Skip to main content
CVE-2024-32640 CRITICAL POC THREAT Emergency

MASA CMS versions prior to 7.4.5 contain a critical SQL injection vulnerability in the processAsyncObject method that enables unauthenticated remote code execution. The flaw allows attackers to extract database contents and leverage database-specific features to execute OS commands on the underlying server.

RCE SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
93.7%
Threat
6.3
CVE-2012-10038 CRITICAL POC THREAT Emergency

Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.2%.

PHP File Upload RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
72.2%
Threat
5.5
CVE-2012-10037 CRITICAL POC THREAT Emergency

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.6%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
62.6%
Threat
5.2
CVE-2012-10040 CRITICAL POC THREAT Emergency

Openfiler v2.x contains a command injection vulnerability in the system.html page. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.2%.

Command Injection
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
52.2%
Threat
4.9
CVE-2012-10039 CRITICAL POC THREAT Emergency

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.6%.

Command Injection RCE
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
43.6%
Threat
4.7
CVE-2025-7679 CRITICAL This Week

The ASPECT system allows users to bypass authentication. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2025-53187 CRITICAL This Week

Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-45146 CRITICAL POC Act Now

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Modelcache
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-8853 CRITICAL This Week

Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy