Skip to main content
CVE-2024-46436 HIGH POC This Week

Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W18E Firmware
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2024-46434 HIGH POC This Week

Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W18E Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-46433 HIGH POC This Week

A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W18E Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-46432 HIGH POC This Week

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W18E Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-46431 HIGH POC This Week

Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow W18E Firmware
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2024-46430 MEDIUM POC This Week

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W18E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-46429 HIGH POC This Week

A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W18E Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-42513 MEDIUM PATCH This Month

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ua Net Standard Stack
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13059 HIGH POC PATCH THREAT This Month

AnythingLLM prior to version 1.3.1 contains a path traversal vulnerability through non-ASCII filename handling in the multer library. The filename transformation introduces ../ sequences that enable arbitrary file write, leading to remote code execution on the LLM application server.

RCE Path Traversal Anythingllm
NVD GitHub
CVSS 3.0
7.2
EPSS
55.4%
CVE-2025-1152 LOW POC Monitor

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Binutils
NVD VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2024-57409 MEDIUM POC Monitor

A stored cross-site scripting (XSS) vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Cool Admin Java
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-57408 HIGH POC This Month

An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java File Upload Cool Admin Java
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-48170 MEDIUM This Month

PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Small Crm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-1151 LOW POC Monitor

A vulnerability was found in GNU Binutils 2.43. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Binutils
NVD VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-25186 MEDIUM PATCH This Month

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-24032 CRITICAL PATCH This Week

PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Suse
NVD GitHub
CVSS 4.0
9.2
EPSS
0.7%
CVE-2025-21689 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-1149 LOW POC Monitor

A vulnerability was found in GNU Binutils 2.43. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Binutils
NVD VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2024-10334 HIGH This Month

A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-1147 LOW POC Monitor

A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils
NVD VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-1175 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4, in versions between 3.2C and 5.1K. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-8684 HIGH This Month

OS Command Injection vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD
CVSS 3.1
8.3
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy