Skip to main content
CVE-2013-10066 CRITICAL POC THREAT Emergency

An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.7%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
73.7%
Threat
5.7
CVE-2025-2611 CRITICAL POC THREAT Emergency

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 74.3% and no vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 4.0
9.3
EPSS
74.3%
Threat
5.6
CVE-2012-10027 CRITICAL POC THREAT Emergency

WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.7%.

WordPress PHP File Upload RCE
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
73.7%
Threat
5.6
CVE-2012-10026 CRITICAL POC THREAT Emergency

The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.5%.

WordPress PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
66.5%
Threat
5.5
CVE-2013-10064 CRITICAL POC THREAT Emergency

A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 63.8%.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
63.8%
Threat
5.3
CVE-2013-10070 CRITICAL POC THREAT Emergency

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 58.8%.

PHP Code Injection RCE
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
58.8%
Threat
5.3
CVE-2012-10033 CRITICAL POC THREAT Emergency

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.7%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
60.7%
Threat
5.2
CVE-2013-10069 CRITICAL POC THREAT Emergency

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%.

Command Injection PHP D-Link Dir 600 Firmware Dir 300 Firmware
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
71.7%
Threat
5.7
CVE-2012-10030 CRITICAL POC THREAT Emergency

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.1%.

Authentication Bypass RCE Microsoft Freefloat Ftp Server Windows
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
57.1%
Threat
5.1
CVE-2013-10068 CRITICAL POC THREAT Emergency

Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.7%.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB VulDB
CVSS 4.0
9.4
EPSS
54.7%
Threat
5.0
CVE-2012-10035 CRITICAL POC THREAT Emergency

Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.1%.

Buffer Overflow RCE
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
49.1%
Threat
5.0
CVE-2014-125113 CRITICAL POC THREAT Emergency

An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.4%.

Authentication Bypass Dell PHP File Upload
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
52.4%
Threat
4.9
CVE-2025-54253 CRITICAL POC KEV THREAT Emergency

Adobe Experience Manager versions 6.5.23 and earlier contain a misconfiguration vulnerability enabling unauthenticated remote code execution with changed scope (CVSS 10.0).

Authentication Bypass RCE Adobe Experience Manager Forms
NVD
CVSS 3.1
10.0
EPSS
12.8%
CVE-2012-10025 CRITICAL POC THREAT Emergency

The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.0%.

LFI PHP WordPress RCE
NVD WPScan Exploit-DB
CVSS 4.0
10.0
EPSS
46.0%
Threat
4.9
CVE-2013-10067 CRITICAL POC THREAT Emergency

Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.3%.

PHP File Upload RCE
NVD GitHub Exploit-DB
CVSS 4.0
9.4
EPSS
28.3%
Threat
4.2
CVE-2025-46658 CRITICAL This Week

An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Exonaut
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-50707 CRITICAL POC Act Now

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Thinkphp
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-50706 CRITICAL POC Act Now

An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Thinkphp
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-54987 CRITICAL PATCH This Week

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Apex One
NVD
CVSS 3.1
9.4
EPSS
0.8%
CVE-2025-54948 CRITICAL KEV PATCH THREAT Act Now

Trend Micro Apex One on-premise management console allows pre-authenticated remote attackers to upload malicious code and execute commands, enabling complete server compromise.

Command Injection Apex One
NVD
CVSS 3.1
9.4
EPSS
4.5%
CVE-2025-54982 CRITICAL This Week

An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-53417 CRITICAL This Week

DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-54802 CRITICAL POC PATCH Act Now

pyLoad is the free and open-source Download Manager written in pure Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Python RCE Path Traversal Pyload Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-54119 CRITICAL PATCH This Week

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy