Skip to main content
CVE-2012-10028 HIGH POC THREAT Act Now

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 53.7%.

Command Injection RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
53.7%
Threat
4.8
CVE-2012-10031 HIGH POC THREAT Act Now

BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
53.0%
Threat
4.8
CVE-2012-10029 HIGH POC THREAT Act Now

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.6%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
46.6%
Threat
4.6
CVE-2012-10032 HIGH POC THREAT Act Now

Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.4%.

RCE XSS
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
44.4%
Threat
4.6
CVE-2013-10065 HIGH POC THREAT Act Now

A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.9%.

Denial Of Service Microsoft Multi Server
NVD
CVSS 4.0
8.7
EPSS
48.9%
Threat
4.7
CVE-2012-10024 HIGH POC THREAT Act Now

XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 48.8%.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
48.8%
Threat
4.4
CVE-2012-10034 HIGH POC THREAT Act Now

ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.4%.

Path Traversal Clansphere
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
18.4%
CVE-2025-51628 HIGH POC This Week

Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54865 HIGH POC This Week

Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tilesheets
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-6207 HIGH PATCH This Week

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress RCE File Upload Wp Import Export Lite PHP
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-53534 HIGH PATCH This Month

RatPanel is a server operation and maintenance management panel. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.7%
CVE-2025-7674 HIGH This Month

Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-54254 HIGH POC This Month

Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Adobe Experience Manager Forms
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-43978 HIGH This Month

Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-43979 HIGH This Month

An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-29745 HIGH This Month

A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-7033 HIGH This Month

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell Arena
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-7032 HIGH This Month

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Buffer Overflow Stack Overflow Arena
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-7025 HIGH This Month

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell Arena
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-5061 HIGH PATCH This Month

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress RCE File Upload Wp Import Export Lite PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-41698 HIGH This Month

A low privileged local attacker can interact with the affected service although user-interaction should not be allowed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7050 HIGH This Month

The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google File Upload XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-54868 HIGH POC PATCH This Month

LibreChat is a ChatGPT clone with additional features. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54870 HIGH This Month

VTun-ng is a Virtual Tunnel over TCP/IP network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-54803 HIGH POC PATCH This Month

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Js Toml
NVD GitHub
CVSS 4.0
7.9
EPSS
0.1%
CVE-2025-54795 HIGH POC PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Claude Code
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-54794 HIGH POC PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Path Traversal Claude Code
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-54780 HIGH This Month

The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-54135 HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Cursor
NVD GitHub
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-54130 HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Cursor
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53544 HIGH This Month

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy