2025-05-28 |
π΄ HIGH RISK |
5.3 |
34 days |
No |
TeleMessage service |
TeleMessage service exposes an unauthenticated Spring Boot Actuator /heapdump endpoint that allows attackers to extract sensitive credentials remotely. This vulnerability is actively exploited in the wild and affects internet-facing enterprise messaging systems. |
| CVE-2025-2776 |
2025-05-07 |
π΄ HIGH RISK |
9.3 |
76 days |
No |
SysAid On-Prem versions <= |
CVE-2025-2776 is an unauthenticated XML External Entity (XXE) vulnerability in SysAid On-Prem that allows remote attackers to achieve administrator account takeover and file read access without any authentication. This vulnerability is actively being exploited in the wild and has been added to CISA's Known Exploited Vulnerabilities catalog. |
| CVE-2025-2775 |
2025-05-07 |
π΄ HIGH RISK |
9.3 |
76 days |
No |
SysAid SysAid On-Prem versions <= |
SysAid On-Prem is vulnerable to an unauthenticated XML External Entity (XXE) vulnerability allowing administrator account takeover and file read primitives. This is a server-side application typically deployed with internet-facing interfaces for IT support services. |
| CVE-2025-32433 |
2025-04-16 |
π΄ HIGH RISK |
10.0 |
54 days |
No |
erlang otp |
CVE-2025-32433 is a critical pre-authentication remote code execution vulnerability in Erlang/OTP SSH servers with a CVSS score of 10.0. The vulnerability allows unauthenticated attackers to execute arbitrary commands by exploiting flaws in SSH protocol message handling, with active exploitation confirmed in the wild. |
| CVE-2024-54085 |
2025-03-11 |
π΄ HIGH RISK |
10.0 |
106 days |
No |
AMI MegaRAC-SPx versions 12.0 to <12.7 and 13.0 to <13.5 |
Critical authentication bypass vulnerability in AMI MegaRAC BMC software affecting server management interfaces. Allows remote unauthenticated attackers to bypass authentication through the Redfish Host Interface with no user interaction required. |
PatchNow - Analysis History