Skip to main content
CVE-2024-12847 CRITICAL POC THREAT Emergency

NETGEAR DGN1000 routers with firmware before 1.1.00.48 contain an unauthenticated remote command execution vulnerability via the setup.cgi endpoint. The vulnerability has been exploited in the wild since at least 2017, notably by the Mirai-derived Reaper/IoTroop botnet for large-scale DDoS operations.

Command Injection Netgear Authentication Bypass Dgn1000 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
71.3%
Threat
5.6
CVE-2024-57225 CRITICAL POC Act Now

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-57224 CRITICAL POC Act Now

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-57223 CRITICAL POC Act Now

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2025-22949 CRITICAL POC Act Now

Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Tenda Ac9 Firmware
NVD
CVSS 3.1
9.8
EPSS
8.2%
CVE-2025-22152 CRITICAL This Week

Atheos is a self-hosted browser-based cloud IDE. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD GitHub
CVSS 4.0
9.4
EPSS
0.1%
CVE-2024-56511 CRITICAL POC Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2024-29971 CRITICAL POC Act Now

Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected signals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Scone
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-29970 CRITICAL POC Act Now

Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads to state corruption via injected signals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-22946 CRITICAL POC Act Now

Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Buffer Overflow Ac9 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2024-57687 CRITICAL POC Act Now

An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP Land Record System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-57686 CRITICAL POC Act Now

A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Land Record System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-41787 CRITICAL This Week

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Doors Next
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-57823 CRITICAL POC PATCH Act Now

In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Raptor Rdf Syntax Library Red Hat Suse
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-23016 CRITICAL PATCH This Week

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Suse
NVD GitHub
CVSS 3.1
9.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy