Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.
Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems.
OS command injection vulnerability in the backup name field of Pandora ITSM 5.0.105 that results from improper neutralization of special elements (CWE-77). An authenticated attacker with high privileges can inject arbitrary OS commands through the backup name parameter, potentially achieving code execution with high confidentiality impact. The CVSS 7.0 score reflects the requirement for privileged access (PR:H), but the network-accessible attack vector (AV:N) and low attack complexity (AC:L) indicate this is a practical threat in enterprise environments where administrative accounts may be compromised or abused.
A remote code execution vulnerability in GeoServer (CVSS 9.9) that allows users. Risk factors: public PoC available. Vendor patch is available.
A SSRF vulnerability in A possible arbitrary file read and SSRF vulnerability (CVSS 7.5) that allows clients. Risk factors: EPSS 17% exploitation probability.
Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely with high impact to confidentiality, integrity, and availability. The vulnerability affects SharePoint environments where an authorized user can submit malicious serialized objects, bypassing input validation due to unsafe deserialization practices (CWE-502). While the attack requires valid credentials (PR:L), the network-accessible attack vector (AV:N), low attack complexity (AC:L), and high CVSS score of 8.8 indicate significant real-world risk, particularly in organizations with broad internal user bases or federated access.
Erxes versions prior to 1.6.1 contain a critical authentication bypass vulnerability where attackers can impersonate any user by injecting arbitrary values into the 'User' HTTP header, gaining unauthorized access to all GraphQL endpoints. This CWE-284 (Incorrect Access Control) flaw requires no authentication credentials, no user interaction, and can be exploited over the network with trivial complexity, resulting in complete compromise of confidentiality, integrity, and availability (CVSS 9.8). The vulnerability likely has active exploitation potential given the simplicity of the attack vector and the critical nature of authentication bypass flaws in widely-deployed platforms.
Windows Local Security Authority Subsystem Service (LSASS) contains an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service. Crashing or degrading LSASS disrupts all authentication and authorization on the affected Windows server, effectively taking the system offline.
Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at the /boafrm/formFilter endpoint. An authenticated remote attacker can exploit this vulnerability to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit code available, creating immediate risk for deployed devices.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the WiFi repeater configuration function. An authenticated remote attacker can exploit this vulnerability by sending a malicious POST request with an oversized Password parameter to /cgi-bin/cstecgi.cgi, achieving complete compromise of the device including arbitrary code execution. Public disclosure and proof-of-concept code availability significantly elevate real-world risk despite requiring authenticated access.
A critical buffer overflow vulnerability exists in TOTOLINK T10 firmware version 4.1.8cu.5207 in the setWiFiMeshName function of the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated remote attacker can overflow the device_name parameter to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, elevating real-world risk despite the requirement for authenticated access.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules function in the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated attacker can remotely exploit this vulnerability by manipulating the 'desc' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, elevating real-world exploitation risk despite requiring low-privilege authentication.
A critical stack-based buffer overflow vulnerability exists in Tenda FH1202 firmware version 1.2.0.14 within the /goform/VirtualSer endpoint's fromVirtualSer function, triggered by unsanitized 'page' parameter manipulation. An authenticated attacker can exploit this remotely to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit disclosure and proof-of-concept availability significantly elevate real-world exploitation risk.
A buffer overflow vulnerability in TOTOLINK EX1200T (CVSS 8.8). Risk factors: public PoC available.
Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and may be actively exploited in the wild.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formReflashClientTbl endpoint. An authenticated attacker can remotely exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability violations. Public exploit code has been disclosed, making this an active threat with demonstrated proof-of-concept availability.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formIpQoS endpoint. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The exploit has been publicly disclosed and proof-of-concept code is available, making this a high-priority threat for affected deployments.
Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST request handler in the /biurl_grou component. An authenticated attacker can remotely exploit this vulnerability to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. Public exploit code has been disclosed and the affected product is no longer maintained by D-Link, significantly increasing real-world risk.
Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST Request Handler's do_file function. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the affected product is end-of-life with no vendor support.
A critical stack-based buffer overflow vulnerability (CVE-2025-5934) exists in Netgear EX3700 wireless extenders up to version 1.0.0.88, affecting the sub_41619C function in the /mtd file. An authenticated attacker can remotely exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code is available, and while the affected product line is no longer supported by Netgear, immediate patching to version 1.0.0.98 is critical for active deployments.
Windows Standards-Based Storage Management Service contains an uncontrolled resource consumption vulnerability allowing unauthenticated network attackers to cause denial of service. The service manages storage operations and its disruption affects storage provisioning and management on Windows servers.
A arbitrary file access vulnerability (CVSS 8.8). Risk factors: public PoC available.
GeoServer contains a Server-Side Request Forgery (SSRF) vulnerability in the Demo request endpoint (TestWfsPost servlet) that allows unauthenticated network attackers to make arbitrary HTTP requests from the server when Proxy Base URL is not configured. This high-severity vulnerability (CVSS 7.5) affects GeoServer versions prior to 2.24.4 and 2.25.2, enabling attackers to access internal resources, cloud metadata endpoints, and potentially interact with backend systems.
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high privileges. The vulnerability affects Word processing functionality and requires no user interaction, making it a critical local privilege escalation vector. Without confirmed KEV status or public POC availability, real-world exploitation likelihood should be assessed against EPSS data and patch availability from Microsoft security advisories.
Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint environments where untrusted data is deserialized, enabling network-based code execution with high impact to confidentiality, integrity, and availability. While no public exploit code has been confirmed in open intelligence sources, the CVSS 8.8 rating and low attack complexity suggest this is a high-priority patch for all affected organizations.
Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). An attacker with local access can trigger the vulnerability through user interaction (opening a malicious file) to execute arbitrary code with the privileges of the Excel process, potentially achieving full system compromise. No KEV status, active exploitation data, or public POC availability was confirmed in the provided dataset, but the high CVSS score and local attack vector indicate this requires prompt patching.
Use-after-free vulnerability in Microsoft Office PowerPoint that allows an unauthenticated local attacker to execute arbitrary code with high integrity and confidentiality impact. The vulnerability requires user interaction (opening a malicious PowerPoint file) but no elevated privileges, making it accessible to standard user accounts. With a CVSS score of 7.8 and local attack vector, this represents a moderate-to-high severity risk for organizations where PowerPoint is widely deployed.
A SQL injection vulnerability in through 1.0.0 does not properly sanitise and escape a parameter (CVSS 7.5). Risk factors: public PoC available.
CVE-2025-46612 is an unrestricted file upload vulnerability in Airleader Master and Easy versions prior to 6.36 that allows authenticated administrators to execute arbitrary commands on the server via malicious JSP file uploads through the Panel Designer dashboard. While requiring high-privilege credentials (administrator login), the vulnerability is particularly dangerous due to weak default credentials and the ease of exploitation. No active KEV designation or widespread POC availability has been confirmed, but the straightforward attack vector and high impact make this a significant priority for organizations using affected versions.
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person.
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript.
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor).
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.
CVE-2025-1041 is a security vulnerability (CVSS 9.9) that allows an unauthorized remote command. Critical severity with potential for significant impact on affected systems.
A security vulnerability in the PCX image codec in QNX SDP (CVSS 9.8) that allows an unauthenticated attacker. Critical severity with potential for significant impact on affected systems.
Critical authentication bypass vulnerability affecting Energy Services products that use the G5DFR component, where default credentials allow unauthenticated remote attackers to gain full control and tamper with device outputs. The CVSS 9.9 score reflects the severe nature of this issue-no authentication required, network-accessible, with high integrity impact across system boundaries. This vulnerability poses an immediate threat to critical infrastructure and industrial control systems relying on Energy Services with G5DFR.
Critical deserialization of untrusted data vulnerability in LoftOcean CozyStay that enables object injection attacks. All versions before 1.7.1 are affected, allowing unauthenticated remote attackers to achieve complete system compromise (confidentiality, integrity, and availability impact) with no user interaction required. This is a network-exploitable vulnerability with CVSS 9.8 severity indicating maximum real-world risk.
Critical unauthenticated SQL injection vulnerability in DM Corporative CMS affecting the /modules/forms/collectform.asp endpoint via the 'codform' parameter, allowing remote attackers to execute arbitrary SQL commands without authentication. This vulnerability enables complete database compromise including data exfiltration, modification, and deletion with a CVSS score of 9.8. The exploitation likelihood depends on patch availability and active threat actor interest, though the network-accessible nature and lack of authentication requirements make this a severe priority for affected organizations.
Critical SQL injection vulnerability in DM Corporative CMS that allows unauthenticated remote attackers to execute arbitrary SQL commands through the 'cod' parameter in the /administer/node-selection/data.asp endpoint. This enables complete database compromise including unauthorized retrieval, creation, modification, and deletion of data. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this represents an extremely high-severity threat to all exposed instances; exploitation status and proof-of-concept availability should be verified against current KEV and EPSS data.
Critical SQL injection vulnerability in DM Corporative CMS affecting the /antcatalogue.asp endpoint's 'name' parameter, allowing unauthenticated remote attackers to execute arbitrary SQL commands with complete database compromise (retrieval, creation, modification, deletion). With a CVSS 9.8 score, zero authentication requirements, and network-accessible attack surface, this vulnerability represents an immediate and severe risk to all exposed instances; exploitation likelihood is extremely high given the straightforward injection point and lack of input validation.
A critical SQL injection vulnerability (CVE-2025-40654) exists in DM Corporative CMS affecting the /antbuspre.asp endpoint, where the 'name' and 'cod' parameters are not properly sanitized. This unauthenticated, network-accessible vulnerability allows remote attackers to execute arbitrary SQL commands, enabling complete database compromise including data exfiltration, modification, and destruction. With a CVSS 9.8 score and network-exploitable attack surface, this represents a critical production risk if DM Corporative CMS is internet-facing.
Privilege escalation vulnerability in RFC inbound processing that fails to enforce proper authorization checks for authenticated users, allowing attackers to escalate privileges and critically compromise application integrity and availability. The vulnerability affects authenticated users (PR:L) with network accessibility (AV:N) and has a critical CVSS score of 9.6; without access to KEV, EPSS, or POC data, assessment indicates high real-world risk due to the low attack complexity (AC:L) and cross-boundary impact (S:C) combined with authentication bypass in authorization logic.
Critical authentication bypass vulnerability in code-projects Laundry System 1.0 affecting the /data/ endpoint, allowing unauthenticated remote attackers to read, modify, and potentially disrupt system availability. The vulnerability has been publicly disclosed with exploit code available, and while CVSS 7.3 indicates moderate-to-high severity, the network-based attack vector (AV:N), lack of privilege requirement (PR:N), and absence of user interaction (UI:N) make this immediately exploitable in production environments. Active exploitation is likely given public POC availability and the ease of attack execution.
Critical improper authentication vulnerability in code-projects School Fees Payment System version 1.0 that allows unauthenticated remote attackers to bypass authentication controls and gain unauthorized access to the system. The vulnerability has been publicly disclosed with proof-of-concept exploitation details available, making it an active threat with high likelihood of real-world exploitation against educational institutions and payment processing systems.
Critical SQL injection vulnerability in code-projects Restaurant Order System 1.0 affecting the /order.php file, specifically the 'tabidNoti' parameter. Remote unauthenticated attackers can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, making active exploitation likely.
Critical SQL injection vulnerability in code-projects School Fees Payment System version 1.0, specifically in the /branch.php file's ID parameter, allowing remote unauthenticated attackers to execute arbitrary SQL commands. The vulnerability has been publicly disclosed with proof-of-concept exploitation available, and while the CVSS score is 7.3 (High), the unauthenticated network-accessible attack vector combined with confirmed public exploit disclosure indicates active exploitation risk. This affects all deployments of the vulnerable version without patches applied.
Critical SQL injection vulnerability in code-projects School Fees Payment System version 1.0, specifically in the /datatable.php file where the sSortDir_0 parameter is improperly sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially compromising confidentiality, integrity, and availability of the underlying database. The vulnerability has been publicly disclosed with exploit code available, indicating active exploitation risk.
A SQL injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.
In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.