Skip to main content
CVE-2025-60691 HIGH POC This Week

A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys RCE Denial Of Service +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-60690 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the Linksys E1200 v2 router firmware that allows remote attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability occurs in the httpd binary's get_merge_ipaddr function, which improperly concatenates user-supplied CGI parameters into a fixed-size buffer without bounds checking. With publicly available proof-of-concept exploits and an EPSS score of 0.57% (68th percentile), this represents a moderate exploitation risk for affected devices.

Linksys RCE Denial Of Service Buffer Overflow E1200 Firmware +1
NVD GitHub VulDB Exploit-DB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-60679 HIGH POC This Week

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-60683 MEDIUM POC THREAT This Month

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.

Command Injection A720R Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
10.3%
CVE-2025-60694 HIGH POC This Week

A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys RCE Denial Of Service +1
NVD GitHub
CVSS 3.1
7.5
EPSS
5.1%
CVE-2025-60696 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys RCE Denial Of Service +1
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-60692 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys RCE Cisco +2
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-60687 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr1200Gb Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
7.1%
CVE-2025-60693 MEDIUM POC This Month

A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys RCE Denial Of Service +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2025-60674 MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE D-Link Dir 878 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-64525 MEDIUM POC PATCH This Month

Astro is a web framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Astro
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2025-60682 MEDIUM POC This Month

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A720R Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2025-60688 MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Lr1200Gb Firmware Nr1800x Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-60684 MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Lr1200Gb Firmware Nr1800x Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-60676 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-60673 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-60672 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-60695 MEDIUM POC This Month

A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys RCE Denial Of Service +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-60675 MEDIUM POC This Month

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2025-60671 MEDIUM POC This Month

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2025-13121 MEDIUM POC This Month

A security vulnerability has been detected in cameasy Liketea 1.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13122 MEDIUM POC This Month

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-60689 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-12536 MEDIUM POC This Month

The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notification' post meta registration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-60686 MEDIUM POC This Month

A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow RCE A720R Firmware +2
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-60685 MEDIUM POC This Month

A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE A720R Firmware
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2022-4984 HIGH This Week

ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition < 16.5, and ZenTao Open Source Edition < 16.5.beta1 contain an SQL injection vulnerability in the login functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-64292 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.6.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-64262 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13119 LOW POC Monitor

A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13115 LOW POC Monitor

A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13118 LOW POC Monitor

A vulnerability was detected in macrozheng mall-swarm and mall up to 1.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13117 LOW POC Monitor

A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13116 LOW POC Monitor

A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13123 LOW POC Monitor

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13114 LOW POC Monitor

A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-64261 MEDIUM This Month

Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.3.95. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-64263 MEDIUM This Month

Missing Authorization vulnerability in PluginEver WP Content Pilot wp-content-pilot allows Exploiting Incorrectly Configured Access Control Security Levels.1.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-64384 MEDIUM This Month

Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.5.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64370 MEDIUM This Month

Missing Authorization vulnerability in YOP YOP Poll yop-poll allows Exploiting Incorrectly Configured Access Control Security Levels.5.38. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64277 MEDIUM This Month

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.3.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64259 MEDIUM This Month

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.18.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-64274 MEDIUM This Month

Missing Authorization vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64269 MEDIUM This Month

Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.2.150. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64265 MEDIUM This Month

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64267 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64271 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin Manager wp-plugin-manager allows Cross Site Request Forgery.4.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13120 LOW PATCH Monitor

A vulnerability has been found in mruby up to 3.4.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-64530 HIGH PATCH This Month

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64754 LOW Monitor

Jitsi Meet is an open source video conferencing application. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Microsoft
NVD GitHub
CVSS 4.0
2.7
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy