Skip to main content
CVE-2013-10061 HIGH POC THREAT Act Now

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.1%.

Netgear Command Injection Dgn1000B Firmware
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
73.1%
Threat
5.4
CVE-2013-10050 HIGH POC THREAT Act Now

An OS command injection vulnerability exists in multiple D-Link routers-confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)-via the authenticated tools_vct.xgi CGI endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%.

Command Injection D-Link
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
61.9%
Threat
5.1
CVE-2013-10053 HIGH POC THREAT Act Now

A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 59.6%.

Command Injection
NVD GitHub
CVSS 4.0
8.7
EPSS
59.6%
Threat
5.0
CVE-2013-10057 HIGH POC THREAT Act Now

A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.1%.

Buffer Overflow RCE Code Injection
NVD Exploit-DB
CVSS 4.0
7.5
EPSS
61.1%
Threat
4.8
CVE-2013-10059 HIGH POC THREAT Act Now

An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.

Command Injection D-Link Dir 615H Firmware
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
50.8%
Threat
4.7
CVE-2013-10058 HIGH POC THREAT Act Now

An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.6%.

Command Injection Linksys RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
46.6%
Threat
4.6
CVE-2013-10044 HIGH POC Act Now

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload SQLi Openemr
NVD GitHub Exploit-DB
CVSS 4.0
8.7
EPSS
4.3%
CVE-2012-10022 HIGH POC Act Now

Kloxo versions 6.1.12 and earlier contain two setuid root binaries-lxsuexec and lxrestart-that allow local privilege escalation from uid 48. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache
NVD GitHub Exploit-DB
CVSS 4.0
8.5
EPSS
1.4%
CVE-2013-10046 HIGH POC Act Now

A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Path Traversal
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
1.0%
CVE-2025-44139 HIGH POC This Week

Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Emlog
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-41374 HIGH This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-7443 HIGH This Week

The BerqWP - Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress PHP File Upload RCE
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-52327 HIGH This Week

SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

PHP SQLi Restaurant Order System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-32256 HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Linux
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-8472 HIGH This Week

Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Ilx 507 Firmware
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2025-7725 HIGH This Week

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery - Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-45767 HIGH This Week

jose v6.0.10 was discovered to contain weak encryption. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54424 HIGH POC PATCH This Week

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Command Injection RCE 1panel Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-8480 HIGH This Month

Alpine iLX-507 Command Injection Remote Code Execution. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Path Traversal Ilx 507 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2025-8477 HIGH This Month

Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Ilx 507 Firmware
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2025-8476 HIGH This Month

Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ilx 507 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-8475 HIGH This Month

Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Ilx 507 Firmware
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2025-5999 HIGH PATCH This Month

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault Red Hat Suse
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-54595 HIGH This Month

Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-54593 HIGH POC PATCH This Month

FreshRSS is a free, self-hostable RSS aggregator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Freshrss
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-54564 HIGH This Month

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-2824 HIGH This Month

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Operational Decision Manager
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-51504 HIGH POC This Month

Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microweber
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-52361 HIGH This Month

Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-41373 HIGH POC This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gandia Integra Total
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41372 HIGH This Month

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
CVSS 4.0
8.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy