Skip to main content
CVE-2012-10054 CRITICAL POC PATCH THREAT Act Now

Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.9%.

RCE Path Traversal Umbraco Cms
NVD GitHub Exploit-DB
CVSS 4.0
9.3
EPSS
75.9%
Threat
5.6
CVE-2012-10060 CRITICAL POC THREAT Emergency

Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 69.1%.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
69.1%
Threat
5.4
CVE-2012-10055 CRITICAL POC THREAT Emergency

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 58.9%.

RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
58.9%
Threat
5.1
CVE-2012-10058 CRITICAL POC THREAT Emergency

RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.7%.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
54.7%
Threat
5.1
CVE-2012-10059 CRITICAL POC THREAT Emergency

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.6%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
43.6%
Threat
4.7
CVE-2012-10056 HIGH POC THREAT Act Now

PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.8%.

PHP File Upload
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
32.8%
Threat
4.2
CVE-2012-10057 HIGH POC Act Now

Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
CVSS 4.0
8.4
EPSS
1.9%
CVE-2025-50946 MEDIUM POC PATCH This Month

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Olivetin Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2025-45313 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hortusfox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-45314 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hortusfox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-7384 CRITICAL Act Now

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Deserialization RCE Denial Of Service
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2025-51451 CRITICAL Act Now

In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ex1200t Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-51452 CRITICAL Act Now

In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8925 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Sports Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8923 MEDIUM POC This Month

A vulnerability was determined in code-projects Job Diary 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8922 MEDIUM POC This Month

A vulnerability was found in code-projects Job Diary 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8921 MEDIUM POC This Month

A vulnerability has been found in code-projects Job Diary 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8926 MEDIUM POC This Month

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8924 MEDIUM POC This Month

A vulnerability was identified in Campcodes Online Water Billing System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8913 CRITICAL Act Now

Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP RCE Organization Portal System
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2025-45315 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hortusfox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-8904 CRITICAL Act Now

Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 4.0
9.0
EPSS
0.0%
CVE-2025-8882 HIGH PATCH This Week

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-8912 HIGH This Week

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Organization Portal System
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-8754 HIGH CISA This Week

Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.50 through 14. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-7734 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-6186 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-7739 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-23303 HIGH This Week

NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Deserialization Nvidia Nemo
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2025-23304 HIGH This Week

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Path Traversal Nemo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-23296 HIGH This Week

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Nvidia RCE Python Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23294 HIGH This Week

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Nvidia RCE Denial Of Service Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23298 HIGH This Week

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Nvidia RCE Python Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23305 HIGH This Week

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Megatron Lm
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23295 HIGH This Week

NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Nvidia RCE Python Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48989 HIGH PATCH CISA This Week

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Apache
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-43988 HIGH This Week

KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-5477 HIGH This Week

A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

HP RCE Denial Of Service Privilege Escalation Information Disclosure
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-8909 HIGH This Week

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Organization Portal System
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-8914 HIGH This Week

Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Organization Portal System
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-54464 HIGH This Week

This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-8927 LOW POC Monitor

A vulnerability was determined in mtons mblog up to 3.5.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-54465 MEDIUM This Month

This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-0818 MEDIUM This Month

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Path Traversal PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-12303 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-1477 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2937 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2614 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-8770 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-8907 MEDIUM This Month

A vulnerability was found in H3C M2 NAS V100R006. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 4.0
6.4
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy