Skip to main content
CVE-2025-44867 MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
12.5%
CVE-2025-44866 MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
12.5%
CVE-2025-44865 MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
12.5%
CVE-2025-44864 MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
12.5%
CVE-2025-44862 MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44861 MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44846 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44838 MEDIUM POC This Month

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44837 MEDIUM POC This Month

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44836 MEDIUM POC This Month

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44854 MEDIUM POC This Month

TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44847 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
9.9%
CVE-2025-44863 MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44860 MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44848 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44845 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44844 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44842 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44841 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44840 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44839 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44843 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.8%
CVE-2025-44835 MEDIUM POC This Month

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 A2 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
6.4%
CVE-2025-4183 MEDIUM POC This Month

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4181 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4180 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4182 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4162 MEDIUM POC This Month

A vulnerability classified as critical was found in PCMan FTP Server up to 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4161 MEDIUM POC This Month

A vulnerability classified as critical has been found in PCMan FTP Server up to 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4160 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server up to 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4159 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server up to 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4158 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server up to 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4176 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank Donor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4174 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid19 Testing Management System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4164 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Employee Record Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4153 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4151 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Curfew E Pass Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4152 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Online Birth Certificate System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Birth Certificate System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-46566 MEDIUM POC This Month

DataEase is an open-source BI tool alternative to Tableau. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 4.0
6.8
EPSS
0.3%
CVE-2025-46631 MEDIUM POC This Month

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass Rx2 Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-46632 MEDIUM POC This Month

Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Rx2 Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-46630 MEDIUM POC This Month

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass Rx2 Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-46629 MEDIUM POC This Month

Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass Rx2 Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-46565 MEDIUM POC PATCH This Month

Vite is a frontend tooling framework for javascript. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Vite Red Hat
NVD GitHub
CVSS 4.0
6.0
EPSS
1.5%
CVE-2025-46567 MEDIUM POC PATCH This Month

LLama Factory enables fine-tuning of large language models. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available.

Deserialization Llama Factory
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-48906 MEDIUM POC This Month

Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail attachment name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Replyone
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-4175 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-4173 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4163 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Land Record System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4157 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Boat Booking System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy