Skip to main content
CVE-2025-29043 CRITICAL POC Act Now

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 823x Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-29042 CRITICAL POC Act Now

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 823x Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-29041 CRITICAL POC Act Now

An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 823x Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-29040 CRITICAL POC Act Now

An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 823x Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-29047 CRITICAL POC Act Now

Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Wifi Camppro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2025-29046 CRITICAL POC Act Now

Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Wifi Camppro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2025-29045 CRITICAL POC Act Now

Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Wifi Camppro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2025-29044 CRITICAL POC Act Now

Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow RCE R6100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2025-29662 CRITICAL POC Act Now

A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Landchat
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-53924 CRITICAL POC GHSA Act Now

Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system(. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Pycel
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-55211 HIGH POC This Week

An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tk Rt Wr135G Firmware
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-1290 HIGH POC This Week

A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption RCE Chrome Os Chrome
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-29039 HIGH POC This Week

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection D-Link Dir 823x Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
3.0%
CVE-2025-29458 HIGH POC This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mybb
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29457 HIGH POC This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mybb
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29461 HIGH POC This Week

An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF A Blogcms
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29459 HIGH POC This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mybb
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29452 HIGH POC This Week

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seo Panel
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29451 HIGH POC This Week

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seo Panel
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2024-13925 HIGH POC This Week

The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Klarna Checkout For Woocommerce
NVD WPScan
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-24752 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Reflected XSS.0.14. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
7.1
EPSS
2.4%
CVE-2025-25455 HIGH POC This Week

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-25454 HIGH POC This Week

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-25457 HIGH POC This Week

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-29661 HIGH POC This Week

Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Litepubl Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-55238 HIGH POC This Week

OpenMetadata <=1.4.1 is vulnerable to SQL Injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openmetadata
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-3762 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-29456 MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29453 MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29455 MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29454 MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29450 MEDIUM POC This Month

An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Twonav
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29449 MEDIUM POC This Month

An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Twonav
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-28101 MEDIUM POC This Month

{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flaskblog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29722 MEDIUM POC This Month

A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Commercify
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-56518 CRITICAL Act Now

Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Management Center
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2025-29015 MEDIUM POC This Month

Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-31340 CRITICAL Act Now

A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 4.0
9.9
EPSS
1.0%
CVE-2025-32660 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server.0.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2025-32682 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server.5.34. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2025-32583 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post allows Remote Code Inclusion.4.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2025-32652 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files.3.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2025-27282 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2025-39588 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-39551 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection.47. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-39550 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object Injection.2.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-32658 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-32572 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus allows Object Injection.5.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-27287 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz allows Object Injection.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-27286 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider allows Object Injection.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.4%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy