Skip to main content
CVE-2024-32640 CRITICAL POC THREAT Emergency

MASA CMS versions prior to 7.4.5 contain a critical SQL injection vulnerability in the processAsyncObject method that enables unauthenticated remote code execution. The flaw allows attackers to extract database contents and leverage database-specific features to execute OS commands on the underlying server.

RCE SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
93.7%
Threat
6.3
CVE-2012-10038 CRITICAL POC THREAT Emergency

Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.2%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
72.2%
Threat
5.5
CVE-2012-10037 CRITICAL POC THREAT Emergency

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.6%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
62.6%
Threat
5.2
CVE-2012-10040 CRITICAL POC THREAT Emergency

Openfiler v2.x contains a command injection vulnerability in the system.html page. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.2%.

Command Injection
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
52.2%
Threat
4.9
CVE-2012-10039 CRITICAL POC THREAT Emergency

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.6%.

Command Injection RCE
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
43.6%
Threat
4.7
CVE-2025-55161 HIGH POC PATCH This Week

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Stirling Pdf
NVD GitHub
CVSS 3.1
8.6
EPSS
6.4%
CVE-2025-55150 HIGH POC PATCH This Week

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Stirling Pdf
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-25231 HIGH POC EUVD KEV This Week

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2025-8838 MEDIUM POC This Month

A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8830 LOW POC Monitor

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8829 LOW POC Monitor

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8828 LOW POC Monitor

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8827 LOW POC Monitor

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8825 LOW POC Monitor

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8823 LOW POC Monitor

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8821 LOW POC Monitor

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8839 LOW POC Monitor

A vulnerability was found in jshERP up to 3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8840 LOW POC Monitor

A vulnerability was determined in jshERP up to 3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8859 LOW POC Monitor

A vulnerability was identified in code-projects eBlog Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8841 LOW POC Monitor

A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8852 LOW POC Monitor

A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wukongcrm
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8847 LOW POC Monitor

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-8837 LOW POC PATCH Monitor

A vulnerability was identified in JasPer up to 4.2.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-8843 LOW POC PATCH Monitor

A vulnerability was found in NASM Netwide Assember 2.17rc0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8835 LOW POC PATCH Monitor

A vulnerability was found in JasPer up to 4.2.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8846 LOW POC Monitor

A vulnerability has been found in NASM Netwide Assember 2.17rc0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8845 LOW POC Monitor

A vulnerability was identified in NASM Netwide Assember 2.17rc0.c. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8842 LOW POC PATCH Monitor

A vulnerability has been found in NASM Netwide Assember 2.17rc0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8844 LOW POC Monitor

A vulnerability was determined in NASM Netwide Assember 2.17rc0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8836 LOW POC PATCH Monitor

A vulnerability was determined in JasPer up to 4.2.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-38499 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-8834 LOW Monitor

A vulnerability has been found in JCG Link-net LW-N915R 17s.20.001.908. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-55159 MEDIUM PATCH This Month

slab is a pre-allocated storage for a uniform data type. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-55158 MEDIUM PATCH This Month

Vim is an open source, command line text editor. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Vim Red Hat Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-55157 MEDIUM PATCH This Month

Vim is an open source, command line text editor. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Use After Free Vim Red Hat +1
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-55156 HIGH PATCH This Month

pyLoad is the free and open-source Download Manager written in pure Python. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python SQLi
NVD GitHub
CVSS 4.0
7.8
EPSS
0.0%
CVE-2025-55151 HIGH PATCH This Month

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Stirling Pdf
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-55012 HIGH This Month

Zed is a multiplayer code editor. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-54992 MEDIUM This Month

OpenKilda is an open-source OpenFlow controller. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-25235 HIGH This Month

Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Windows
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-54878 HIGH POC PATCH This Week

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Denial Of Service Buffer Overflow Cryptolib
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-40920 HIGH This Month

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-8285 MEDIUM PATCH Monitor

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-7679 CRITICAL This Week

The ASPECT system allows users to bypass authentication. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2025-7677 HIGH This Month

A denial-of-service (DoS) attack is possible if access to the local network is provided to unauthorized users. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
NVD
CVSS 4.0
8.2
EPSS
0.0%
CVE-2025-54525 HIGH PATCH This Month

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Confluence Suse
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54478 HIGH PATCH This Month

Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-54463 MEDIUM PATCH This Month

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Denial Of Service Confluence Suse
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-54458 MEDIUM PATCH This Month

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-53910 MEDIUM PATCH Monitor

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy