The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2025-31324

• Severity: 9.8 CRITICAL
• Impacted Products: SAP NetWeaver Visual Composer Metadata Uploader
• Description: SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-31324
• PoC: https://github.com/nullcult/CVE-2025-31324-File-Upload/

CVE-2025-4427 & CVE-2025-4428

• Severity: 7.5 HIGH
• Impacted Products: Ivanti Endpoint Manager Mobile 12.5.0.0
• Description: An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-4427 & NVD - CVE-2025-4428
• PoC: https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/

CVE-2025-34028

• Severity: 10.0 CRITICAL
• Impacted Products: Command Center Innovation Release: 11.38
• Description: The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP.
• More Info: NVD - CVE-2025-34028
• PoC: https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/

CVE-2024-46506

• Severity: 10.0 CRITICAL
• Impacted Products: NetAlertX 23.01.14 through 24.x before 24.10.12
• Description: Unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.
• More Info: NVD - CVE-2024-46506
• PoC: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netalertx_rce_cve_2024_46506.rb

CVE-2024-12847

• Severity: 7.5 HIGH
• Impacted Products: NETGEAR DGN1000 before 1.1.00.48
• Description: Authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild since at least 2017.
• Remediation: Follow developer guidance.
• More Info: CVE-2024-12847
• PoC: https://www.exploit-db.com/exploits/43055

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.