Skip to main content
CVE-2025-10035 CRITICAL POC KEV THREAT Emergency

Fortra GoAnywhere MFT contains a deserialization vulnerability in the License Servlet allowing command injection through crafted license response signatures.

Command Injection Deserialization Goanywhere Managed File Transfer
NVD
CVSS 3.1
10.0
EPSS
58.8%
Threat
6.8
CVE-2025-57293 HIGH POC This Week

A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Command Injection RCE Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-40677 HIGH POC This Week

SQL injection vulnerability in Summar Software´s Portal del Empleado. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-10666 HIGH POC This Week

A security flaw has been discovered in D-Link DIR-825 up to 2.10. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 825 Firmware
NVD GitHub VulDB Exploit-DB
CVSS 4.0
7.4
EPSS
6.6%
CVE-2025-59424 HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Linkace
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-10672 HIGH POC This Week

Missing authentication in AIBattery's XPC service (versions up to 1.0.9) allows local authenticated attackers with low privileges to gain high-integrity access to battery management functions, potentially enabling unauthorized system configuration changes. The vulnerability affects the BatteryXPCService.swift component in com.collweb.AIBatteryHelper, with publicly available exploit code demonstrating the attack path. EPSS score of 0.02% (7th percentile) indicates low predicted exploitation probability in the wild, though the POC availability lowers the technical barrier for local attackers.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-55911 MEDIUM POC This Month

An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Clipbucket
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2025-47906 MEDIUM POC PATCH This Month

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Go Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-13151 CRITICAL Act Now

CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-10688 MEDIUM POC This Month

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10687 MEDIUM POC This Month

A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10673 MEDIUM POC This Month

A vulnerability was determined in itsourcecode Student Information Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10670 MEDIUM POC This Month

A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10668 MEDIUM POC This Month

A security vulnerability has been detected in itsourcecode Online Discussion Forum 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10664 MEDIUM POC This Month

A vulnerability was determined in PHPGurukul Small CRM 4.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10663 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Course Registration 3.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10667 MEDIUM POC This Month

A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-54807 CRITICAL Act Now

The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-8942 CRITICAL Act Now

The WP Hotel Booking WordPress plugin before 2.2.3 lacks proper server-side validation for review ratings, allowing an attacker to manipulate the rating value (e.g., sending negative or out-of-range. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD WPScan
CVSS 3.1
9.1
EPSS
0.0%
CVE-2023-49564 HIGH This Week

The CBIS/NCS Manager API is vulnerable to an authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nginx
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-55068 HIGH This Week

Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integer Overflow
NVD
CVSS 4.0
8.8
EPSS
0.1%
CVE-2023-49367 HIGH This Week

An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-54754 HIGH This Week

An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-54818 HIGH This Week

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2023-49565 HIGH This Week

The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Python Command Injection RCE
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-8565 HIGH This Week

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2022-50386 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2cap_chan_hold_unless_zero() after calling __l2cap_get_chan_blah() to prevent the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2023-53446 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free Struct pcie_link_state->downstream is a pointer to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50413 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free We've already freed the assoc_data at this point, so need to use another copy of the AP (MLD). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53426 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xsk_diag use-after-free error during socket cleanup Fix a use-after-free error that is possible if the xsk_diag interface. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53377 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent use-after-free by freeing the cfile later In smb2_compound_op we have a possible use-after-free which can cause hard. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50378 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/meson: reorder driver deinit sequence to fix use-after-free bug Unloading the driver triggers the following KASAN warning: [. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53432 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: firewire: net: fix use after free in fwnet_finish_incoming_packet() The netif_rx() function frees the skb so we can't dereference. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Denial Of Service Use After Free Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53427 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix warning and UAF when destroy the MR list If the MR allocate failed, the MR recovery work not initialized and list not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50417 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix GEM handle creation ref-counting panfrost_gem_create_with_handle() previously returned a BO but with the only. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50412 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: unregister cec i2c device after cec adapter cec_unregister_adapter() assumes that the underlying adapter ops. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53388 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Clean dangling pointer on bind error path mtk_drm_bind() can fail, in which case drm_dev_put() is called, destroying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Mediatek Linux Memory Corruption Use After Free Information Disclosure +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53386 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix potential use-after-free when clear keys Similar to commit c5d2b6fa26b5 ("Bluetooth: Fix use-after-free in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53373 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53372 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: sctp: fix a potential overflow in sctp_ifwdtsn_skip Currently, when traversing ifwdtsn skips with _sctp_walk_ifwdtsn, it only. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50410 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has conserved the number of pages held by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50408 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() > ret = brcmf_proto_tx_queue_data(drvr, ifp->ifidx, skb); may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50406 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iomap: iomap: fix memory corruption when recording errors during writeback Every now and then I see this crash on arm64: Unable to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50401 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure On error situation `clp->cl_cb_conn.cb_xprt` should not be given. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Red Hat Information Disclosure Linux Linux Kernel Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53395 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Nvidia Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50384 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: staging: vme_user: Fix possible UAF in tsi148_dma_list_add Smatch report warning as follows:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50419 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times device_add shall not be called multiple times as stated in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50411 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpi_ds_call_control_method() A use-after-free in acpi_ps_parse_aml() after a failing invocaion of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53398 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked during pop operations and it leads to potential. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53374 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fail SCO/ISO via hci_conn_failed if ACL gone early Not calling hci_(dis)connect_cfm before deleting conn. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy