Skip to main content
CVE-2025-66576 CRITICAL POC Act Now

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.

Command Injection RCE Remote Keyboard Desktop
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-29269 CRITICAL POC Act Now

ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint.

Command Injection All Rut22gw Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-63362 CRITICAL POC Act Now

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the Administrator password and username as blank values, allowing attackers to bypass authentication.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-29268 CRITICAL POC Act Now

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.

Authentication Bypass All Rut22gw Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-66571 CRITICAL POC Act Now

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.

PHP Deserialization
NVD GitHub Exploit-DB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-65346 CRITICAL POC Act Now

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.

Path Traversal Laravel File Manager
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-58275 HIGH POC This Week

Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server.

Command Injection
NVD GitHub Exploit-DB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-66555 HIGH POC This Week

AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control.

Authentication Bypass Apple iOS
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-14015 HIGH POC This Week

A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Buffer Overflow Magic B0 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-53734 HIGH POC This Week

dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access.

SQLi
NVD GitHub Exploit-DB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-58277 HIGH POC PATCH This Week

R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.

Authentication Bypass
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-58276 HIGH POC This Week

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get_subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames and passwords.

PHP SQLi
NVD GitHub Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-65959 HIGH POC PATCH This Week

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as PDF. This vulnerability can be exploited by any authenticated user, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. This vulnerability is fixed in 0.6.37.

XSS Open Webui
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-66516 HIGH POC PATCH This Week

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.

XXE Apache Ubuntu Debian Tika +1
NVD GitHub
CVSS 3.1
8.4
EPSS
1.5%
CVE-2025-65958 HIGH POC PATCH This Week

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. This vulnerability is fixed in 0.6.37.

Microsoft SSRF Open Webui
NVD GitHub VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2024-58278 HIGH POC This Week

perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access.

Authentication Bypass Command Injection RCE
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-65883 HIGH POC This Week

A vulnerability has been identified in Genexis Platinum P4410 router (Firmware P4410-V2-1.41) that allows a local network attacker to achieve Remote Code Execution (RCE) with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs out, the session token remains valid. An attacker on the local network can reuse this stale token to send crafted requests via the router’s diagnostic endpoint, resulting in command execution as root.

RCE Platinum 4410 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-66575 HIGH POC This Week

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.

Privilege Escalation Veepn
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-56427 HIGH POC This Week

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.

Path Traversal Information Disclosure Composio
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-63896 HIGH POC This Week

An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device.

Authentication Bypass Google Jxl 9 Inch Car Android Double Din Player Firmware
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-66573 HIGH POC This Week

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

Information Disclosure Solstice Pod Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63363 HIGH POC This Week

A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to execute de-authentication attacks, allowing crafted deauthentication and disassociation frames to be broadcast without authentication or encryption.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-65637 HIGH POC PATCH This Week

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Denial Of Service Ubuntu Debian Logrus Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-63364 HIGH POC This Week

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to transmit Administrator credentials in plaintext.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-55948 HIGH POC This Week

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control (RBAC) through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests when frontend menu updates (such as privilege revocation) fail to propagate to the backend permission table in real-time, creating a dangerous desynchronization. While users lose access to restricted functions through the web interface (as UI elements properly disappear), the stale permission records still validate unauthorized API requests when accessed directly through tools like Postman. Attackers exploiting this inconsistency can perform privileged operations including but not limited to: creating high-permission user accounts, accessing sensitive data beyond their clearance level, and executing admin-level commands.

Information Disclosure X Springboot
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-66572 MEDIUM POC This Month

Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter.

Command Injection
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-61148 MEDIUM POC This Month

An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'rec_no' parameter in the /student/get-receipt endpoint.

Authentication Bypass Edupluscampus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-65900 MEDIUM POC This Month

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.

Authentication Bypass Information Disclosure Kalmia
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-66563 MEDIUM POC PATCH This Month

Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted straight into the DOM. If they contain HTML tags, they will be rendered (after some escaping using quotes and textarea tags).

XSS Monkeytype
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63499 MEDIUM POC PATCH This Month

Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.

XSS Ubuntu Debian Sogo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-66509 CRITICAL PATCH Act Now

LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process to automatically execute the ServiceProvider::boot() method, enabling arbitrary PHP code execution.

Authentication Bypass PHP RCE Lara Dashboard
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-54304 CRITICAL Act Now

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from 127.0.0.1 and 192.168.2.15. If a device is powered on and later connected to a network with DHCP, the device may not be assigned the 192.168.2.15 IP address, leaving the display server accessible by other devices on the network. The exposed X11 display server can then be used to gain root privileges and the ability to execute code remotely by interacting with matchbox-desktop and spawning a terminal. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Information Disclosure Ion Torrent Onetouch 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53963 CRITICAL Act Now

A remote code execution vulnerability (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

RCE Ion Torrent Onetouch 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-54303 CRITICAL Act Now

A remote code execution vulnerability in Thermo Fisher Torrent Suite Django application 5.18.1 (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Information Disclosure Python Torrent Suite Software
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-63361 MEDIUM POC This Month

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to render the Administrator password in plaintext.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2024-45538 CRITICAL PATCH Act Now

Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.

Synology CSRF RCE Diskstation Manager Diskstation Manager Unified Controller
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-66574 MEDIUM POC This Month

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the `Open Object in Tree` endpoint, allowing attackers to steal session cookies and potentially escalate privileges.

XSS Tranzaxis
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-53735 MEDIUM POC This Month

WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks.

XSS
NVD Exploit-DB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-65899 MEDIUM POC This Month

A security vulnerability in its authentication mechanism (CVSS 5.3) that allows unauthenticated attackers. Risk factors: public PoC available.

Information Disclosure Kalmia
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54307 HIGH This Week

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints allow low-privilege users to upload ZIP files to the server. The plupload_file_upload function handles these file uploads and constructs the destination file path by using either the name parameter or the uploaded filename, neither of which is properly sanitized. The file extension is extracted by splitting the filename, and a format string is used to construct the final file path, leaving the destination path vulnerable to path traversal. An authenticated attacker with network connectivity can write arbitrary files to the server, enabling remote code execution after overwriting an executable file. An example is the pdflatex executable, which is executed through subprocess.Popen in the write_report_pdf function after requests to a /report/latex/(\d+).pdf endpoint.

Path Traversal RCE Python Torrent Suite Software
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-13543 HIGH This Week

The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'PostGalleryUploader' class functions in all versions up to, and including, 1.12.5. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-66287 HIGH PATCH This Week

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

Buffer Overflow
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-27935 HIGH This Week

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.

Authentication Bypass
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-65806 MEDIUM POC This Month

The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP (a ZIP containing another ZIP) where the inner archive contains an executable file (e.g. webshell.php). When the application extracts the uploaded archives, the executable may be extracted into a web-accessible directory. This can lead to remote code execution (RCE), data disclosure, account compromise, or further system compromise depending on the web server/process privileges. The issue arises from insufficient validation of archive contents and inadequate restrictions on extraction targets.

File Upload PHP RCE E Point Cms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-13932 HIGH This Week

CVE-2025-13932 is a security vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.

Authentication Bypass
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-63681 MEDIUM POC This Month

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.

Authentication Bypass Open Webui
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12995 HIGH This Week

Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.

Information Disclosure Carelink Network
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-66559 HIGH This Week

A security vulnerability in Taiko Alethia (CVSS 8.0). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD GitHub
CVSS 4.0
8.0
EPSS
0.1%
CVE-2025-54305 HIGH This Week

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTE_ADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or to ::1. Any user with local access to the server may bypass authentication.

Authentication Bypass Python Torrent Suite Software
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54160 HIGH PATCH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.

Synology Path Traversal RCE Beedrive
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy