CVE-2025-52089 is a critical remote code execution vulnerability in TOTOLINK N300RB firmware version 8.54, where a hidden remote support feature protected only by a static secret allows authenticated attackers to execute arbitrary OS commands with root privileges. While the CVSS 3.1 score of 8.8 reflects high severity, the attack vector is adjacent network (AV:A), limiting widespread exploitation to network-adjacent attackers. The vulnerability has not been publicly confirmed as actively exploited or included in CISA's Known Exploited Vulnerabilities (KEV) catalog, but the simplistic authentication mechanism (static secret) and hidden feature design suggest high exploitability once discovered.
CVE-2025-7460 is a critical buffer overflow vulnerability in the setWiFiAclRules function of TOTOLINK T6 routers (version 4.1.5cu.748_B20211015) that allows authenticated remote attackers to achieve code execution through malformed MAC address parameters in HTTP POST requests. The vulnerability has been publicly disclosed with proof-of-concept availability and poses immediate risk to deployed TOTOLINK T6 devices; exploitation requires valid credentials but no user interaction.
CVE-2025-7434 is a critical stack-based buffer overflow vulnerability in Tenda FH451 wireless routers (versions up to 1.0.0.9) affecting the POST request handler for the /goform/addressNat endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to overflow the stack, achieving arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability may be actively exploited in the wild.
CVE-2025-7423 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the WiFi MAC filter functionality. An authenticated attacker can remotely exploit this vulnerability by sending a malicious macList parameter to the /goform/setWrlFilterList endpoint, achieving arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit disclosure and may be actively exploited in the wild.
A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.
A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 firmware version 1.0.0.12(3880) in the MAC filter modification function. An authenticated remote attacker can exploit improper input validation of the 'mac' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit disclosure and demonstrates high real-world exploitability.
CVE-2025-7420 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the httpd component's WiFi configuration handler. An authenticated remote attacker can overflow the stack via the 'extChannel' parameter in the /goform/setWrlBasicInfo endpoint, achieving complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code has been disclosed and the vulnerability meets CVSS 8.8 severity criteria, indicating high real-world risk for affected router deployments.
CVE-2013-3307 is an OS command injection vulnerability in Linksys wireless routers (E1000, E1200, E3200) that allows unauthenticated remote attackers to execute arbitrary shell commands via unsanitized input in the ping_ip parameter of apply.cgi on port 52000. The vulnerability affects E1000 through v2.1.02, E1200 before v2.0.05, and E3200 through v1.0.04, with a CVSS score of 8.3 reflecting high severity. This vulnerability has known public exploits and represents a critical remote code execution risk on home/small business networking equipment with no authentication required.
A SSRF vulnerability in for WordPress is vulnerable to Server-Side Request Forgery in all (CVSS 7.2). High severity vulnerability requiring prompt remediation. Vendor patch is available.
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously respond. You could easily get 100 samples in a short amount of time (estimated 2 minutes), whereas passively doing the same could take hours or days. There are secondary effects that non-ratelimited traceroute does also allow a 2:1 reflected DoS of the network as well, but these concerns are less than the problem with positional confidentiality (other DoS routes exist). This vulnerability is fixed in 2.5.1.
CVE-2025-7503 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.
The Premium Age Verification / Restriction for WordPress plugin contains an insufficiently protected remote support functionality in remote_tunnel.php that allows unauthenticated attackers to read from or write to arbitrary files on affected servers. This critical vulnerability (CVSS 9.8) affects all versions up to and including 3.0.2, potentially enabling sensitive information disclosure or remote code execution without authentication. Given the critical CVSS score and network-accessible attack vector, this vulnerability should be treated as high priority pending confirmation of KEV status and active exploitation.
The GB Forms DB plugin for WordPress contains a critical unauthenticated Remote Code Execution vulnerability in the gbfdb_talk_to_front() function, affecting all versions up to 1.0.2. The vulnerability stems from unsanitized user input passed directly to call_user_func(), allowing attackers to execute arbitrary PHP code without authentication. This can be leveraged to inject backdoors, create administrative accounts, or achieve full server compromise.
The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2025-30026 is a critical authentication bypass vulnerability in AXIS Camera Station Server that allows unauthenticated remote attackers to completely compromise the system without requiring valid credentials. The flaw has a CVSS score of 9.8 with a CVSS vector indicating network-accessible, low-complexity exploitation requiring no privileges or user interaction, enabling attackers to achieve full confidentiality, integrity, and availability compromise. This vulnerability affects the AXIS Camera Station Server product line and represents an immediate and severe threat requiring emergency patching.
CVE-2025-50121 is an OS command injection vulnerability (CWE-78) in an unspecified product that allows unauthenticated remote attackers to achieve remote code execution by creating a malicious folder through the web interface when HTTP is enabled. With a CVSS 9.5 score and network-based attack vector requiring minimal complexity, this represents a critical vulnerability; however, real-world risk is substantially mitigated by the requirement that HTTP must be explicitly enabled (disabled by default). No active KEV status, EPSS data, or public POC availability has been confirmed from the provided intelligence.
CVE-2025-52950 is a Missing Authorization vulnerability in Juniper Networks Security Director that allows authenticated attackers to read and modify sensitive resources beyond their authorization level through the web interface. This affects Security Director version 24.4.1 and could enable lateral movement and compromise of downstream managed network devices. The vulnerability has a critical CVSS 9.6 score and represents a significant integrity and availability risk, though it requires valid credentials to exploit.
CVE-2025-7459 is a SQL injection vulnerability in code-projects Mobile Shop version 1.0, specifically in the /EditMobile.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with proof-of-concept code available, creating immediate risk for deployed instances. With a CVSS score of 7.3 and network-accessible attack vector, this poses significant risk to confidentiality, integrity, and availability of affected databases.
CVE-2025-7457 is a critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, affecting the /admin/manage_movie.php file's ID parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially compromising database confidentiality, integrity, and availability. Public disclosure and exploit availability elevate the risk profile significantly.
CVE-2025-7456 is a critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, affecting the /reserve.php file's ID parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the reservation database. Public exploit code is available, indicating active disclosure risk.
CVE-2025-7455 is a critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, specifically in the /manage_reserve.php file's 'mid' parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or service disruption. Public exploit disclosure and active exploitation potential significantly increase real-world risk despite the moderate CVSS 7.3 score.
CVE-2025-7454 is a critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, specifically in the /admin/manage_theater.php file where the ID parameter is not properly sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the theater reservation database. The exploit has been publicly disclosed and is actively exploitable with no authentication required.
CVE-2025-7436 is a critical SQL injection vulnerability in Campcodes Online Recruitment Management System version 1.0, affecting the /admin/ajax.php?action=delete_vacancy endpoint where the ID parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or system compromise. A proof-of-concept exploit has been publicly disclosed, increasing real-world exploitation risk.
CVE-2025-30023 is a critical remote code execution vulnerability in a client-server communication protocol that allows authenticated users to execute arbitrary code on affected systems. The flaw affects users with valid credentials who can access the affected service over an adjacent network segment, potentially compromising confidentiality, integrity, and availability across trust boundaries. While specific product details are limited in the provided data, this represents a high-severity risk requiring immediate patching, particularly if actively exploited or if public proof-of-concept code exists.
CVE-2025-52579 is a cleartext sensitive data storage vulnerability in Emerson ValveLink Products where cryptographic keys, credentials, or other sensitive information are retained unencrypted in process memory. An unauthenticated remote attacker can exploit this over the network with low complexity to extract sensitive data from memory dumps, core files, or crashed processes, potentially gaining unauthorized access to critical industrial control systems. The CVSS score of 9.4 reflects high confidentiality and integrity impact; however, KEV status, EPSS probability, and active exploitation data are not available in the provided sources, requiring real-time CISA monitoring for confirmation.
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern `<s_(.*?)>` which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.
CVE-2025-53475 is a SQL injection vulnerability in Advantech iView's NetworkServlet.getNextTrapPage() function that allows authenticated users to execute arbitrary SQL queries and potentially achieve remote code execution within the context of the 'nt authority\local service' account. The vulnerability requires valid user-level credentials but has a high CVSS score of 8.8 due to the combination of high confidentiality, integrity, and availability impact. No KEV or active exploitation data is provided, but the authenticated requirement and network accessibility make this a moderate-to-high priority for organizations deploying Advantech iView.
CVE-2025-50122 is a cryptographic entropy vulnerability (CWE-331) in password generation algorithms that allows attackers with access to installation or upgrade artifacts to reverse engineer and discover root passwords. This affects products using insufficient entropy in their root password generation during deployment phases. With a CVSS score of 8.9 and network-adjacent attack vector, this poses a critical risk to systems deployed in environments where installation artifacts may be accessible or retained. The vulnerability requires moderate attack complexity but no user interaction, making it viable for targeted attacks against infrastructure during or shortly after deployment.
A remote code execution vulnerability in Advantech iView that allows for SQL injection and remote code execution (CVSS 8.8) that allows for sql injection and remote code execution. High severity vulnerability requiring prompt remediation.
CVE-2025-52577 is a SQL injection vulnerability in Advantech iView's NetworkServlet.archiveTrapRange() method that allows authenticated users to execute arbitrary SQL queries and potentially achieve remote code execution (RCE) within the LocalService account context. The vulnerability affects Advantech iView and requires user-level authentication, making it a post-authentication attack vector with high severity (CVSS 8.8). While no public POC or KEV status confirmation is available in provided data, the combination of SQL injection leading to RCE on a privileged service account represents significant risk for organizations deploying this network management solution.
A security vulnerability in Order Delivery Date WordPress (CVSS 4.3). Risk factors: public PoC available.
CVE-2025-53641 is a Server-Side Request Forgery (SSRF) vulnerability in Postiz versions 1.45.1 through 1.62.2 that allows unauthenticated network attackers to inject arbitrary HTTP headers into the middleware pipeline, enabling unauthorized outbound requests from the affected server. With a CVSS score of 8.2 and network-accessible attack surface (AV:N/PR:N), this vulnerability poses significant risk to confidentiality of internal services and resources accessible from the server. The vulnerability is patched in version 1.62.3, and exploitation requires no user interaction or authentication, making it a high-priority remediation target.
CVE-2025-7029 is a critical SMRAM corruption vulnerability in software SMI handlers that allows local attackers with high privileges to achieve arbitrary memory writes and potential SMM privilege escalation. The vulnerability exists in SwSmiInputValue 0xB2 handler where attacker-controlled RBX register values are used to derive unvalidated pointers for power and thermal configuration operations. This affects firmware-level security boundaries and could enable complete system compromise, though exploitation requires elevated privileges and no public exploit code or active KEV exploitation has been reported at this time.
CVE-2025-7027 is a security vulnerability (CVSS 8.2) that allows a local attacker. High severity vulnerability requiring prompt remediation.
A privilege escalation vulnerability (CVSS 8.2) that allows a local attacker. High severity vulnerability requiring prompt remediation.
CVE-2025-30402 is a heap buffer overflow vulnerability in ExecuTorch's method loading mechanism that can cause runtime crashes and potentially enable arbitrary code execution. The vulnerability affects ExecuTorch versions prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f and requires user interaction (UI required per CVSS vector). With a CVSS score of 8.1 and remote attack vector, this represents a significant risk to applications embedding ExecuTorch, particularly those processing untrusted model files or executing remote inference requests.
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.
CVE-2025-30403 is a heap buffer overflow vulnerability in Meta's mvfst QUIC implementation that allows remote attackers without privileges to trigger memory corruption and cause denial of service or potentially read sensitive data from heap memory. The vulnerability affects mvfst versions prior to v2025.07.07.00 and requires user interaction (opening a malicious QUIC connection), with a high CVSS score of 8.1 reflecting the severity of memory safety issues, though KEV status and EPSS probability data are not currently available in public disclosures.
CVE-2025-30025 is a local privilege escalation vulnerability in the inter-process communication (IPC) protocol between a server process and its service control mechanism, caused by insecure deserialization (CWE-502). An authenticated local attacker with limited privileges can exploit this flaw to escalate to higher privileges, potentially gaining complete system compromise including confidentiality, integrity, and availability impact. While the CVSS score of 7.8 indicates high severity, the local attack vector and requirement for prior authentication mean this affects primarily multi-user systems or scenarios where an attacker has already gained initial local access.
CVE-2025-7028 is a critical privilege escalation vulnerability in Software SMI handlers that allows local authenticated attackers to achieve arbitrary read/write access to System Management RAM (SMRAM) through unchecked pointer dereference. The vulnerability affects firmware implementations using vulnerable SwSmiInputValue 0x20 handlers across multiple OEM platforms; attackers can corrupt firmware, exfiltrate SMRAM contents, or install persistent implants. With a CVSS score of 7.8 (High) and low attack complexity, this represents a significant firmware security risk, though exploitation requires local access and low privileges.
A command injection vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
CVE-2025-46358 is a local privilege escalation vulnerability in Emerson ValveLink products stemming from insufficient or missing cryptographic protection mechanisms (CWE-693). An unauthenticated local attacker can exploit this to achieve high-impact confidentiality and integrity violations without requiring user interaction. The vulnerability affects multiple ValveLink product versions and has a CVSS score of 7.7 (high severity) with local attack vector and low complexity.
CVE-2025-50109 affects Emerson ValveLink Products, which store sensitive information in cleartext within accessible resource locations, allowing local attackers without privileges to read confidential data. With a CVSS score of 7.7 and local attack vector, this vulnerability poses a significant confidentiality and integrity risk to industrial control system environments. The vulnerability's KEV status and actual exploitation likelihood should be confirmed with CISA and vendor advisories, as the high CVSS reflects substantial information exposure potential in proximity-based attack scenarios.
CVE-2025-48891 is a SQL injection vulnerability in Advantech iView's CUtils.checkSQLInjection() function that fails to properly sanitize user input, allowing authenticated attackers with user-level privileges to execute arbitrary SQL queries. This can lead to unauthorized information disclosure or denial-of-service conditions. The vulnerability requires network access and user authentication but has no UI interaction requirement, making it a significant risk for organizations using iView in multi-user environments.
A denial of service vulnerability (CVSS 7.5) that allows an attacker sending a bgp update with a specifically malformed as path. High severity vulnerability requiring prompt remediation.
A SQL injection vulnerability in WPGYM - Wordpress Gym Management System (CVSS 7.5). High severity vulnerability requiring prompt remediation.
A denial of service vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
A denial of service vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
Immich versions prior to 1.132.0 are vulnerable to account hijacking through OAuth2 state parameter validation bypass (CWE-303). An attacker can perform unauthorized account linkage by exploiting missing state parameter verification, allowing them to hijack victim accounts through crafted OAuth login URLs or hidden iframes embedded in malicious webpages. This vulnerability is particularly dangerous when OAuth providers are publicly accessible, and affected users can be compromised without direct interaction if the /user-settings redirect_uri is configured.
A remote code execution vulnerability in line card script processing of Juniper Networks Junos OS allows a local (CVSS 7.3). High severity vulnerability requiring prompt remediation.