Skip to main content
CVE-2025-24893 CRITICAL POC KEV PATCH THREAT Act Now

XWiki Platform allows unauthenticated remote code execution through the SolrSearch endpoint, enabling guests to execute arbitrary code and compromise the entire XWiki installation.

RCE Code Injection Xwiki
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
93.9%
Threat
7.8
CVE-2024-55457 MEDIUM POC THREAT This Month

MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.8%.

Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
86.8%
Threat
5.4
CVE-2025-27218 MEDIUM POC THREAT This Month

Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.6%.

RCE Code Injection Deserialization
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
57.6%
Threat
4.3
CVE-2025-0868 CRITICAL POC THREAT Emergency

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.0%.

Python RCE Code Injection
NVD GitHub Exploit-DB
CVSS 4.0
9.3
EPSS
16.0%
CVE-2024-54756 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2025-25668 CRITICAL POC Act Now

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25667 CRITICAL POC Act Now

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25664 CRITICAL POC Act Now

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25663 CRITICAL POC Act Now

A vulnerability was found in Tenda AC8V4 V16.03.34.06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27096 CRITICAL POC Act Now

WeGIA is a Web Manager for Institutions with a focus on Portuguese language. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.4%
CVE-2023-51319 HIGH POC This Week

PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Bus Reservation System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-51311 HIGH POC This Week

PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Car Park Booking System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-51313 HIGH POC This Week

PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Restaurant Booking System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-27088 HIGH POC PATCH This Week

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS S3 Proxy Suse
NVD GitHub
CVSS 4.0
8.4
EPSS
0.2%
CVE-2025-26304 HIGH POC This Week

A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libming
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-26305 HIGH POC This Week

A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-51316 HIGH POC This Week

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bus Reservation System
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-51314 HIGH POC This Week

A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Restaurant Booking System
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-13888 HIGH POC PATCH This Week

The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect WordPress Wpmobile App
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-1039 HIGH POC PATCH This Week

The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Lenix Leads Collector PHP
NVD WPScan
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-25973 MEDIUM POC PATCH This Month

A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Ppress
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-51339 MEDIUM POC This Month

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Event Ticketing System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Event Ticketing System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-51324 MEDIUM POC This Month

PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Shared Asset Booking System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-51317 MEDIUM POC This Month

PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Restaurant Booking System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-26311 MEDIUM POC This Month

Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD) in util/parser.c of libming v0.4.8, which allow attackers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-26310 MEDIUM POC This Month

Multiple memory leaks have been identified in the ABC file parsing functions (parseABC_CONSTANT_POOL and `parseABC_FILE) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-51323 MEDIUM POC This Month

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Shared Asset Booking System
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51321 MEDIUM POC This Month

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Night Club Booking Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Night Club Booking Software
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51327 MEDIUM POC This Month

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Cleaning Business Software
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51326 MEDIUM POC This Month

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Cleaning Business Software
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26309 MEDIUM POC This Month

A memory leak has been identified in the parseSWF_DEFINESCENEANDFRAMEDATA function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26308 MEDIUM POC This Month

A memory leak has been identified in the parseSWF_FILTERLIST function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26307 MEDIUM POC This Month

A memory leak has been identified in the parseSWF_IMPORTASSETS2 function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26306 MEDIUM POC This Month

A memory leak has been identified in the readSizedString function in util/read.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51331 MEDIUM POC This Month

PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Cleaning Business Software
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13789 CRITICAL Act Now

The ravpage plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.31 via deserialization of untrusted input from the 'paramsv2' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress PHP Deserialization
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-51308 MEDIUM POC This Month

PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Car Park Booking System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-25957 MEDIUM POC This Month

Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xunruicms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-25960 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Phpcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-25675 CRITICAL Act Now

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-37361 CRITICAL Act Now

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2024-57401 CRITICAL Act Now

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-25678 CRITICAL Act Now

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow I12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25676 CRITICAL Act Now

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow I12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25674 CRITICAL Act Now

Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25662 CRITICAL Act Now

Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow O4 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27098 MEDIUM POC PATCH This Month

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PostgreSQL Path Traversal Graphql Mesh Cli Graphql Mesh Http
NVD GitHub
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-1265 CRITICAL Act Now

An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
9.4
EPSS
0.7%
CVE-2023-51330 MEDIUM POC This Month

PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cinema Booking System
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-51318 MEDIUM POC This Month

PHPJabbers Bus Reservation System v1.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bus Reservation System
NVD
CVSS 3.1
5.4
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy