Skip to main content
CVE-2025-28242 CRITICAL POC THREAT Emergency

Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.5% and no vendor patch available.

Information Disclosure Session Fixation
NVD GitHub
CVSS 3.1
9.8
EPSS
11.5%
CVE-2025-29209 CRITICAL POC Act Now

TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-53591 CRITICAL POC Act Now

An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Seclore
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-28229 CRITICAL POC Act Now

Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain Administrator privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Optimod 5950 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-29643 CRITICAL POC Act Now

An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Code Injection Croogo
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-28230 CRITICAL POC Act Now

Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded administrator credentials. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jmb0150 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-28232 CRITICAL POC Act Now

Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows attackers to access the Admin panel without authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Jmb0150 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-3786 HIGH POC This Week

A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-28228 HIGH POC This Week

A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows unauthorized attackers to access credentials in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fm Dab Tv Transmitter Web Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
6.3%
CVE-2025-25427 HIGH POC This Week

A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link XSS Wr841N Firmware
NVD GitHub
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-32389 HIGH POC PATCH This Week

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Nameless
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-29625 HIGH POC This Week

A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Astrolog
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-32442 HIGH POC PATCH This Week

Fastify is a fast and low overhead web framework, for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Fastify Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-29784 HIGH POC PATCH This Week

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nameless
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30357 HIGH POC PATCH This Week

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Nameless
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-31118 HIGH POC PATCH This Week

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Denial Of Service Nameless
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2025-30158 HIGH POC PATCH This Week

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Nameless
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2025-3790 MEDIUM POC This Month

A vulnerability classified as critical has been found in baseweb JSite 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apache Jsite
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-25984 MEDIUM POC This Month

An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass V380E6 C1 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-46089 MEDIUM POC This Month

74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE 74Cms
NVD GitHub
CVSS 3.1
6.3
EPSS
2.0%
CVE-2025-32796 MEDIUM POC PATCH This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-32795 MEDIUM POC This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32790 MEDIUM POC PATCH This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dify
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-29058 CRITICAL Act Now

An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Code Injection Qimou Cms
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2025-28236 CRITICAL Act Now

Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-29953 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client.1.1 when performing connections to untrusted servers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Deserialization Activemq Nms Openwire
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-28238 CRITICAL Act Now

Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-1863 CRITICAL Act Now

Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-32434 CRITICAL POC PATCH Act Now

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Deserialization Pytorch AI / ML
NVD GitHub
CVSS 4.0
9.3
EPSS
1.2%
CVE-2024-57493 MEDIUM POC PATCH This Month

An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Redox
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-41447 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencms
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-3783 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-39471 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pantherius Modal Survey.0.2.0.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2025-31120 MEDIUM POC PATCH This Month

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nameless
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3796 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2492 CRITICAL Act Now

An improper authentication control vulnerability exists in AiCloud. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.4%
CVE-2025-28231 CRITICAL Act Now

Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to execute arbitrary commands with Administrator privileges. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-28197 CRITICAL Act Now

Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Crawl4ai
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-3787 MEDIUM POC This Month

A vulnerability was found in PbootCMS 3.2.5. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Pbootcms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-28233 CRITICAL Act Now

Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version:. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-3792 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3.php?action=delall. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-3789 MEDIUM POC This Month

A vulnerability was found in baseweb JSite 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jsite
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-3788 MEDIUM POC This Month

A vulnerability was found in baseweb JSite 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jsite
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-3520 HIGH This Week

The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE Path Traversal
NVD
CVSS 3.1
8.1
EPSS
4.9%
CVE-2025-3795 MEDIUM POC This Month

A vulnerability was found in DaiCuo 1.3.13. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Daicuo
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.4%
CVE-2025-32792 HIGH PATCH This Week

SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.9%
CVE-2025-3785 HIGH This Week

A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Buffer Overflow Dwr M961 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.8%
CVE-2025-28237 HIGH This Week

An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-2162 MEDIUM POC This Month

The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mappress PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-32953 HIGH This Week

z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ubuntu
NVD GitHub
CVSS 3.1
8.7
EPSS
0.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy