Skip to main content
CVE-2025-22912 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2025-22906 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Code Injection Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2025-22905 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Code Injection Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-22916 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-22904 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-22907 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-23922 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
10.0
EPSS
3.4%
CVE-2025-23797 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-48885 CRITICAL Act Now

Privilege escalation via path traversal affects multiple Fortinet appliances - FortiWeb (6.4, 7.0, 7.2, 7.4.0-7.4.4, 7.6.0), FortiVoice (6.0, 6.4.0-6.4.9, 7.0.0-7.0.4), and FortiRecorder (7.0.0-7.0.4, 7.2.0-7.2.1) - where an attacker sends specially crafted packets that break out of a restricted directory to gain elevated privileges. Fortinet PSIRT scores this CVSS 9.1 with no confidentiality impact but high integrity and availability impact, reflecting a management-plane compromise rather than data theft. There is no public exploit identified at time of analysis and EPSS is modest (0.39%, 60th percentile), so exploitation is not yet observed at scale.

Fortinet Path Traversal Fortirecorder Fortivoice Fortiweb
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-23532 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget allows Privilege Escalation.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-23530 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg of Social Ink Custom Post Type Lockdown allows Privilege Escalation.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-23528 HIGH This Week

Incorrect Privilege Assignment vulnerability in Wouter Dijkstra DD Roles allows Privilege Escalation.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-23911 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solidres Team Solidres - Hotel booking plugin allows SQL Injection.9.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-23912 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-23913 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pankajpragma, rahulpragma WordPress Google Map Professional allows SQL Injection.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2024-45331 HIGH This Week

Local privilege escalation in Fortinet FortiAnalyzer, FortiManager and their Cloud variants allows an already-authenticated low-privileged user to run specific shell commands that grant elevated privileges (CWE-266, incorrect privilege assignment). The flaw spans multiple 6.4 through 7.4 branches and carries a 7.8 CVSS score with high confidentiality, integrity and availability impact. There is no public exploit identified at time of analysis and EPSS is low (0.18%), consistent with a local-only, post-authentication issue rather than a remotely wormable one.

Privilege Escalation Fortinet Fortianalyzer Fortianalyzer Cloud Fortimanager +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2018-25108 HIGH This Week

An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2025-23915 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

LFI Information Disclosure PHP
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2025-23779 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in web-mv.de ResAds allows SQL Injection.0.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2025-23780 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AlphaBPO Easy Code Snippets allows SQL Injection.0.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2025-23828 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OriginalTips.com WordPress Data Guard allows Stored XSS. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-23827 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Strx Strx Magic Floating Sidebar Maker allows Stored XSS.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-23547 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Shaw LH Login Page allows Reflected XSS.14. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-23438 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MarvinLabs WP PT-Viewer allows Reflected XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-23826 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Predrag Supurović Stop Comment Spam allows Stored XSS.5.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-23453 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Myriad Solutionz Stars SMTP Mailer allows Reflected XSS.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23699 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TechMix Event Countdown Timer Plugin by TechMix allows Reflected XSS.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23689 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Poco Blogger Image Import allows Stored XSS.1 through n/a. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23749 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mahdi Khaksar mybb Last Topics allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23745 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor internet & marketing Call me Now allows Stored XSS.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23743 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Martijn Scheybeler Social Analytics allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23720 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Web Push allows Stored XSS.4.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mozilla XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23717 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ITMOOTI Theme My Ontraport Smartform allows Stored XSS.2.11. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23715 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post & Page Notes allows Stored XSS.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23712 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kapost Kapost allows Stored XSS.2.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23710 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mayur Sojitra Flying Twitter Birds allows Stored XSS.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23702 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Schalk Burger Anonymize Links allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23698 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Iván R. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23694 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Shabbos Commerce Shabbos and Yom Tov allows Stored XSS.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23693 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Stanisław Skonieczny Secure CAPTCHA allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23872 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PayForm PayForm allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23832 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Matt Gibbs Admin Cleanup allows Stored XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23823 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in jprintf CNZZ&51LA for WordPress allows Cross Site Request Forgery.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23818 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Peggy Kuo More Link Modifier allows Stored XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23810 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Igor Sazonov Len Slider allows Reflected XSS.0.11. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23805 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in SEOReseller Team SEOReseller Partner allows Cross Site Request Forgery.3.15. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23559 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Stepan Stepasyuk MemeOne allows Stored XSS.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23537 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23511 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Viktoria Rei Bauer WP-BlackCheck allows Stored XSS.7.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23510 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Zaantar WordPress Logging Service allows Stored XSS.5.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy