LaRecipe versions prior to 2.8.1 contain a Server-Side Template Injection (SSTI) vulnerability that can lead to Remote Code Execution (RCE) in vulnerable configurations. The vulnerability allows unauthenticated network attackers to execute arbitrary commands on the server, access sensitive environment variables, and escalate privileges without requiring user interaction or special access. With a perfect CVSS 3.1 score of 10.0 and network-based attack vector, this represents a critical threat to all unpatched LaRecipe installations.
CVE-2025-50756 is a critical unauthenticated command injection vulnerability in the Wavlink WN535K3 router (firmware version 20191010) affecting the set_sys_adm function's newpass parameter. An unauthenticated remote attacker can execute arbitrary system commands with root privileges by sending a crafted request, enabling complete device compromise including data theft, malware installation, and lateral network movement. The CVSS 9.8 score reflects maximum severity; KEV status and active exploitation likelihood are elevated given the high exploitability characteristics (network-accessible, no authentication required, low attack complexity).
CVE-2025-7574 is a critical authentication bypass vulnerability in LB-LINK wireless router web interfaces affecting multiple models (BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, BL-WR9000) up to version 20250702. The vulnerability in the /cgi-bin/lighttpd.cgi reboot/restore functions allows unauthenticated remote attackers to achieve complete system compromise with high confidentiality, integrity, and availability impact (CVSS 9.8). A public exploit has been disclosed, the vendor has not responded to responsible disclosure efforts, and the attack requires no user interaction or special network conditions.
CVE-2025-7598 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router (version 1.0.0.1) affecting the WiFi MAC filter configuration endpoint. An authenticated remote attacker can exploit improper input validation in the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impacts). Public exploit code has been disclosed and the vulnerability may be actively exploited.
CVE-2025-7597 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router firmware (version 1.0.0.1) affecting the MAC filter configuration function. An authenticated attacker can remotely exploit this via the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). A public exploit has been disclosed and the vulnerability may be actively exploited.
A critical stack-based buffer overflow vulnerability exists in Tenda FH1205 firmware version 2.0.0.7(775) within the WifiExtraSet web form handler, triggered via the wpapsk_crypto parameter. This authenticated remote vulnerability allows attackers with user-level privileges to achieve complete system compromise including code execution, data theft, and device disruption. The vulnerability has public exploit disclosure and active exploitation potential, making it a high-priority security concern for deployed devices.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
CVE-2025-7551 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit improper input validation in the modino/username parameters to overflow the stack, achieving code execution with high confidentiality, integrity, and availability impact. A public proof-of-concept exists and the vulnerability may be actively exploited.
A critical buffer overflow vulnerability exists in UTT HiPER 840G devices up to version 3.1.1-190328, affecting the /goform/aspApBasicConfigUrcp endpoint's Username parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. Public proof-of-concept code is available, and the vendor has not responded to early disclosure attempts, indicating no official patch is available.
CVE-2025-7570 is a critical remote buffer overflow vulnerability in UTT HiPER 840G devices up to version 3.1.1-190328, affecting the /goform/aspRemoteApConfTempSend endpoint via the remoteSrcTemp parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public exploit exists and the vendor has not responded to early disclosure, indicating active exploitation risk.
WeGIA versions prior to 3.4.5 contain a SQL Injection vulnerability in the member deletion endpoint that allows authenticated users to execute arbitrary SQL commands via the `id_socio` parameter. This high-severity vulnerability (CVSS 8.8) compromises the confidentiality, integrity, and availability of the entire database. The vulnerability requires valid credentials to exploit but offers complete database compromise once authenticated.
A information disclosure vulnerability (CVSS 8.7). High severity vulnerability requiring prompt remediation.
CVE-2024-42646 is a segmentation fault vulnerability in NanoMQ v0.21.10 that allows unauthenticated remote attackers to trigger a denial of service condition by sending specially crafted messages. This is a network-accessible DoS vulnerability with high availability impact (CVSS 7.5) that affects message broker deployments. The vulnerability requires no authentication or user interaction, making it easily exploitable in production environments.
CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops during XMP file conversion operations. An unauthenticated attacker can trigger this vulnerability remotely by submitting a maliciously crafted XMP file, resulting in resource exhaustion and service unavailability. The vulnerability has a CVSS score of 7.5 (High) due to its network-exploitable nature and availability impact, though it does not affect confidentiality or integrity.
A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.
CVE-2025-7603 is a critical stack-based buffer overflow vulnerability in D-Link DI-8100 firmware version 16.07.26A1, affecting the HTTP Request Handler component (/jingx.asp file). An authenticated remote attacker with high privileges can exploit this vulnerability to achieve complete compromise of the device, including code execution, data theft, and denial of service. A public proof-of-concept exploit exists, increasing real-world exploitation risk.
CVE-2025-7602 is a critical stack-based buffer overflow vulnerability in D-Link DI-8100 firmware version 16.07.26A1 affecting the /arp_sys.asp HTTP endpoint. An authenticated remote attacker with high privileges can exploit this vulnerability to achieve arbitrary code execution, potentially compromising device integrity, confidentiality, and availability. Public exploit code is available, elevating real-world risk despite the CVSS 7.2 score.
Hard-coded credentials in LB-LINK BL-AC3600 firmware 1.0.22 allow local authenticated attackers to escalate privileges to full system compromise. The router firmware contains static credentials 'root:blinkadmin' in /etc/shadow, enabling any user with device access to gain root-level control. Publicly available exploit code demonstrates practical exploitation (POC confirmed via GitHub). Despite CVSS 7.1 and low EPSS score (0.03%, 6th percentile), this represents a complete device takeover for home/SOHO networks where physical or admin panel access exists. Vendor (LB-LINK) unresponsive to disclosure attempts, indicating no patch is forthcoming.
Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access
NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump basic user details (such as name, affiliation and email) in bulk. Version 3.3.7 fixes the issue. Owners of instances that allow everyone to create a user account, who wish to truly restrict access to these user details, should consider restricting user search to managers. As a workaround, it is possible to restrict access to the affected endpoints (e.g. in the webserver config), but doing so would break certain form fields which could no longer show the details of the users listed in those fields, so upgrading instead is highly recommended.
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `relatorio_geracao.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `tipo_relatorio` parameter. Version 3.4.5 has a patch for the issue.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `index.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `erro` parameter. Version 3.4.5 contains a patch for the issue.
CVE-2025-7451 is a critical OS Command Injection vulnerability in iSherlock (developed by Hgiga) that allows unauthenticated remote attackers to execute arbitrary operating system commands on vulnerable servers with no authentication required. The vulnerability has active in-the-wild exploitation, carries a maximum CVSS score of 9.8, and poses immediate risk to all exposed instances. Organizations running iSherlock must apply patches immediately.
CVE-2025-53639 is a critical SQL injection vulnerability in MeterSphere's API sorting functionality where the sortField parameter lacks proper input validation and sanitization. All versions prior to 3.6.5-lts are affected, allowing unauthenticated remote attackers to execute arbitrary SQL statements and completely compromise database integrity, availability, and confidentiality. This is a network-exploitable vulnerability with no authentication required and high real-world risk.
An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.
CVE-2025-53825 is a critical unauthenticated remote code execution vulnerability in Dokploy versions prior to 0.24.3, where attackers can execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This vulnerability affects all public Dokploy instances utilizing preview deployments and carries a CVSS score of 9.4 (Critical), with no authentication or user interaction required, making it immediately exploitable by any network-adjacent attacker.
CVE-2025-7587 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, affecting the /cover.php endpoint where uname and psw parameters are not properly sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to data exfiltration, authentication bypass, and database manipulation. The vulnerability has been publicly disclosed with working exploits available, making active exploitation highly probable in the wild.
CVE-2025-7576 is a critical improper access control vulnerability affecting Teledyne FLIR thermal imaging devices (FB-Series O and FH-Series) running firmware version 1.3.2.16 and earlier. An unauthenticated remote attacker can exploit the vulnerable /priv/production/production.html endpoint to gain unauthorized access with low complexity, potentially reading, modifying, or disrupting system availability. Public exploit code exists and the vendor has not responded to disclosure, increasing real-world exploitation risk.
PHPGurukul Hospital Management System 4.0 contains a critical SQL injection vulnerability in the /user-login.php file's Username parameter that allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with proof-of-concept code available, enabling unauthorized access to sensitive hospital patient data, user credentials, and potential system compromise. With a CVSS score of 7.3 and an attack vector requiring only network access and no authentication, this represents an immediate threat to healthcare organizations running affected versions.
A critical SQL injection vulnerability exists in code-projects Job Diary 1.0 via the ID parameter in /view-cad.php, allowing unauthenticated remote attackers to execute arbitrary SQL commands and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, and while the CVSS score is 7.3 (High), the unauthenticated attack vector and low complexity suggest active exploitation is likely. No patch has been confirmed available as of this analysis.
CVE-2025-7594 is a critical SQL injection vulnerability in code-projects Job Diary version 1.0 affecting the /view-emp.php endpoint's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with exploit code available, and the low attack complexity combined with network accessibility makes this a high-priority threat requiring immediate patching.
CVE-2025-7593 is a critical SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /view-all.php endpoint's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate sensitive data, modify records, or disrupt application availability. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate-to-high impact across confidentiality, integrity, and availability. This represents an active threat requiring immediate patching.
CVE-2025-7612 is a critical SQL injection vulnerability in code-projects Mobile Shop 1.0 affecting the /login.php file's email parameter, allowing remote unauthenticated attackers to execute arbitrary SQL queries and potentially extract or modify sensitive data. The vulnerability has been publicly disclosed with exploit code available, making it actively exploitable in the wild. With a CVSS score of 7.3 and demonstrated public PoC availability, this represents an immediate threat to deployments of this product.
CVE-2025-7611 is a critical SQL injection vulnerability in code-projects Wedding Reservation version 1.0, affecting the /global.php file's 'lu' parameter. Remote unauthenticated attackers can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, significantly increasing real-world exploitation risk.
CVE-2025-7610 is a critical SQL injection vulnerability in code-projects Electricity Billing System 1.0 affecting the password change functionality at /user/change_password.php. An unauthenticated remote attacker can inject arbitrary SQL commands through the new_password parameter to read, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation highly probable.
CVE-2025-7609 is a critical SQL injection vulnerability in code-projects Simple Shopping Cart 1.0 affecting the /register.php endpoint via the ruser_email parameter. An unauthenticated remote attacker can exploit this to read, modify, or delete database contents, potentially compromising user data and application integrity. Public exploit code exists, increasing real-world exploitation risk.
CVE-2025-7608 is a critical SQL injection vulnerability in code-projects Simple Shopping Cart 1.0 affecting the /userlogin.php endpoint's user_email parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept exploit code available, and while the CVSS score is 7.3 (moderate-to-high severity), the low attack complexity and lack of authentication requirements make this a high-priority exploit target for threat actors.
CVE-2025-7607 is a critical SQL injection vulnerability in code-projects Simple Shopping Cart 1.0 affecting the /Customers/save_order.php file, where the order_price parameter is improperly sanitized, allowing remote unauthenticated attackers to execute arbitrary SQL queries. The vulnerability has a public exploit disclosure and carries a CVSS score of 7.3 with demonstrated real-world exploitation potential, making it a high-priority security concern for affected deployments.
CVE-2025-7605 is a critical SQL injection vulnerability in code-projects AVL Rooms 1.0 affecting the /profile.php endpoint via the first_name parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or system compromise. Public exploit code is available and the vulnerability is likely to be actively exploited given its network-accessible nature, low attack complexity, and lack of authentication requirements.
CVE-2025-7606 is a critical SQL injection vulnerability in code-projects AVL Rooms 1.0 affecting the /city.php file, where the 'city' parameter is improperly sanitized, allowing remote unauthenticated attackers to execute arbitrary SQL queries. The vulnerability has a CVSS score of 7.3 (High) with confirmed public exploit disclosure and active exploitation potential, enabling attackers to read, modify, or delete database contents without authentication.
A arbitrary file access vulnerability in the component /admin/Backups.php of Mccms (CVSS 5.5) that allows attackers. Risk factors: public PoC available.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.