Skip to main content
CVE-2025-45798 CRITICAL POC Act Now

A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-45797 CRITICAL POC Act Now

TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A950rg Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-45841 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-45790 CRITICAL POC Act Now

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3100R Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-45789 CRITICAL POC Act Now

TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3100R Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-45788 CRITICAL POC Act Now

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3100R Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-45787 CRITICAL POC Act Now

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3100R Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-45846 HIGH POC This Week

ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsindex parameter in the formBTClinetSetting function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Aip W512 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-45845 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45844 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45843 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45842 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45847 MEDIUM POC This Month

ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPMac parameter in the formWsc function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Aip W512 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-51295 MEDIUM POC This Month

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Event Booking Calendar
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-45820 MEDIUM POC This Month

Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Senayan Library Management System Bulian
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-45819 MEDIUM POC This Month

Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Senayan Library Management System Bulian
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-45818 MEDIUM POC This Month

Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Senayan Library Management System Bulian
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-29813 CRITICAL Act Now

Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Devops
NVD
CVSS 3.1
10.0
EPSS
1.8%
CVE-2024-11186 CRITICAL Act Now

On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-0505 CRITICAL Act Now

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-31585 CRITICAL Act Now

Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-26845 CRITICAL Act Now

An Eval Injection issue was discovered in Znuny through 7.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Znuny
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-26844 CRITICAL Act Now

An issue was discovered in Znuny through 7.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Znuny
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-51328 MEDIUM POC This Month

PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cleaning Business Software
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-27720 CRITICAL Act Now

The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-4441 HIGH This Week

A vulnerability was found in D-Link DIR-605L 2.13B01. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Buffer Overflow Dir 605l Firmware
NVD VulDB GitHub
CVSS 4.0
8.7
EPSS
0.9%
CVE-2025-27578 HIGH This Week

Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-6648 HIGH This Week

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ap Pagebuilder
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-8100 HIGH This Week

On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2025-3758 HIGH This Week

WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-4098 HIGH This Week

Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-37822 HIGH PATCH This Week

A vulnerability in the Linux kernel's RISC-V architecture implementation causes incorrect execution of uprobes due to missing instruction cache flushing after building the XOL (execute out-of-line) buffer. This affects Linux kernel versions from 6.4 up to 6.15-rc3 on RISC-V systems, potentially allowing local attackers with low privileges to gain complete system compromise through code execution, information disclosure, or denial of service. The vulnerability has a low EPSS score of 0.07% indicating minimal real-world exploitation activity currently.

Linux RCE Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37810 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37823 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37803 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1331 HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Cics Tx
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1330 HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption IBM Buffer Overflow RCE Cics Tx
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1329 HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption IBM Buffer Overflow RCE Cics Tx
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1948 HIGH PATCH This Week

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jetty Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-13793 HIGH This Week

The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Code Injection Wolmart
NVD
CVSS 3.1
7.3
EPSS
1.3%
CVE-2025-26847 HIGH This Week

An issue was discovered in Znuny before 7.1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Znuny
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26842 HIGH This Week

An issue was discovered in Znuny through 7.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Znuny
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-9448 HIGH This Week

On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-3419 HIGH PATCH This Week

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-13009 HIGH PATCH This Week

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jetty Red Hat Suse
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-37825 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no transport configured yet,. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-1252 MEDIUM This Month

Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Connext Professional
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-44023 MEDIUM This Month

An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the account_mgr.cgi->cgi_chg_admin_pw components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-3862 MEDIUM PATCH This Month

Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Contest Gallery PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3468 MEDIUM This Month

The NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and form_fields parameters in all versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Nex Forms PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy