Skip to main content
CVE-2013-10051 CRITICAL POC THREAT Emergency

A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.8%.

PHP Code Injection RCE Instantcms
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
75.8%
Threat
5.6
CVE-2013-10055 CRITICAL POC THREAT Emergency

An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.5%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
73.5%
Threat
5.6
CVE-2013-10061 HIGH POC THREAT Act Now

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.1%.

Netgear Command Injection Dgn1000B Firmware
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
73.1%
Threat
5.4
CVE-2013-10047 CRITICAL POC THREAT Emergency

An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.8%.

File Upload Microsoft Windows
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
61.8%
Threat
5.2
CVE-2013-10060 CRITICAL POC THREAT Emergency

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.0%.

Netgear Command Injection Dgn2200B Firmware
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
61.0%
Threat
5.2
CVE-2013-10048 CRITICAL POC THREAT Emergency

An OS command injection vulnerability exists in various legacy D-Link routers-including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)-due to improper input handling in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 59.8%.

Command Injection PHP D-Link Dir 300 Firmware Dir 600 Firmware
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
59.8%
Threat
5.2
CVE-2013-10050 HIGH POC THREAT Act Now

An OS command injection vulnerability exists in multiple D-Link routers-confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)-via the authenticated tools_vct.xgi CGI endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%.

Command Injection D-Link
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
61.9%
Threat
5.1
CVE-2013-10053 HIGH POC THREAT Act Now

A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 59.6%.

Command Injection
NVD GitHub
CVSS 4.0
8.7
EPSS
59.6%
Threat
5.0
CVE-2013-10057 HIGH POC THREAT Act Now

A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.1%.

Buffer Overflow RCE Code Injection
NVD Exploit-DB
CVSS 4.0
7.5
EPSS
61.1%
Threat
4.8
CVE-2013-10049 CRITICAL POC THREAT Emergency

An OS command injection vulnerability exists in multiple Raidsonic NAS devices-specifically tested on IB-NAS5220 and IB-NAS4220-via the unauthenticated timeHandler.cgi endpoint exposed through the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 51.4%.

Command Injection
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
51.4%
Threat
4.9
CVE-2013-10059 HIGH POC THREAT Act Now

An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.

Command Injection D-Link Dir 615H Firmware
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
50.8%
Threat
4.7
CVE-2013-10058 HIGH POC THREAT Act Now

An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.6%.

Command Injection Linksys RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
46.6%
Threat
4.6
CVE-2013-10063 MEDIUM POC THREAT This Month

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 47.8%.

Netgear Path Traversal
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
47.8%
Threat
4.3
CVE-2013-10062 MEDIUM POC THREAT This Month

A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.7%.

Linksys Path Traversal
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
42.7%
Threat
4.2
CVE-2013-10044 HIGH POC Act Now

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload SQLi Openemr
NVD GitHub Exploit-DB
CVSS 4.0
8.7
EPSS
4.3%
CVE-2012-10022 HIGH POC Act Now

Kloxo versions 6.1.12 and earlier contain two setuid root binaries-lxsuexec and lxrestart-that allow local privilege escalation from uid 48. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache
NVD GitHub Exploit-DB
CVSS 4.0
8.5
EPSS
1.4%
CVE-2013-10046 HIGH POC Act Now

A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Path Traversal
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
1.0%
CVE-2025-5947 CRITICAL POC Act Now

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-44139 HIGH POC This Week

Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Emlog
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-51501 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-51502 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-50870 CRITICAL Act Now

Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-45150 CRITICAL Act Now

Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Langchain Chatglm Webui
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2019-19144 CRITICAL Act Now

XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-8435 MEDIUM POC This Month

A vulnerability was found in code-projects Online Movie Streaming 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8434 MEDIUM POC This Month

A vulnerability was found in code-projects Online Movie Streaming 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8436 MEDIUM POC This Month

A vulnerability was found in projectworlds Online Admission System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8443 MEDIUM POC This Month

A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8442 MEDIUM POC This Month

A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8441 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8439 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8438 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8437 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8431 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-41375 CRITICAL Act Now

SQL Injection vulnerability in Limesurvey v2.65.1+170522. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Limesurvey
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-52390 CRITICAL Act Now

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-41374 HIGH This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-48074 MEDIUM POC PATCH This Month

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openexr Red Hat Suse
NVD GitHub
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-7443 HIGH This Week

The BerqWP - Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress PHP File Upload RCE
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-52327 HIGH This Week

SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

PHP SQLi Restaurant Order System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-32256 HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Linux
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-8472 HIGH This Week

Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Ilx 507 Firmware
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2025-7725 HIGH This Week

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery - Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-45767 HIGH This Week

jose v6.0.10 was discovered to contain weak encryption. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-6037 MEDIUM PATCH This Month

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Red Hat Suse
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-6014 MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-7845 MEDIUM This Month

The Stratum - Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8433 LOW POC Monitor

A vulnerability was found in code-projects Document Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell PHP Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-45778 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS The Language Sloth
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-19145 MEDIUM This Month

Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy