Skip to main content
CVE-2025-52053 CRITICAL POC THREAT Emergency

TOTOLINK X6000R router firmware V9.4.0cu.1360_B20241207 contains an unauthenticated command injection in the sub_417D74 function via the file_name parameter. Remote attackers can execute arbitrary commands on the router without authentication through crafted HTTP requests.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
66.1%
CVE-2025-57174 CRITICAL POC Act Now

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2025-59360 CRITICAL POC PATCH Act Now

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection RCE Chaos Mesh Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-59359 CRITICAL POC PATCH Act Now

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Chaos Mesh Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-59361 CRITICAL POC PATCH Act Now

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Chaos Mesh Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-57118 CRITICAL POC Act Now

An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Online Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-46408 CRITICAL POC Act Now

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eagleeyes Lite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-58046 HIGH POC PATCH This Week

Dataease is an open-source data visualization and analysis platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Deserialization Dataease
NVD GitHub
CVSS 4.0
8.7
EPSS
1.1%
CVE-2025-50944 HIGH POC This Week

An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eagleeyes Lite
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-56274 HIGH POC This Week

SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Web Based Pharmacy Product Management System
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-59358 HIGH POC PATCH This Week

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Denial Of Service Kubernetes Chaos Mesh Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-59375 HIGH POC PATCH CISA This Week

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-10443 HIGH POC This Week

A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac9 Firmware Ac15 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.5%
CVE-2025-58045 HIGH POC PATCH This Week

Dataease is an open source data analytics and visualization platform. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Deserialization SSRF Dataease
NVD GitHub
CVSS 4.0
7.1
EPSS
1.1%
CVE-2025-52048 MEDIUM POC This Month

In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in the function add_tag() at `frappe/desk/doctype/tag/tag.py` is vulnerable to SQL Injection, which allows an attacker to extract. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Frappe
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52344 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Blue
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-43342 CRITICAL PATCH Act Now

A correctness issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-43347 CRITICAL Act Now

This issue was addressed by removing the vulnerable code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-43343 CRITICAL PATCH Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43359 CRITICAL Act Now

A logic issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-31255 CRITICAL Act Now

An authorization issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43362 CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-10472 MEDIUM POC This Month

A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Moneyprinterturbo
NVD VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-10425 MEDIUM POC This Month

A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-10424 MEDIUM POC This Month

A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-10447 MEDIUM POC This Month

A vulnerability was detected in Campcodes Online Job Finder System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-10446 MEDIUM POC This Month

A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10445 MEDIUM POC This Month

A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10444 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Online Job Finder System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10417 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Grocery Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10482 MEDIUM POC This Month

A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10479 MEDIUM POC This Month

A security flaw has been discovered in SourceCodester Online Student File Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10459 MEDIUM POC This Month

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10435 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10426 MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10416 MEDIUM POC This Month

A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10448 MEDIUM POC This Month

A flaw has been found in Campcodes Online Job Finder System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10436 MEDIUM POC This Month

A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-57117 MEDIUM POC This Month

A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-10452 CRITICAL Act Now

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-59331 HIGH PATCH MAL This Week

is-arrayish checks if an object can be used like an Array. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Red Hat
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-59330 HIGH PATCH MAL This Week

error-ex allows error subclassing and stack customization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Red Hat
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-59162 HIGH PATCH MAL This Week

color-convert provides plain color conversion functions in JavaScript. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Red Hat
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-43358 HIGH This Week

A permissions issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-43329 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-59332 HIGH This Week

3DAlloy is a lightWeight 3D-viewer for MediaWiki. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-10203 HIGH This Week

Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-43330 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-43372 HIGH This Week

The issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43298 HIGH This Week

A parsing issue in the handling of directory paths was addressed with improved path validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy