Skip to main content
CVE-2024-13979 CRITICAL POC Act Now

A SQL injection vulnerability exists in the St. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi St Joe Erp System
NVD GitHub
CVSS 4.0
9.3
EPSS
9.0%
CVE-2018-25115 CRITICAL POC Act Now

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 110 Firmware Dir 412 Firmware Dir 600 Firmware +4
NVD GitHub Exploit-DB
CVSS 4.0
10.0
EPSS
1.6%
CVE-2025-34161 CRITICAL POC Act Now

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Coolify
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.7%
CVE-2025-34159 CRITICAL POC Act Now

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker RCE Coolify
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.5%
CVE-2023-7309 CRITICAL Act Now

A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dahua RCE Path Traversal
NVD GitHub
CVSS 4.0
10.0
EPSS
1.2%
CVE-2025-34163 CRITICAL Act Now

Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload
NVD VulDB
CVSS 4.0
10.0
EPSS
0.7%
CVE-2025-34162 CRITICAL Act Now

An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE SQLi
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.6%
CVE-2025-34157 CRITICAL Act Now

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Coolify
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-34523 CRITICAL Act Now

A heap-based buffer overflow vulnerability exists in the exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Denial Of Service Buffer Overflow RCE
NVD VulDB
CVSS 4.0
9.2
EPSS
0.3%
CVE-2025-34522 CRITICAL This Week

A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE Udp
NVD
CVSS 4.0
9.2
EPSS
0.7%
CVE-2025-34160 CRITICAL This Week

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
10.0
EPSS
1.1%
CVE-2024-13985 CRITICAL This Week

A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handle.action interface. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dahua Command Injection
NVD GitHub
CVSS 4.0
10.0
EPSS
0.3%
CVE-2024-13984 CRITICAL This Week

QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 4.0
10.0
EPSS
1.1%
CVE-2024-13981 CRITICAL POC Act Now

LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Path Traversal
NVD GitHub
CVSS 4.0
10.0
EPSS
1.1%
CVE-2024-13980 CRITICAL This Week

H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub
CVSS 4.0
10.0
EPSS
2.8%
CVE-2025-50428 CRITICAL POC PATCH Act Now

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection PHP Raspap Webgui
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2025-52122 CRITICAL POC PATCH Act Now

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Freeform
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-50989 CRITICAL POC Act Now

OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Opnsense
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2025-50972 CRITICAL POC Act Now

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmpl_id parameter to index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Abantecart
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-43728 CRITICAL This Week

Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Thinos
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2025-30063 CRITICAL This Week

The configuration file containing database logins and passwords is readable by any local user. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-30057 CRITICAL This Week

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function. Rated critical severity (CVSS 9.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Code Injection
NVD
CVSS 4.0
9.4
EPSS
0.3%
CVE-2025-30056 CRITICAL This Week

The RunCommand function accepts any parameter, which is then passed for execution in the shell. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-30055 CRITICAL This Week

The "system" function receives untrusted input from the user. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
9.0
EPSS
0.0%
CVE-2025-30041 CRITICAL This Week

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.0
EPSS
0.0%
CVE-2025-30040 CRITICAL This Week

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.0
EPSS
0.1%
CVE-2025-30039 CRITICAL This Week

Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.0
EPSS
0.0%
CVE-2025-2313 CRITICAL This Week

In the Print.pl service, the "uhcPrintServerPrint" function allows execution of arbitrary code via the "CopyCounter" parameter. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
9.4
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy