Skip to main content
CVE-2025-64446 CRITICAL POC KEV THREAT Emergency

Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative commands through crafted HTTP/HTTPS requests.

Path Traversal Fortinet Fortiweb
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
88.2%
Threat
7.6
CVE-2016-15056 HIGH POC This Week

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2021-4466 HIGH POC This Week

IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2021-4465 HIGH POC This Week

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2021-4469 HIGH POC This Week

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2018-25125 HIGH POC This Week

Netis ADSL Router DL4322D firmware RTK 2.1.1 contains a buffer overflow vulnerability in the embedded FTP service that allows an authenticated remote user to trigger a denial of service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2022-4985 HIGH POC This Week

Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-63680 HIGH POC This Week

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Microsoft
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-63891 HIGH POC This Week

Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacker to disclose full database contents (including schema. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simple Online Book Store System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-7328 MEDIUM POC This Month

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data,. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sft Dab 600 C Firmware
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-13170 MEDIUM POC This Month

A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13169 MEDIUM POC This Month

A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2021-4470 CRITICAL Act Now

TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection RCE
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-63291 MEDIUM POC This Month

When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2021-4468 HIGH This Week

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2021-4471 HIGH This Week

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2021-4467 HIGH This Week

Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-8855 HIGH This Week

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-13033 HIGH PATCH This Week

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-13168 LOW POC PATCH Monitor

A weakness has been identified in ury-erp ury up to 0.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13179 LOW POC Monitor

A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13177 LOW POC Monitor

A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13171 LOW POC Monitor

A vulnerability was identified in ZZCMS 2023. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13185 LOW POC Monitor

A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-13182 LOW POC Monitor

A vulnerability was identified in pojoin h3blog 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-13180 LOW POC Monitor

A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-13178 LOW POC Monitor

A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-13181 LOW POC Monitor

A vulnerability was determined in pojoin h3blog 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-13186 LOW POC Monitor

A weakness has been identified in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution up to 4.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-13174 LOW Monitor

A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13172 LOW Monitor

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-13188 HIGH POC This Week

A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816L Firmware
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.3%
CVE-2025-13187 MEDIUM POC This Month

A security vulnerability has been detected in Intelbras ICIP 2.0.20. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Icip 30 Firmware
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-64084 MEDIUM POC PATCH This Month

An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Cloudlog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-63745 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Radare2 Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-63744 MEDIUM PATCH Monitor

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Radare2 Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-63701 MEDIUM POC This Week

A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Heap Overflow Tp 3250 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.0%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-63830 MEDIUM POC This Month

CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Ckfinder
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-63725 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A via the id parameter to Recivers.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Svx Portal
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63724 MEDIUM POC This Month

SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POST request to admin/update_setings.php. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Svx Portal
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2025-54562 MEDIUM Monitor

A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Technical Information to be Disclosed through stack trace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pingalert Application Server
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-54561 MEDIUM Monitor

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote access to content despite lack of the correct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pingalert Application Server
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-54560 LOW Monitor

A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Pingalert Application Server
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-54559 LOW Monitor

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Pingalert Application Server
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-54348 MEDIUM This Month

A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pingalert Application Server
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54346 HIGH This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pingalert Application Server
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-54345 HIGH This Month

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pingalert Application Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54343 CRITICAL This Week

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pingalert Application Server
NVD
CVSS 3.1
9.6
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy