Skip to main content
CVE-2025-27007 CRITICAL POC THREAT Emergency

The SureTriggers WordPress plugin through version 1.0.82 contains a privilege escalation vulnerability that allows unauthenticated attackers to elevate their access to administrator level. This is a separate, broader vulnerability than the earlier CVE-2025-3102, affecting more installations since it works even on configured instances.

Privilege Escalation
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
84.0%
Threat
6.0
CVE-2024-48905 CRITICAL POC Act Now

Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Replyone
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-4147 HIGH POC This Week

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Ex6200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-4146 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Ex6200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-4145 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Ex6200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-4150 HIGH POC This Week

A vulnerability was found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Ex6200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-4149 HIGH POC This Week

A vulnerability was found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Ex6200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-4148 HIGH POC This Week

A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Ex6200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-44867 MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
12.5%
CVE-2025-44866 MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
12.5%
CVE-2025-44865 MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
12.5%
CVE-2025-44864 MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
12.5%
CVE-2025-44862 MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44861 MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44846 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44838 MEDIUM POC This Month

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44837 MEDIUM POC This Month

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44836 MEDIUM POC This Month

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44854 MEDIUM POC This Month

TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-46627 HIGH POC This Week

Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Rx2 Pro Firmware
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2025-44847 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
9.9%
CVE-2025-46633 HIGH POC This Week

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Rx2 Pro Firmware
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-46634 HIGH POC This Week

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Rx2 Pro Firmware
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-44863 MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44860 MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44848 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44845 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44844 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44842 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44841 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44840 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44839 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44843 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.8%
CVE-2025-46568 HIGH POC This Week

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Stirling Pdf
NVD GitHub
CVSS 4.0
7.7
EPSS
0.3%
CVE-2025-44835 MEDIUM POC This Month

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 A2 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
6.4%
CVE-2024-48907 HIGH POC This Week

Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Replyone
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-46628 HIGH POC This Week

Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass Rx2 Pro Firmware
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2025-46626 HIGH POC This Week

Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Rx2 Pro Firmware
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-46635 HIGH POC This Week

An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass Rx2 Pro Firmware
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-4183 MEDIUM POC This Month

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4181 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4180 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4182 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4162 MEDIUM POC This Month

A vulnerability classified as critical was found in PCMan FTP Server up to 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4161 MEDIUM POC This Month

A vulnerability classified as critical has been found in PCMan FTP Server up to 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4160 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server up to 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4159 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server up to 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4158 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server up to 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4176 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank Donor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4174 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid19 Testing Management System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.3%
Page 1 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy