Skip to main content
CVE-2025-31125 MEDIUM POC KEV PATCH THREAT Act Now

Vite is a frontend tooling framework for javascript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Vite Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
83.3%
Threat
6.6
CVE-2025-30004 HIGH POC THREAT Act Now

Xorcom CompletePBX through version 5.2.35 contains an authenticated command injection vulnerability in the Task Scheduler functionality. Attackers with administrator access can inject arbitrary OS commands that execute as root, achieving complete system compromise of the VoIP PBX.

Command Injection Completepbx
NVD
CVSS 3.1
8.8
EPSS
78.6%
Threat
5.6
CVE-2025-30005 HIGH POC THREAT Act Now

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 74.7% and no vendor patch available.

Path Traversal Completepbx
NVD
CVSS 3.1
8.3
EPSS
74.7%
Threat
5.4
CVE-2025-2292 MEDIUM POC THREAT This Month

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.2.35. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 68.8% and no vendor patch available.

Path Traversal Completepbx
NVD
CVSS 3.1
6.5
EPSS
68.8%
Threat
4.9
CVE-2025-22939 CRITICAL POC THREAT Emergency

A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.2%.

Command Injection 411 Firmware
NVD
CVSS 3.1
9.8
EPSS
18.2%
CVE-2025-22941 CRITICAL POC THREAT Emergency

A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.3%.

Command Injection 411 Firmware
NVD
CVSS 3.1
9.8
EPSS
14.3%
CVE-2024-54804 CRITICAL POC THREAT Emergency

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

RCE Netgear Command Injection Code Injection Wnr854T Firmware
NVD
CVSS 3.1
9.8
EPSS
10.2%
CVE-2024-54803 CRITICAL POC THREAT Emergency

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

RCE Netgear Command Injection Code Injection Wnr854T Firmware
NVD
CVSS 3.1
9.8
EPSS
10.2%
CVE-2024-54807 CRITICAL POC Act Now

In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Netgear Command Injection Code Injection Wnr854T Firmware
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2024-54805 CRITICAL POC Act Now

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Netgear Command Injection Code Injection Wnr854T Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2024-54806 CRITICAL POC Act Now

Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Netgear Code Injection Wnr854T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-54808 CRITICAL POC Act Now

Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow RCE Stack Overflow Wnr854T Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-54802 CRITICAL POC Act Now

In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Buffer Overflow Wnr854T Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-22938 CRITICAL POC Act Now

Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 411 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-54809 CRITICAL POC Act Now

Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Stack Overflow Wnr854T Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-30223 CRITICAL POC PATCH Act Now

Beego is an open-source web framework for the Go programming language. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Beego Suse
NVD GitHub
CVSS 3.1
9.3
EPSS
0.3%
CVE-2025-22940 CRITICAL POC Act Now

Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unauthorized attackers to arbitrarily set the admin password. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 411 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-30161 HIGH POC This Week

OpenEMR is a free and open source electronic health records and medical practice management application. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openemr
NVD GitHub
CVSS 4.0
8.4
EPSS
0.5%
CVE-2023-0881 HIGH POC This Week

Running DDoS on tcp port 22 will trigger a kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Bluefield
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-29772 HIGH POC PATCH This Week

OpenEMR is a free and open source electronic health records and medical practice management application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Openemr
NVD GitHub
CVSS 4.0
7.2
EPSS
0.7%
CVE-2025-31117 MEDIUM POC PATCH This Month

OpenEMR is a free and open source electronic health records and medical practice management application. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Openemr
NVD GitHub
CVSS 4.0
6.9
EPSS
1.0%
CVE-2025-2996 MEDIUM POC This Month

A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2025-2992 MEDIUM POC This Month

A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2025-2991 MEDIUM POC This Month

A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2025-2993 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-2995 MEDIUM POC This Month

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-2994 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-2990 MEDIUM POC This Month

A vulnerability was found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-3006 MEDIUM POC This Month

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Diary Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-30149 MEDIUM POC PATCH This Month

OpenEMR is a free and open source electronic health records and medical practice management application. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Openemr
NVD GitHub
CVSS 3.1
6.4
EPSS
0.7%
CVE-2025-2071 CRITICAL Act Now

A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass
NVD
CVSS 4.0
10.0
EPSS
1.7%
CVE-2025-24237 CRITICAL Act Now

A buffer overflow was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2025-0613 MEDIUM POC This Month

The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Photo Gallery PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-24264 CRITICAL PATCH Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2025-30457 CRITICAL Act Now

This issue was addressed with improved validation of symlinks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-24266 CRITICAL Act Now

A buffer overflow was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-30426 CRITICAL Act Now

This issue was addressed with additional entitlement checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-24230 CRITICAL Act Now

An out-of-bounds read issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-24211 CRITICAL Act Now

This issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-24190 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-26689 CRITICAL Act Now

Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-24238 CRITICAL Act Now

A logic issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-31183 CRITICAL Act Now

The issue was addressed with improved restriction of data container access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-30452 CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-30424 CRITICAL Act Now

A logging issue was addressed with improved data redaction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24273 CRITICAL Act Now

An out-of-bounds write issue was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24265 CRITICAL Act Now

An out-of-bounds read was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24260 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24256 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24253 CRITICAL Act Now

This issue was addressed with improved handling of symlinks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.7%
Page 1 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy