Skip to main content
CVE-2012-10052 CRITICAL POC THREAT Emergency

EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
72.5%
Threat
5.5
CVE-2012-10036 CRITICAL POC THREAT Emergency

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
72.5%
Threat
5.5
CVE-2012-10044 CRITICAL POC THREAT Emergency

MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
64.7%
Threat
5.4
CVE-2012-10049 CRITICAL POC THREAT Emergency

WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.5%.

PHP File Upload RCE
NVD GitHub Exploit-DB
CVSS 4.0
9.3
EPSS
66.5%
Threat
5.4
CVE-2012-10045 CRITICAL POC THREAT Emergency

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.5%.

PHP File Upload
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
66.5%
Threat
5.4
CVE-2012-10053 CRITICAL POC THREAT Emergency

Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.3%.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
64.3%
Threat
5.3
CVE-2012-10050 CRITICAL POC THREAT Emergency

CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.1%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
62.1%
Threat
5.2
CVE-2012-10041 CRITICAL POC THREAT Emergency

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.6%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
53.6%
Threat
5.0
CVE-2012-10046 CRITICAL POC THREAT Emergency

The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.9%.

Command Injection
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
52.9%
Threat
4.9
CVE-2012-10047 CRITICAL POC THREAT Emergency

Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.1%.

PHP RCE SQLi
NVD Exploit-DB VulDB
CVSS 4.0
10.0
EPSS
49.1%
Threat
5.0
CVE-2012-10043 CRITICAL POC Emergency

A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
4.6%
CVE-2025-54952 CRITICAL Act Now

An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-5095 CRITICAL This Week

Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-52913 CRITICAL This Week

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Node.js
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-8284 CRITICAL This Week

By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-46414 CRITICAL This Week

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2025-8356 CRITICAL This Week

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Freeflow Core
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2025-53606 CRITICAL PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Seata
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-48913 CRITICAL PATCH This Week

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Cxf Red Hat
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-54887 CRITICAL PATCH This Week

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy