Skip to main content
CVE-2025-44877 CRITICAL POC THREAT Emergency

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.5%
CVE-2025-44872 CRITICAL POC THREAT Emergency

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.5%
CVE-2024-13322 HIGH POC THREAT Act Now

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'a_id' parameter in all versions up to, and including, 4.88 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.6% and no vendor patch available.

WordPress SQLi Ads Pro
NVD
CVSS 3.1
7.5
EPSS
23.6%
CVE-2025-44868 CRITICAL POC Act Now

Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn530H4 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.9%
CVE-2025-45800 CRITICAL POC Act Now

TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2025-4210 MEDIUM POC PATCH This Month

A vulnerability classified as critical was found in Casdoor up to 1.811.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
2.9%
CVE-2025-4184 MEDIUM POC This Month

A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4195 MEDIUM POC This Month

A vulnerability was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4193 MEDIUM POC This Month

A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4192 MEDIUM POC This Month

A vulnerability was found in itsourcecode Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4214 MEDIUM POC This Month

A vulnerability was found in PHPGuruku Online DJ Booking Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Booking Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4213 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Online Birth Certificate System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Birth Certificate System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2605 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse.04 before V12.53 and MB-Secure PRO from V01.06. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Honeywell Mb Secure Firmware Mb Secure Pro Firmware
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2025-3746 CRITICAL Act Now

The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-3708 CRITICAL Act Now

Le-show medical practice management system from Le-yan has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Le Yan
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-2421 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-3927 CRITICAL Act Now

Digigram's PYKO-OUT audio-over-IP (AoIP) web-server does not require a password by default, allowing any attacker with the target IP address to connect and compromise the device, potentially pivoting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pyko Out
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-3709 CRITICAL Act Now

Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Agentflow
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-2812 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.04.2025 (DD.MM.YYYY). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-4191 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2024-55069 MEDIUM POC PATCH This Month

ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Ffmpeg
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-4197 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4196 MEDIUM POC This Month

A vulnerability was found in SourceCodester Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-47226 MEDIUM POC PATCH This Month

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Snipe It
NVD GitHub Exploit-DB
CVSS 3.1
5.0
EPSS
1.0%
CVE-2024-13418 HIGH This Week

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts() function in various versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload April Auteur +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2025-4218 MEDIUM POC This Month

A vulnerability was found in handrew browserpilot up to 0.2.51. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Browserpilot
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-11142 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-46723 HIGH PATCH This Week

OpenVM is a performant and modular zkVM framework built for customization and extensibility. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 4.0
7.8
EPSS
0.6%
CVE-2023-53053 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: erspan: do not use skb_mac_header() in ndo_start_xmit() Drivers should not assume skb_mac_header(skb) == skb->data in their. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53075 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37797 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53123 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53052 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37798 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-0427 HIGH This Week

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service 5th Gen Gpu Architecture Kernel Driver Bifrost Gpu Kernel Driver +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-21546 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1884 HIGH This Week

Use-After-Free vulnerability exists in the SLDPRT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1883 HIGH This Week

Out-Of-Bounds Write vulnerability exists in the OBJ file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53142 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ice: copy last block omitted in ice_get_module_eeprom() ice_get_module_eeprom() is broken since commit e9c9692c8a81 ("ice:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53111 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues do_req_filebacked() calls blk_mq_complete_request() synchronously or asynchronously when using. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53039 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Intel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53138 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: caif: Fix use-after-free in cfusbl_device_notify() syzbot reported use-after-free in cfusbl_device_notify() [1]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Google +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53116 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmet_req_complete() An nvme target ->queue_response() operation implementation may free the request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53106 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition This bug influences both st_nci_i2c_remove and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53084 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove another errant put in error path drm_gem_shmem_mmap() doesn't own reference in error code path, resulting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53081 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53077 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes [WHY] When PTEBufferSizeInRequests is zero, UBSAN reports the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Amd Memory Corruption Buffer Overflow Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53065 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53037 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash When the SAS Transport Layer support is enabled and a device exposed to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53107 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: veth: Fix use after free in XDP_REDIRECT Commit 718a18a0c8a6 ("veth: Rework veth_xdp_rcv_skb in order to accept non-linear skb"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy