Skip to main content
CVE-2013-10066 CRITICAL POC THREAT Emergency

An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.7%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
73.7%
Threat
5.7
CVE-2025-2611 CRITICAL POC THREAT Emergency

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 74.3% and no vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 4.0
9.3
EPSS
74.3%
Threat
5.6
CVE-2012-10027 CRITICAL POC THREAT Emergency

WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.7%.

WordPress PHP File Upload RCE
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
73.7%
Threat
5.6
CVE-2012-10026 CRITICAL POC THREAT Emergency

The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.5%.

WordPress PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
66.5%
Threat
5.5
CVE-2013-10064 CRITICAL POC THREAT Emergency

A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 63.8%.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
63.8%
Threat
5.3
CVE-2013-10070 CRITICAL POC THREAT Emergency

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 58.8%.

PHP Code Injection RCE
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
58.8%
Threat
5.3
CVE-2012-10033 CRITICAL POC THREAT Emergency

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.7%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
60.7%
Threat
5.2
CVE-2013-10069 CRITICAL POC THREAT Emergency

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%.

Command Injection PHP D-Link Dir 600 Firmware Dir 300 Firmware
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
71.7%
Threat
5.7
CVE-2012-10023 MEDIUM POC THREAT This Month

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.6%.

Buffer Overflow Stack Overflow RCE Freefloat Ftp Server
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
70.6%
Threat
5.0
CVE-2012-10030 CRITICAL POC THREAT Emergency

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.1%.

Authentication Bypass RCE Microsoft Freefloat Ftp Server Windows
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
57.1%
Threat
5.1
CVE-2013-10068 CRITICAL POC THREAT Emergency

Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.7%.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB VulDB
CVSS 4.0
9.4
EPSS
54.7%
Threat
5.0
CVE-2012-10035 CRITICAL POC THREAT Emergency

Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.1%.

Buffer Overflow RCE
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
49.1%
Threat
5.0
CVE-2014-125113 CRITICAL POC THREAT Emergency

An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.4%.

Authentication Bypass Dell PHP File Upload
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
52.4%
Threat
4.9
CVE-2025-54253 CRITICAL POC KEV THREAT Emergency

Adobe Experience Manager versions 6.5.23 and earlier contain a misconfiguration vulnerability enabling unauthenticated remote code execution with changed scope (CVSS 10.0).

Authentication Bypass RCE Adobe Experience Manager Forms
NVD
CVSS 3.1
10.0
EPSS
12.8%
CVE-2012-10028 HIGH POC THREAT Act Now

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 53.7%.

Command Injection RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
53.7%
Threat
4.8
CVE-2012-10031 HIGH POC THREAT Act Now

BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
53.0%
Threat
4.8
CVE-2012-10025 CRITICAL POC THREAT Emergency

The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.0%.

LFI PHP WordPress RCE
NVD WPScan Exploit-DB
CVSS 4.0
10.0
EPSS
46.0%
Threat
4.9
CVE-2012-10029 HIGH POC THREAT Act Now

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.6%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
46.6%
Threat
4.6
CVE-2012-10032 HIGH POC THREAT Act Now

Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.4%.

RCE XSS
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
44.4%
Threat
4.6
CVE-2013-10065 HIGH POC THREAT Act Now

A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.9%.

Denial Of Service Microsoft Multi Server
NVD
CVSS 4.0
8.7
EPSS
48.9%
Threat
4.7
CVE-2013-10067 CRITICAL POC THREAT Emergency

Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.3%.

PHP File Upload RCE
NVD GitHub Exploit-DB
CVSS 4.0
9.4
EPSS
28.3%
Threat
4.2
CVE-2012-10024 HIGH POC THREAT Act Now

XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 48.8%.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
48.8%
Threat
4.4
CVE-2012-10034 HIGH POC THREAT Act Now

ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.4%.

Path Traversal Clansphere
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
18.4%
CVE-2025-51628 HIGH POC This Week

Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54865 HIGH POC This Week

Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tilesheets
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-51060 MEDIUM POC This Month

An issue was discovered in CPUID cpuz.sys 1.0.5.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Cpuz Sys
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-51627 MEDIUM POC This Month

Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6207 HIGH PATCH This Week

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress RCE File Upload Wp Import Export Lite PHP
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-8537 LOW POC Monitor

A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.3%
CVE-2025-8549 LOW POC PATCH Monitor

A vulnerability was found in atjiu pybbs up to 6.0.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Brute Force Java
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-8548 LOW POC PATCH Monitor

A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic.java of the component Registered Email Handler. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-52237 MEDIUM This Month

An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sscms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-52078 MEDIUM This Month

File upload vulnerability in Writebot AI Content Generator SaaS React Template thru 4.0.0, allowing remote attackers to gain escalated privileges via a crafted POST request to the /file-upload. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-8295 MEDIUM This Month

The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8294 MEDIUM This Month

The Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-51857 MEDIUM This Month

The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-8535 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1.js of the component xrb URL Handler. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-8555 LOW POC PATCH Monitor

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-8551 LOW POC PATCH Monitor

A vulnerability was found in atjiu pybbs up to 6.0.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-8550 LOW POC PATCH Monitor

A vulnerability was found in atjiu pybbs up to 6.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS
NVD GitHub VulDB Exploit-DB
CVSS 4.0
1.9
EPSS
0.3%
CVE-2025-8554 LOW POC PATCH Monitor

A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8553 LOW POC PATCH Monitor

A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8552 LOW POC PATCH Monitor

A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8586 LOW POC Monitor

A vulnerability, which was classified as problematic, was found in libav up to 12.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8585 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in libav up to 12.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8584 LOW POC Monitor

A vulnerability classified as problematic was found in libav up to 12.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8540 LOW POC Monitor

A vulnerability was found in Portabilis i-Educar 2.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8539 LOW POC Monitor

A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8538 LOW POC Monitor

A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8545 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy