Skip to main content
CVE-2012-10048 HIGH POC THREAT Act Now

Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

Command Injection Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
50.2%
Threat
4.7
CVE-2012-10042 HIGH POC THREAT Act Now

Sflog!. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.4%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
43.4%
Threat
4.5
CVE-2012-10051 HIGH POC Act Now

Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 4.0
8.4
EPSS
6.9%
CVE-2020-9322 HIGH This Week

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-4796 HIGH PATCH This Month

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Privilege Escalation Eventin PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-52914 HIGH This Month

A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Micollab
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8393 HIGH This Month

A TLS vulnerability exists in the phone application used to manage a connected device. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-53520 HIGH This Month

The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center (remote, cloud-connected interface) or via. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-50466 HIGH POC This Month

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openmetadata
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-50465 HIGH This Month

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Openmetadata
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-8731 HIGH This Month

A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.2%
CVE-2025-8355 HIGH This Month

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SSRF Freeflow Core
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52586 HIGH This Month

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. Rated high severity (CVSS 7.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-8730 HIGH POC THREAT This Week

A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Authentication Bypass
NVD GitHub VulDB Exploit-DB
CVSS 4.0
8.9
EPSS
26.5%
CVE-2025-36119 HIGH This Month

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-8088 HIGH KEV THREAT Act Now

WinRAR for Windows contains a path traversal vulnerability allowing crafted archives to execute arbitrary code, discovered by ESET and exploited in the wild for targeted attacks.

RCE Microsoft Path Traversal Winrar Dtsearch +1
NVD
CVSS 4.0
8.4
EPSS
6.8%
CVE-2025-8748 HIGH This Month

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-54886 HIGH PATCH This Month

skops is a Python library which helps users share and ship their scikit-learn based models. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python RCE Deserialization Red Hat
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy