Skip to main content
CVE-2025-2011 HIGH POC THREAT Act Now

The Depicter Slider & Popup Builder WordPress plugin through version 3.6.1 contains an unauthenticated SQL injection via the 's' search parameter. The insufficient escaping allows attackers to append additional SQL queries, extracting the entire WordPress database without authentication.

WordPress SQLi PHP
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
52.4%
Threat
4.6
CVE-2025-45491 CRITICAL POC THREAT Emergency

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
11.9%
CVE-2025-4388 MEDIUM POC PATCH THREAT This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 25.1% and no vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
25.1%
CVE-2025-45488 CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
9.5%
CVE-2025-45487 CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-45490 CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-45489 CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-45492 CRITICAL POC Act Now

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Ex8000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2025-44073 CRITICAL POC Act Now

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-4355 HIGH POC This Week

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Dap 1520 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2025-4354 HIGH POC This Week

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Dap 1520 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2025-4356 HIGH POC This Week

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Dap 1520 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.8%
CVE-2025-2509 HIGH POC This Week

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Chrome Os Chrome
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-46728 HIGH POC PATCH This Week

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Denial Of Service Cpp Httplib Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2025-4332 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Company Visitor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-4314 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Advanced Web Store 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Web Store
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4361 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Company Visitor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4309 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Art Gallery Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4308 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Art Gallery Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4307 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Art Gallery Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4306 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Nipah Virus Testing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4304 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cyber Cafe Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4303 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Metapneumovirus Testing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4313 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Advanced Web Store 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Web Store
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4312 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Advanced Web Store 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Web Store
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4363 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0.php?action=end_membership. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4362 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4360 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4359 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4358 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Company Visitor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4311 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Content Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4301 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Content Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4300 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Content Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4331 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Student Clearance System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4357 MEDIUM POC This Month

A vulnerability was found in Tenda RX3 16.03.13.11_multi. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Rx3 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
7.0%
CVE-2025-0855 CRITICAL Act Now

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress PHP Deserialization
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2025-47419 CRITICAL Act Now

Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2025-44899 CRITICAL Act Now

There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Stack Overflow Rx3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-4340 MEDIUM POC This Month

A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 806 Firmware Dir 890L Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.4%
CVE-2025-4350 HIGH This Week

A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 600L Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
5.3%
CVE-2025-4349 HIGH This Week

A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 600L Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
5.3%
CVE-2025-40625 CRITICAL Act Now

Unrestricted file upload in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Gim
NVD
CVSS 4.0
9.3
EPSS
2.3%
CVE-2025-25014 CRITICAL PATCH Act Now

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution RCE Elastic Kibana
NVD
CVSS 3.1
9.1
EPSS
2.5%
CVE-2025-45250 MEDIUM POC This Month

MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (SSRF) in the validate_url function of the app_doc/utils.py file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mrdoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-46816 CRITICAL PATCH Act Now

goshs is a SimpleHTTPServer written in Go. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Suse
NVD GitHub
CVSS 3.0
9.4
EPSS
0.2%
CVE-2025-4041 CRITICAL Act Now

In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the system's components to perform OS command executions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-4329 MEDIUM POC This Month

A vulnerability was found in 74CMS up to 3.33.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal 74Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-40624 CRITICAL Act Now

SQL injection in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Gim
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-40623 CRITICAL Act Now

SQL injection in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Gim Android
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-40622 CRITICAL Act Now

SQL injection in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Gim
NVD
CVSS 4.0
9.3
EPSS
0.5%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy