Skip to main content
CVE-2025-5600 CRITICAL POC Act Now

Buffer overflow in TOTOLINK EX1200T via setLanguageCfg. EPSS 0.52%. PoC available.

Buffer Overflow TP-Link Ex1200t Firmware TOTOLINK
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-4578 CRITICAL POC Act Now

SQL injection in File Provider WordPress plugin through 1.2.3. PoC available.

WordPress SQLi PHP File Provider
NVD WPScan
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-48935 CRITICAL POC PATCH Act Now

Deno versions 2.2.0 through 2.2.4 contain an authorization bypass vulnerability in SQLite database handling that allows attackers to circumvent read/write database permission checks via the SQL `ATTACH DATABASE` statement. An unauthenticated remote attacker can exploit this with no user interaction to gain unauthorized read and write access to protected databases, achieving high confidentiality and integrity impact. Patch is available in Deno 2.2.5.

Authentication Bypass SQLi Deno Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-5619 HIGH POC This Week

Critical stack-based buffer overflow vulnerability in Tenda CH22 version 1.0.0.1 affecting the /goform/addUserName endpoint's Password parameter handling. An authenticated remote attacker can exploit this flaw to achieve complete system compromise including unauthorized access, data modification, and denial of service. Public exploit code has been disclosed and the vulnerability is actionable with low attack complexity, making it a high-priority threat.

Buffer Overflow Ch22 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-5572 HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in D-Link DCS-932L camera firmware version 2.18.01 in the setSystemEmail function, allowing authenticated remote attackers to achieve complete system compromise (confidentiality, integrity, and availability). The vulnerability has been publicly disclosed with proof-of-concept code available, affecting end-of-life products no longer receiving vendor support.

Buffer Overflow D-Link Dcs 932l Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-5609 HIGH POC This Week

Critical buffer overflow vulnerability in Tenda AC18 router firmware version 15.03.05.05, exploitable via the /goform/AdvSetLanip endpoint's lanMask parameter. An authenticated remote attacker can trigger memory corruption leading to complete system compromise (confidentiality, integrity, availability). A public exploit proof-of-concept exists, and the vulnerability is likely being actively weaponized given disclosure status and CVSS 8.8 severity.

Buffer Overflow Ac18 Firmware Tenda
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-5608 HIGH POC This Week

Critical remote buffer overflow vulnerability in Tenda AC18 router firmware version 15.03.05.05, affecting the reboot timer configuration function. An authenticated attacker can exploit improper input validation on the 'rebootTime' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). Public exploit code exists and the vulnerability is actively exploitable with low attack complexity.

Buffer Overflow RCE Ac18 Firmware Tenda
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-5607 HIGH POC This Week

Critical buffer overflow vulnerability in Tenda AC18 router firmware version 15.03.05.05, affecting the PPTP user list management function accessible via /goform/setPptpUserList. An authenticated attacker can exploit this remotely to achieve remote code execution with high impact on confidentiality, integrity, and availability. A public exploit proof-of-concept exists, increasing real-world exploitation risk.

Buffer Overflow Ac18 Firmware Tenda
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-29093 HIGH POC This Week

CVE-2025-29093 is an unauthenticated file upload vulnerability in Motivian Content Management System v41.0.0 that allows remote attackers to execute arbitrary code through the Content/Gallery/Images component. The vulnerability has a CVSS score of 8.2 with high integrity impact, affecting confidentiality and code execution capabilities. No authentication is required (PR:N) and exploitation is trivial (AC:L), making this a critical threat to unpatched instances.

File Upload RCE Content Management System
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2025-5548 HIGH POC This Week

Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unauthenticated attackers to achieve arbitrary code execution or cause denial of service. The vulnerability has been publicly disclosed with working exploits available, and while the CVSS score of 7.3 indicates moderate severity, the combination of remote exploitability, lack of authentication requirements, and confirmed public disclosure elevates real-world risk significantly.

Buffer Overflow Ftp Denial Of Service Freefloat Ftp Server
NVD VulDB Exploit-DB
CVSS 3.1
7.3
EPSS
3.2%
CVE-2025-5601 HIGH POC PATCH This Week

A denial of service vulnerability in Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 (CVSS 7.8) that allows denial of service. Risk factors: public PoC available.

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-31134 HIGH POC PATCH This Week

FreshRSS versions prior to 1.26.2 suffer from an information disclosure vulnerability that allows unauthenticated remote attackers to enumerate server directories and infer installed software versions (such as PHP versions) without requiring privileges or user interaction. This information leakage can be weaponized for reconnaissance to identify additional attack surfaces. The vulnerability has a CVSS 3.1 score of 7.5 (High) with a network attack vector and no complexity barriers, making it trivially exploitable at scale.

PHP Information Disclosure Freshrss
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-5596 HIGH POC This Week

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0 affecting the REGET command handler, allowing unauthenticated remote attackers to achieve code execution or denial of service. The vulnerability has been publicly disclosed with proof-of-concept code available, and while CVSS 7.3 indicates moderate-to-high severity, the network-accessible attack vector (AV:N), lack of authentication requirements (PR:N), and confirmed public exploit code represent significant real-world risk for exposed FTP services.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5595 HIGH POC This Week

Critical buffer overflow vulnerability in the PROGRESS Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to achieve partial confidentiality, integrity, and availability impacts. The vulnerability affects FreeFloat FTP Server version 1.0 specifically, with a disclosed proof-of-concept exploit available in the public domain, indicating active interest in weaponization.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5594 HIGH POC This Week

Critical buffer overflow vulnerability in the SET Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to trigger memory corruption with potential for code execution or service disruption. The vulnerability has been publicly disclosed with exploit code available, increasing immediate risk of active exploitation in the wild. With a CVSS score of 7.3 and network-accessible attack vector requiring no privileges or user interaction, this represents a significant threat to any FTP infrastructure running the affected version.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5593 HIGH POC This Week

Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to trigger a denial of service or potentially achieve code execution. The vulnerability has a disclosed public exploit and may be actively exploited in the wild. With a CVSS score of 7.3 and network-accessible attack vector, this poses significant risk to any organization running the affected FTP server without immediate patching.

Buffer Overflow Ftp Denial Of Service Freefloat Ftp Server RCE
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5592 HIGH POC This Week

Critical buffer overflow vulnerability in the PASSIVE Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to cause denial of service and potentially achieve code execution with limited impact on confidentiality and integrity. The vulnerability has been publicly disclosed with working exploits available, making it an active threat to any organization still running this legacy FTP server software.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5551 HIGH POC This Week

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's SYSTEM Command Handler that allows unauthenticated remote attackers to achieve information disclosure, integrity violation, and service disruption. The vulnerability has been publicly disclosed with exploit code available, making it actively exploitable in real-world environments without requiring user interaction or elevated privileges.

Buffer Overflow Ftp Denial Of Service Freefloat Ftp Server RCE
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5550 HIGH POC This Week

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's PBSZ Command Handler that allows unauthenticated remote attackers to cause denial of service and potentially achieve code execution with low integrity and confidentiality impact. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk; however, the CVSS 7.3 score reflects limited scope and partial confidentiality/integrity impact rather than complete system compromise.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5549 HIGH POC This Week

Critical buffer overflow vulnerability in the PASV command handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to cause denial of service and potentially achieve code execution with limited impact on confidentiality and integrity. The vulnerability has been publicly disclosed with exploit code available, making it immediately actionable for threat actors. While the CVSS score of 7.3 reflects moderate severity, the combination of remote exploitability, public POC availability, and lack of authentication requirements positions this as a high-priority remediation target.

Buffer Overflow Ftp Denial Of Service RCE Freefloat Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5547 HIGH POC This Week

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0 affecting the CDUP (Change Directory Up) command handler, allowing unauthenticated remote attackers to achieve code execution or denial of service. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate-to-high severity with low attack complexity and no privileges required. This is a high-priority issue for organizations running legacy FTP infrastructure, particularly given the remote, unauthenticated attack vector and public exploit availability.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5553 HIGH POC This Week

A SQL injection vulnerability in A vulnerability classified as critical (CVSS 7.3). Risk factors: public PoC available.

PHP SQLi Rail Pass Management System
NVD GitHub VulDB Exploit-DB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5583 HIGH POC This Week

Critical SQL injection vulnerability in CodeAstro Real Estate Management System version 1.0, specifically in the /register.php file that allows unauthenticated remote attackers to inject arbitrary SQL commands. The vulnerability enables attackers to read, modify, or delete sensitive database information including user credentials, property listings, and financial records. Public exploit code is available and the vulnerability is likely being actively exploited in the wild, making immediate patching essential for all affected installations.

PHP SQLi Real Estate Management System RCE
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5581 HIGH POC This Week

Critical SQL injection vulnerability in CodeAstro Real Estate Management System version 1.0 affecting the /admin/index.php file, where the 'User' parameter is improperly validated before database queries. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially compromising data confidentiality, integrity, and availability. Public disclosure of this vulnerability significantly increases exploitation risk, and active exploitation should be anticipated.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5580 HIGH POC This Week

Critical SQL injection vulnerability in CodeAstro Real Estate Management System version 1.0, affecting the /login.php file's email parameter. An unauthenticated remote attacker can inject malicious SQL commands through the email input field to read, modify, or delete database records, potentially leading to unauthorized access, data exfiltration, and system compromise. The vulnerability has been publicly disclosed with proof-of-concept code available, creating significant real-world exploitation risk.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5578 HIGH POC This Week

PHPGurukul Dairy Farm Shop Management System version 1.3 contains a critical SQL injection vulnerability in the /sales-report-details.php file affecting the fromdate and todate parameters. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with working proof-of-concept code available, making active exploitation likely in the wild.

PHP SQLi Dairy Farm Shop Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5577 HIGH POC This Week

SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System version 1.3, specifically in the /profile.php file's mobilenumber parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit code available and carries a CVSS score of 7.3 (high severity), though the actual exploitability depends on database configuration and input filtering implementation.

PHP SQLi Dairy Farm Shop Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5576 HIGH POC This Week

Critical SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System version 1.3, specifically in the /bwdate-report-details.php file where the fromdate and todate parameters are inadequately sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The exploit has been publicly disclosed with proof-of-concept availability, indicating active exploitation risk.

PHP SQLi Dairy Farm Shop Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5579 HIGH POC This Week

A critical SQL injection vulnerability exists in PHPGurukul Dairy Farm Shop Management System version 1.3 within the /search-product.php endpoint, specifically in the 'productname' parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the database. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation a significant risk.

PHP SQLi Dairy Farm Shop Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5604 HIGH POC This Week

Critical SQL injection vulnerability in Campcodes Hospital Management System version 1.0, specifically in the /user-login.php file's Username parameter. This allows unauthenticated remote attackers to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or service disruption. The vulnerability has been publicly disclosed with exploit proof-of-concept available, and poses immediate risk to hospital operations and patient data confidentiality.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5603 HIGH POC This Week

Critical SQL injection vulnerability in Campcodes Hospital Management System version 1.0, affecting the /registration.php endpoint's full_name and username parameters. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of sensitive healthcare information. The vulnerability has been publicly disclosed with proof-of-concept code available, and exploitation requires no special privileges or user interaction.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5602 HIGH POC This Week

Critical SQL injection vulnerability in Campcodes Hospital Management System version 1.0 affecting the /admin/registration.php endpoint. An unauthenticated remote attacker can inject arbitrary SQL commands via the 'full_name' parameter, potentially leading to unauthorized data access, modification, or denial of service. The vulnerability has public exploit disclosure and demonstrates active exploitation risk in healthcare environments.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5599 HIGH POC This Week

Critical SQL injection vulnerability in PHPGurukul Student Result Management System version 1.3, exploitable through the emp1ctc parameter in /editmyexp.php. An unauthenticated remote attacker can manipulate this parameter to inject malicious SQL commands, potentially leading to unauthorized data access, modification, or deletion. With a publicly disclosed exploit and CVSS 7.3 rating reflecting network-based remote exploitation with low attack complexity and no authentication requirements, this vulnerability poses significant risk to exposed instances.

PHP SQLi Student Result Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5575 HIGH POC This Week

PHPGurukul Dairy Farm Shop Management System version 1.3 contains a critical SQL injection vulnerability in the /add-product.php file's productname parameter that allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with proof-of-concept code available, creating immediate risk for all exposed installations. With a CVSS score of 7.3 (High) and evidence of public disclosure, this vulnerability should be prioritized for remediation despite the moderate CVSS rating.

PHP SQLi Dairy Farm Shop Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5574 HIGH POC This Week

Critical SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System version 1.3, specifically in the /add-company.php file where the 'companyname' parameter is improperly sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to data theft, modification, or deletion. The exploit has been publicly disclosed and proof-of-concept code is available, significantly increasing real-world exploitation risk.

PHP SQLi Dairy Farm Shop Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5562 HIGH POC This Week

Critical SQL injection vulnerability in PHPGurukul Curfew e-Pass Management System 1.0 affecting the /admin/edit-category-detail.php endpoint. An unauthenticated remote attacker can manipulate the 'editid' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, and system disruption. The vulnerability has been publicly disclosed with proof-of-concept availability, making active exploitation highly likely.

PHP SQLi Curfew E Pass Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5561 HIGH POC This Week

Critical SQL injection vulnerability in PHPGurukul Curfew e-Pass Management System version 1.0, specifically in the /admin/view-pass-detail.php file where the 'viewid' parameter is not properly sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or denial of service. The vulnerability has been publicly disclosed with proof-of-concept code available, making it actively exploitable in the wild.

PHP SQLi Curfew E Pass Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5560 HIGH POC This Week

Critical SQL injection vulnerability in PHPGurukul Curfew e-Pass Management System version 1.0, where unsanitized input in the 'searchdata' parameter of /index.php allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with exploit code available, enabling attackers to extract sensitive data, modify records, or potentially execute system commands depending on database permissions and backend configuration. This represents an immediate threat to organizations using this system.

PHP SQLi Curfew E Pass Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-46341 HIGH POC PATCH This Week

Critical authentication bypass vulnerability in FreshRSS versions prior to 1.26.2 that allows authenticated attackers to impersonate any user, including administrators, by exploiting improper HTTP authentication header validation in reverse proxy configurations. Attackers with a valid account can craft requests leveraging CSRF token extraction via XPath scraping and spoofed Remote-User or X-WebAuth-User headers to gain unauthorized access and privilege escalate. The vulnerability requires moderate attack complexity (knowledge of target IP and admin username) but has high real-world impact due to the authentication bypass and privilege escalation chain.

CSRF Privilege Escalation Authentication Bypass Freshrss
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-32015 MEDIUM POC PATCH This Month

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `<iframe srcdoc>` attribute, which leads to cross-site scripting (XSS) by loading an attacker's UserJS inside `<script src>`. In order to execute the attack, the attacker needs to control one of the victim's feeds and have an account on the FreshRSS instance that the victim is using. An attacker can gain access to the victim's account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 contains a patch for the issue.

RCE XSS Debian Freshrss
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-31136 MEDIUM POC PATCH This Month

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting (XSS) issue that occurs in `f.php` when SVG favicons are downloaded from an attacker-controlled feed containing `<script>` tags inside of them that aren't sanitized, with the lack of CSP in `f.php` by embedding the malicious favicon in an iframe (that has `sandbox="allow-scripts allow-same-origin"` set as its attribute). An attacker needs to control one of the feeds that the victim is subscribed to, and also must have an account on the FreshRSS instance. Other than that, the iframe payload can be embedded as one of two options. The first payload requires user interaction (the user clicking on the malicious feed entry) with default user configuration, and the second payload fires instantly right after the user adds the feed or logs into the account while the feed entry is still visible. This is because of lazy image loading functionality, which the second payload bypasses. An attacker can gain access to the victim's account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 has a patch for the issue.

PHP RCE XSS Debian Freshrss
NVD GitHub
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-5606 MEDIUM POC This Month

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection Ac18 Firmware Tenda
NVD VulDB
CVSS 3.1
6.3
EPSS
1.5%
CVE-2025-46204 MEDIUM POC This Month

{id} endpoint.

Privilege Escalation Unifiedtransform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46203 MEDIUM POC This Month

{id} endpoint.

Privilege Escalation Unifiedtransform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-5573 MEDIUM POC This Month

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection Dcs 932l Firmware D-Link
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.7%
CVE-2025-5569 MEDIUM POC This Month

A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.

SQLi Ideacms
NVD VulDB
CVSS 3.1
6.3
EPSS
0.6%
CVE-2025-5571 MEDIUM POC This Month

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection Dcs 932l Firmware D-Link
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.6%
CVE-2025-5552 MEDIUM POC This Month

A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Deserialization Chestnutcms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5618 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5617 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy