Skip to main content
CVE-2025-5447 MEDIUM POC This Month

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re6250 Firmware Re6300 Firmware Re7000 Firmware Re9000 Firmware +2
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
2.0%
CVE-2025-5438 MEDIUM POC This Month

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re9000 Firmware Re6250 Firmware Re6300 Firmware Re6350 Firmware +2
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.8%
CVE-2025-5445 MEDIUM POC This Month

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re9000 Firmware Re7000 Firmware Re6500 Firmware Re6350 Firmware +2
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.6%
CVE-2025-5444 MEDIUM POC This Month

A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re9000 Firmware Re6500 Firmware Re6300 Firmware Re6250 Firmware +2
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.6%
CVE-2025-5443 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re9000 Firmware Re6500 Firmware Re6350 Firmware Re7000 Firmware +2
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.6%
CVE-2025-5446 MEDIUM POC This Month

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re7000 Firmware Re6250 Firmware Re6350 Firmware Re6300 Firmware +2
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.2%
CVE-2025-5442 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re6350 Firmware Re7000 Firmware Re6250 Firmware Re6500 Firmware +2
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.2%
CVE-2025-5441 MEDIUM POC This Month

A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re9000 Firmware Re6250 Firmware Re6300 Firmware Re7000 Firmware +2
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.2%
CVE-2025-20001 MEDIUM POC This Month

An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.

Buffer Overflow Information Disclosure Fontcreator
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5440 MEDIUM POC This Month

A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re7000 Firmware Re9000 Firmware Re6300 Firmware Re6500 Firmware +2
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.1%
CVE-2025-5439 MEDIUM POC This Month

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Re6350 Firmware Re6500 Firmware Re7000 Firmware Re6250 Firmware +2
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.1%
CVE-2025-44172 MEDIUM POC This Month

Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.

Buffer Overflow Stack Overflow Ac6 Firmware Tenda
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-40113 MEDIUM POC This Month

A security vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before (CVSS 6.5). Risk factors: public PoC available.

Information Disclosure Wlx 2006 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5430 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Assamlook Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5429 MEDIUM POC This Month

A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5428 MEDIUM POC This Month

A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5427 MEDIUM POC This Month

A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5426 MEDIUM POC This Month

A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5425 MEDIUM POC This Month

A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5424 MEDIUM POC This Month

A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5423 MEDIUM POC This Month

A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5421 MEDIUM POC This Month

A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5432 MEDIUM POC This Month

A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Assamlook Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-5431 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Assamlook Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-40114 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.

XSS Wlx 2006 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-40112 MEDIUM POC This Month

A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.

PHP LFI Information Disclosure Wlx 2006 Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-48958 MEDIUM POC PATCH This Month

Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.

XSS Debian Froxlor
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-44115 MEDIUM POC This Month

A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.

PHP XSS Cotonti Siena
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-1485 MEDIUM POC PATCH This Month

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

WordPress XSS Wordpress Real Cookie Banner PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-5422 MEDIUM POC This Month

A security vulnerability in juzaweb CMS (CVSS 4.3). Risk factors: public PoC available.

Information Disclosure Cms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-3951 MEDIUM POC PATCH This Month

The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.

WordPress SQLi Wp Optimize PHP
NVD WPScan
CVSS 3.1
4.1
EPSS
0.1%
CVE-2024-7074 MEDIUM PATCH This Month

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.

File Upload RCE
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2025-46806 MEDIUM PATCH This Month

A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.

Denial Of Service Memory Corruption Ubuntu Debian Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-48995 MEDIUM PATCH This Month

A security vulnerability in SignXML (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

Python Information Disclosure Ubuntu Debian
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-48994 MEDIUM PATCH This Month

A security vulnerability in SignXML (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

Python Information Disclosure Ubuntu Debian
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-27954 MEDIUM This Month

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.

RCE Command Injection Clinical Collaboration Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-27955 MEDIUM This Month

Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.

RCE Clinical Collaboration Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-27953 MEDIUM This Month

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.

RCE Command Injection Clinical Collaboration Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7073 MEDIUM PATCH This Month

A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem. Exploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product.

Information Disclosure SSRF Authentication Bypass Open Banking Km Open Banking Iam +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-47585 MEDIUM This Month

Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23104 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung Memory Corruption Exynos 2200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20678 MEDIUM This Month

In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.

Denial Of Service Lr13 Lr12a Nr17 Nr15 +2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-3919 MEDIUM This Month

The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page. The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-47289 MEDIUM PATCH This Month

CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner (admin) approves the testimonial, the script executes in the context of any user visiting the testimonial page. Because the session cookies are not marked with the `HttpOnly` flag, they can be exfiltrated by the attacker - potentially leading to account takeover. Version 1.1.0.3 fixes the issue.

XSS Ce Phoenix Cart
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-5433 MEDIUM This Month

A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manipulation of the argument tz_offset leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Microsoft PHP SQLi
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-48955 MEDIUM PATCH This Month

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue.

Information Disclosure
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-37094 MEDIUM PATCH This Month

A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.

Path Traversal Storeonce System
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2025-20677 MEDIUM This Month

In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412256; Issue ID: MSV-3284.

Null Pointer Dereference Denial Of Service Nbiot Sdk
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20676 MEDIUM This Month

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412240; Issue ID: MSV-3293.

Null Pointer Dereference Denial Of Service Nbiot Sdk
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20675 MEDIUM This Month

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-3302.

Null Pointer Dereference Denial Of Service Mt7927 Firmware Mt7902 Firmware Mt7925 Firmware +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy