Skip to main content
CVE-2025-32778 CRITICAL POC THREAT Emergency

Web-Check is an all-in-one OSINT tool for analyzing any website. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 32.4% and no vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
32.4%
Threat
4.3
CVE-2025-28137 CRITICAL POC THREAT Emergency

The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%.

Command Injection A810R Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
11.9%
CVE-2025-29471 HIGH POC THREAT Act Now

Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 16.0%.

RCE XSS Log Server
NVD Exploit-DB
CVSS 3.1
8.3
EPSS
16.0%
CVE-2025-28399 CRITICAL POC Act Now

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Xmall
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28100 CRITICAL POC Act Now

A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Dingfanzu
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-25456 CRITICAL POC Act Now

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-22900 CRITICAL POC Act Now

Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N600r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2021-27289 CRITICAL POC Act Now

A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
0.6%
CVE-2025-29281 HIGH POC This Week

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection File Upload Perfreeblog
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-31491 HIGH POC This Week

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Open Redirect Information Disclosure Autogpt Platform
NVD GitHub
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-28145 MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6478ac V3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
9.2%
CVE-2025-28143 MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6478ac V3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
9.2%
CVE-2025-28142 MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6478ac V3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
9.2%
CVE-2025-30712 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Oracle Authentication Bypass Denial Of Service Vm Virtualbox +1
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-50960 HIGH POC This Week

A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Code Injection Smp 111 Firmware Smp 351 Firmware +2
NVD GitHub
CVSS 3.1
7.2
EPSS
4.3%
CVE-2025-32948 HIGH POC This Week

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption SSRF Denial Of Service Peertube
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-32947 HIGH POC PATCH This Week

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Peertube
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-27892 MEDIUM POC PATCH This Month

Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Shopware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.8%
CVE-2025-1292 MEDIUM POC This Month

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-1122 MEDIUM POC This Month

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-28144 MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Br 6478ac V3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-27980 MEDIUM POC This Month

cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cashbook
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32949 MEDIUM POC This Month

This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when extracting a Zip Bomb. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Peertube
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-32944 MEDIUM POC This Month

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Peertube
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-26927 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server.3.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2025-30727 CRITICAL Act Now

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass E Business Suite
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-32445 CRITICAL PATCH Act Now

Argo Events is an event-driven workflow automation framework for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Privilege Escalation Red Hat Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.4%
CVE-2025-28198 MEDIUM POC This Month

A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Hitout Car Sale
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-44843 MEDIUM POC This Month

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Steve
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-30985 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in NotFound GNUCommerce allows Object Injection.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-30206 CRITICAL PATCH Act Now

Dpanel is a Docker visualization panel system which provides complete Docker management functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Privilege Escalation Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-24797 CRITICAL Act Now

Meshtastic is an open source mesh networking solution. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Meshtastic Firmware
NVD GitHub
CVSS 3.1
9.4
EPSS
2.0%
CVE-2025-22911 MEDIUM POC This Month

RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formiNICbasicREP function. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Re11S Firmware
NVD GitHub
CVSS 3.1
5.6
EPSS
0.3%
CVE-2025-30967 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-29213 MEDIUM POC This Month

A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Java Jeewms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-3579 CRITICAL Act Now

In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Code Injection
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-3578 CRITICAL Act Now

A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-24297 CRITICAL Act Now

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Portal
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-2567 CRITICAL Act Now

An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-3612 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Demtec Graphytics 5.0.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Red Hat
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-30510 CRITICAL Act Now

An attacker can upload an arbitrary file instead of a plant image. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Portal
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-32946 MEDIUM POC This Month

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Peertube
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-32103 MEDIUM POC This Month

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Crushftp
NVD
CVSS 3.1
5.0
EPSS
1.6%
CVE-2025-3613 MEDIUM POC This Month

A vulnerability has been found in Demtec Graphytics 5.0.7 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-32911 CRITICAL PATCH Act Now

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2025-32102 MEDIUM POC This Month

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Crushftp
NVD
CVSS 3.1
5.0
EPSS
0.5%
CVE-2025-32428 CRITICAL PATCH Act Now

Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
9.0
EPSS
0.2%
CVE-2023-5616 MEDIUM POC PATCH This Month

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. Public exploit code available.

Authentication Bypass Ubuntu SSH Control Center Ubuntu Linux +2
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-26959 HIGH This Week

Missing Authorization vulnerability in Quý Lê 91 Administrator Z allows Privilege Escalation.03.24. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-26741 HIGH This Week

Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates allows Privilege Escalation.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy