Skip to main content
CVE-2012-10052 CRITICAL POC THREAT Emergency

EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
72.5%
Threat
5.5
CVE-2012-10036 CRITICAL POC THREAT Emergency

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
72.5%
Threat
5.5
CVE-2012-10044 CRITICAL POC THREAT Emergency

MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
64.7%
Threat
5.4
CVE-2012-10049 CRITICAL POC THREAT Emergency

WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.5%.

PHP File Upload RCE
NVD GitHub Exploit-DB
CVSS 4.0
9.3
EPSS
66.5%
Threat
5.4
CVE-2012-10045 CRITICAL POC THREAT Emergency

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.5%.

PHP File Upload
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
66.5%
Threat
5.4
CVE-2012-10053 CRITICAL POC THREAT Emergency

Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.3%.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
64.3%
Threat
5.3
CVE-2012-10050 CRITICAL POC THREAT Emergency

CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.1%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
62.1%
Threat
5.2
CVE-2012-10041 CRITICAL POC THREAT Emergency

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.6%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
53.6%
Threat
5.0
CVE-2012-10046 CRITICAL POC THREAT Emergency

The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.9%.

Command Injection
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
52.9%
Threat
4.9
CVE-2012-10047 CRITICAL POC THREAT Emergency

Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.1%.

PHP RCE SQLi
NVD Exploit-DB VulDB
CVSS 4.0
10.0
EPSS
49.1%
Threat
5.0
CVE-2012-10048 HIGH POC THREAT Act Now

Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

Command Injection Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
50.2%
Threat
4.7
CVE-2012-10042 HIGH POC THREAT Act Now

Sflog!. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.4%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
43.4%
Threat
4.5
CVE-2012-10043 CRITICAL POC Emergency

A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
4.6%
CVE-2012-10051 HIGH POC Act Now

Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 4.0
8.4
EPSS
6.9%
CVE-2025-4576 MEDIUM POC PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-54793 MEDIUM POC PATCH This Month

Astro is a web framework for content-driven websites. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Astro
NVD GitHub
CVSS 4.0
5.5
EPSS
2.2%
CVE-2025-54952 CRITICAL Act Now

An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2020-9322 HIGH This Week

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-8741 LOW POC Monitor

A vulnerability was found in macrozheng mall up to 1.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-8729 LOW POC PATCH Monitor

A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8706 LOW POC Monitor

A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8705 LOW POC Monitor

A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8704 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8703 LOW POC Monitor

A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8702 LOW POC Monitor

A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8739 LOW POC Monitor

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8743 LOW POC Monitor

A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-8740 LOW POC Monitor

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8707 LOW POC Monitor

A vulnerability was found in Huuge Box App 1.0.3 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8708 LOW POC Monitor

A vulnerability was found in Antabot White-Jotter 0.22. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization Java
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2025-8737 LOW Monitor

A vulnerability, which was classified as problematic, was found in zlt2000 microservices-platform up to 6.0.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Java
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-8736 LOW Monitor

A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8735 LOW Monitor

A vulnerability classified as problematic was found in GNU cflow up to 1.8. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8732 LOW PATCH CISA Monitor

A vulnerability was found in libxml2 up to 2.14.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Libxml2 Ruggedcom Rst2428P Firmware Vios Aix
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8742 MEDIUM POC This Month

A vulnerability was found in macrozheng mall 1.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mall
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-55188 LOW POC CISA Monitor

7-Zip before 25.01 does not always properly handle symbolic links during extraction. Rated low severity (CVSS 3.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 7 Zip
NVD GitHub
CVSS 3.1
3.6
EPSS
0.0%
CVE-2025-8738 MEDIUM This Month

A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-4796 HIGH PATCH This Month

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Privilege Escalation Eventin PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-5095 CRITICAL This Week

Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-52914 HIGH This Month

A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Micollab
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-52913 CRITICAL This Week

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Node.js
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-50928 MEDIUM POC Monitor

Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Easy Hosting Control Panel
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-50927 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easy Hosting Control Panel
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-8393 HIGH This Month

A TLS vulnerability exists in the phone application used to manage a connected device. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-8284 CRITICAL This Week

By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-53520 HIGH This Month

The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center (remote, cloud-connected interface) or via. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-50468 MEDIUM POC This Week

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openmetadata
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50467 MEDIUM This Month

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Openmetadata
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy