Skip to main content
CVE-2025-22912 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2025-22906 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Code Injection Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2025-22905 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Code Injection Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-22916 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-22904 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-22907 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-23922 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
10.0
EPSS
3.4%
CVE-2025-23797 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-48885 CRITICAL Act Now

Privilege escalation via path traversal affects multiple Fortinet appliances - FortiWeb (6.4, 7.0, 7.2, 7.4.0-7.4.4, 7.6.0), FortiVoice (6.0, 6.4.0-6.4.9, 7.0.0-7.0.4), and FortiRecorder (7.0.0-7.0.4, 7.2.0-7.2.1) - where an attacker sends specially crafted packets that break out of a restricted directory to gain elevated privileges. Fortinet PSIRT scores this CVSS 9.1 with no confidentiality impact but high integrity and availability impact, reflecting a management-plane compromise rather than data theft. There is no public exploit identified at time of analysis and EPSS is modest (0.39%, 60th percentile), so exploitation is not yet observed at scale.

Fortinet Path Traversal Fortirecorder Fortivoice Fortiweb
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-57703 CRITICAL POC Act Now

Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-53553 CRITICAL POC Act Now

An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Foiaxpress Public Access Link
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-57583 CRITICAL This Week

Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-57582 CRITICAL POC Act Now

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-57581 CRITICAL POC Act Now

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-57580 CRITICAL POC Act Now

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-57579 CRITICAL This Week

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-57575 CRITICAL This Week

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-57684 CRITICAL This Week

An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Privilege Escalation Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2024-57768 CRITICAL POC Act Now

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinaloa
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-0471 CRITICAL This Week

Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Pmb
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2025-22913 CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Re11S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-0456 CRITICAL This Week

The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-0455 CRITICAL This Week

The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy