Skip to main content
CVE-2025-60683 MEDIUM POC THREAT This Month

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.

Command Injection A720R Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
10.3%
CVE-2025-60687 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr1200Gb Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
7.1%
CVE-2025-60693 MEDIUM POC This Month

A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys RCE Denial Of Service +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2025-60674 MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE D-Link Dir 878 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-64525 MEDIUM POC PATCH This Month

Astro is a web framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Astro
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2025-60682 MEDIUM POC This Month

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A720R Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2025-60688 MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Lr1200Gb Firmware Nr1800x Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-60684 MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Lr1200Gb Firmware Nr1800x Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-60676 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-60673 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-60672 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-60695 MEDIUM POC This Month

A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys RCE Denial Of Service +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-60675 MEDIUM POC This Month

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2025-60671 MEDIUM POC This Month

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2025-13121 MEDIUM POC This Month

A security vulnerability has been detected in cameasy Liketea 1.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13122 MEDIUM POC This Month

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-60689 MEDIUM POC This Month

An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-12536 MEDIUM POC This Month

The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notification' post meta registration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-60686 MEDIUM POC This Month

A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow RCE A720R Firmware +2
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-60685 MEDIUM POC This Month

A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE A720R Firmware
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-64292 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.6.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-64262 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-64261 MEDIUM This Month

Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.3.95. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-64263 MEDIUM This Month

Missing Authorization vulnerability in PluginEver WP Content Pilot wp-content-pilot allows Exploiting Incorrectly Configured Access Control Security Levels.1.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-64384 MEDIUM This Month

Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.5.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64370 MEDIUM This Month

Missing Authorization vulnerability in YOP YOP Poll yop-poll allows Exploiting Incorrectly Configured Access Control Security Levels.5.38. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64277 MEDIUM This Month

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.3.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64259 MEDIUM This Month

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.18.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-64274 MEDIUM This Month

Missing Authorization vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64269 MEDIUM This Month

Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.2.150. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64265 MEDIUM This Month

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64267 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64271 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin Manager wp-plugin-manager allows Cross Site Request Forgery.4.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-64753 MEDIUM This Month

grist-core is a spreadsheet hosting server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Grist Core
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64752 MEDIUM This Month

grist-core is a spreadsheet hosting server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Grist Core
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-64749 MEDIUM POC PATCH Monitor

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64748 MEDIUM PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-64747 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Directus
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-64746 MEDIUM POC PATCH Monitor

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Directus
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-4619 MEDIUM This Month

A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Microsoft Windows
NVD
CVSS 4.0
6.6
EPSS
0.1%
CVE-2025-47222 MEDIUM This Month

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Signserver
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-47221 MEDIUM This Month

An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Signserver
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-47220 MEDIUM This Month

A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH, which exists in the PDFSigner and the PAdESSigner, can be set to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Signserver
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-60702 MEDIUM POC This Week

A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `system.so` binary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2025-60699 MEDIUM POC This Week

A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE A950rg Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2025-55810 MEDIUM This Month

A vulnerability was found in Alaga Home Security WiFi Camera 3K (model S-CW2503C-H) with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload S Cw2503C H Firmware
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-46368 MEDIUM This Month

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Alienware Command Center
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-46362 MEDIUM This Month

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain an Improper Access Control vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Alienware Command Center
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-64706 MEDIUM POC This Month

Typebot is an open-source chatbot builder. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Typebot
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-60701 MEDIUM POC This Week

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy