Skip to main content
CVE-2025-0345 MEDIUM POC This Month

A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cy Fast
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-12802 CRITICAL This Week

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sonicwall
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-0344 MEDIUM POC This Month

A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cy Fast
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0342 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Computer Laboratory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0341 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Computer Laboratory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-43663 MEDIUM This Month

There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow
NVD
CVSS 4.0
5.3
EPSS
4.5%
CVE-2024-43662 MEDIUM This Month

The <redacted>.exe or <redacted>.exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-43661 HIGH This Month

The <redacted>.so library, which is used by <redacted>, is vulnerable to a buffer overflow in the code that handles the deletion of certificates. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-43660 HIGH This Month

The CGI script <redacted>.sh can be used to download any file on the filesystem. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-43659 HIGH This Month

After gaining access to the firmware of a charging station, a file at <redacted> can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2024-43658 HIGH This Month

Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files Likelihood: High, but requires authentication Impact: Critical - The. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.2
EPSS
0.2%
CVE-2024-43657 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root Likelihood: High. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-43656 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root Likelihood: Moderate - It might be difficult for an attacker to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-43655 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root Likelihood: Moderate - The attacker will first need to find the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.2%
CVE-2024-43654 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root Likelihood: Moderate - The. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.9%
CVE-2024-43653 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root Likelihood: Moderate - The <redacted> binary does not seem to be. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.9%
CVE-2024-43652 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root It seems to be largely the same binary as used by the Iocharger. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
2.5%
CVE-2024-43651 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root It seems to be largely the same binary as used by the Iocharger. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
2.5%
CVE-2024-43650 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects firmware. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
2.7%
CVE-2024-43649 CRITICAL This Week

Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.7%
CVE-2024-43648 CRITICAL This Week

Command injection in the <redacted> parameter of a <redacted>.exe request leads to remote code execution as the root user. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 4.0
9.3
EPSS
2.0%
CVE-2024-40765 CRITICAL This Week

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Integer Overflow Denial Of Service
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-12806 MEDIUM Monitor

A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-12805 HIGH This Month

A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-12803 HIGH This Month

A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2025-22449 LOW PATCH Monitor

Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-22445 LOW PATCH Monitor

Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-20033 MEDIUM PATCH Monitor

Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-0340 MEDIUM This Month

A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Cinema Seat Reservation System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0339 MEDIUM POC This Month

A vulnerability classified as problematic has been found in code-projects Online Bike Rental 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Bike Rental System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0336 MEDIUM POC This Month

A vulnerability was found in Codezips Project Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-53706 HIGH This Month

A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-53705 HIGH This Month

A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-40762 CRITICAL This Week

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-13041 MEDIUM POC Monitor

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-0335 MEDIUM POC This Month

A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Online Bike Rental System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0334 MEDIUM POC This Month

A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cy Fast
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-6324 MEDIUM POC Monitor

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-12736 MEDIUM POC This Month

The BU Section Editing WordPress plugin through 0.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bu Section Editing
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12731 MEDIUM POC This Month

The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Infeed
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12717 MEDIUM POC Monitor

The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Infeed
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-12715 MEDIUM POC This Month

The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Asgard Security Scanner
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12714 MEDIUM POC This Month

The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Backlink Monitoring Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-10815 MEDIUM POC Monitor

The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress XSS Postlists
NVD WPScan
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-0333 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cy Fast
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0331 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2.php of the component HTTP POST Request Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0328 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-56827 MEDIUM PATCH This Month

A flaw was found in the OpenJPEG project. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2024-56826 MEDIUM PATCH This Month

A flaw was found in the OpenJPEG project. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2024-13213 MEDIUM This Month

A vulnerability classified as problematic was found in SingMR HouseRent 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Houserent
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy