Skip to main content
CVE-2025-32433 CRITICAL POC KEV PATCH THREAT Act Now

Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling, enabling unauthorized system access with CVSS 10.0.

RCE Authentication Bypass Erlang Otp Confd Basic Network Services Orchestrator +21
NVD GitHub
CVSS 3.1
10.0
EPSS
50.3%
Threat
6.5
CVE-2025-31201 CRITICAL POC KEV THREAT Emergency

Apple devices contain a vulnerability allowing attackers with arbitrary read/write to bypass Pointer Authentication Codes (PAC), addressed by removing the vulnerable code. Exploited alongside CVE-2025-31200.

Apple RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
Threat
5.0
CVE-2025-31200 CRITICAL POC KEV THREAT Emergency

Apple CoreAudio contains a memory corruption vulnerability exploitable through maliciously crafted audio streams in media files, enabling code execution. Exploited in extremely sophisticated targeted attacks in April 2025.

Apple Memory Corruption Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
Threat
5.0
CVE-2024-55372 CRITICAL POC Act Now

Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wallos
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2024-40071 CRITICAL POC Act Now

Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Online Id Generator System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-55371 CRITICAL POC Act Now

Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wallos
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2025-29709 CRITICAL POC Act Now

SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Company Website Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-29708 CRITICAL POC Act Now

SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Company Website Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-40073 CRITICAL POC Act Now

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Id Generator System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-40072 CRITICAL POC Act Now

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Id Generator System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-3693 HIGH POC This Week

A vulnerability was found in Tenda W12 3.0.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow W12 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
2.2%
CVE-2025-2073 HIGH POC This Week

Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Linux Chrome Os Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-3729 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0.php of the component Database Backup Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
4.9%
CVE-2025-28072 HIGH POC This Week

PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Pre School Enrollment System
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-53305 HIGH POC PATCH This Week

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection RCE Whoogle Search
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2025-3663 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513.cgi of the component Password Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
1.6%
CVE-2025-3668 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3675 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3667 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3666 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3727 MEDIUM POC This Month

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3726 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3725 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3724 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3723 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3683 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3682 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3681 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3680 MEDIUM POC This Month

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3679 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3678 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3674 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3665 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3664 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3694 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3690 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3689 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-1704 MEDIUM POC This Month

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Google Chrome Os +1
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-29710 MEDIUM POC This Month

SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Company Website Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-40068 MEDIUM POC This Month

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Id Generator System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-3495 CRITICAL Act Now

Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-1980 CRITICAL Act Now

The Ready_ application's Profile section allows users to upload files of any type and extension without restriction. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD
CVSS 4.0
9.4
EPSS
1.6%
CVE-2025-30215 CRITICAL PATCH GHSA Act Now

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Suse
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-39601 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion.4.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-27540 CRITICAL Act Now

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Telecontrol Server Basic
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-27539 CRITICAL Act Now

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Telecontrol Server Basic
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-27495 CRITICAL Act Now

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Telecontrol Server Basic
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-1981 CRITICAL Act Now

Improper neutralization of input provided by a low-privileged user into a file search functionality in Ready_'s Invoices module allows for SQL Injection attacks. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
9.4
EPSS
0.2%
CVE-2025-0756 CRITICAL Act Now

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure RCE
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2024-40069 MEDIUM POC This Month

Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Id Generator System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
Page 1 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy