Skip to main content
CVE-2025-45042 CRITICAL POC THREAT Emergency

Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Command Injection Tenda Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
14.8%
CVE-2024-57235 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57234 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57233 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57232 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57231 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57230 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57229 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-44071 CRITICAL POC Act Now

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2025-45616 CRITICAL POC Act Now

Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Brcc
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-45615 CRITICAL POC Act Now

Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Yaoqishan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-45611 CRITICAL POC Act Now

Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hope Boot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-45612 CRITICAL POC Act Now

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xmall
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-45607 CRITICAL POC Act Now

An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Itranswarp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-44074 CRITICAL POC Act Now

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-44072 CRITICAL POC Act Now

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-45238 CRITICAL POC Act Now

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Foxcms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2025-45322 HIGH POC This Week

kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Service Management Portal
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45321 HIGH POC This Week

kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Service Management Portal
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-46335 HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google XSS Apple Mobile Security Framework +3
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-28062 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Privilege Escalation Erpnext
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-46726 HIGH POC PATCH This Week

Langroid is a framework for building large-language-model-powered applications. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Langroid
NVD GitHub
CVSS 4.0
7.8
EPSS
0.4%
CVE-2025-4255 MEDIUM POC This Month

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB Exploit-DB
CVSS 4.0
6.9
EPSS
4.4%
CVE-2025-45610 HIGH POC This Week

Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Passjava
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-45614 HIGH POC This Week

Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass One
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-45613 HIGH POC This Week

Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Shiro Action
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-45609 HIGH POC This Week

Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kob
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-45608 HIGH POC This Week

Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xinguan
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-45237 HIGH POC This Week

Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dbsyncer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-45617 HIGH POC This Week

Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Production Ssm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-4290 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4289 MEDIUM POC This Month

A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4288 MEDIUM POC This Month

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4254 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4270 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-4269 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical.cgi of the component Log Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4297 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Men Salon Management System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4268 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4283 MEDIUM POC This Month

A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical.php?f=login. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Stock Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4266 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Notice Board System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4265 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emergency Ambulance Hiring Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4264 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emergency Ambulance Hiring Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4263 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Booking Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4262 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Booking Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4271 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-46730 MEDIUM POC PATCH This Month

MobSF is a mobile application security testing tool used. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Mobile Security Framework
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2025-47268 MEDIUM POC PATCH This Month

ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2025-25504 MEDIUM POC This Month

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gefen Webfwc
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2025-26241 MEDIUM POC This Month

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Osticket
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-45618 MEDIUM POC This Month

Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jeeweb Mybatis Springboot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy