Skip to main content
CVE-2025-34028 CRITICAL POC KEV THREAT Emergency

Commvault Command Center Innovation Release allows unauthenticated remote code execution through path traversal in ZIP file upload handling, enabling malicious JSP deployment on the server.

RCE Path Traversal Commvault
NVD GitHub
CVSS 4.0
9.3
EPSS
63.2%
Threat
6.8
CVE-2025-28038 CRITICAL POC Act Now

TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200t Firmware TOTOLINK
NVD
CVSS 3.1
9.8
EPSS
8.2%
CVE-2025-28039 CRITICAL POC Act Now

TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200t Firmware TOTOLINK
NVD
CVSS 3.1
9.8
EPSS
7.5%
CVE-2025-28037 CRITICAL POC Act Now

TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A810R Firmware A950rg Firmware TOTOLINK
NVD
CVSS 3.1
9.8
EPSS
7.5%
CVE-2025-28036 CRITICAL POC Act Now

TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware A810R Firmware A800R Firmware A830R Firmware +3
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2025-28035 CRITICAL POC Act Now

TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware A3100R Firmware A810R Firmware A800R Firmware +3
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2025-28034 CRITICAL POC Act Now

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A800R Firmware A810R Firmware A830R Firmware A950rg Firmware +3
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2025-43946 CRITICAL POC Act Now

TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal File Upload Ddi
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2023-43958 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection File Upload Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2025-28024 CRITICAL POC Act Now

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A810R Firmware TOTOLINK
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-44752 CRITICAL POC Act Now

An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Student Study Center Desk Management System
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-44755 CRITICAL POC Act Now

Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sacco Management System
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-43951 CRITICAL Act Now

LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-37087 CRITICAL Act Now

A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-43949 CRITICAL Act Now

MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-40446 CRITICAL Act Now

An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Mimetex
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-32965 CRITICAL PATCH Act Now

xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-58250 CRITICAL Act Now

The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-1950 CRITICAL Act Now

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Hardware Management Console
NVD
CVSS 3.1
9.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy