Skip to main content
CVE-2025-14636 LOW POC Monitor

Weak cryptographic hashing in the image_check function of Tenda AX9 firmware 22.03.01.46 allows remote attackers to compromise firmware integrity validation without authentication. The vulnerability has a CVSS score of 2.9 (very low severity) and publicly available exploit code exists, but the high attack complexity and difficult exploitability rating indicate practical barriers to successful exploitation. Real-world risk is minimal: while the vulnerability permits information disclosure related to hash values, it does not enable remote code execution or device takeover.

Tenda Information Disclosure Ax9 Firmware
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-14586 LOW POC Monitor

OS command injection in TOTOLINK X5000R firmware 9.1.0cu.2089_B20211224 allows authenticated remote attackers to execute arbitrary system commands via the User parameter in the /cgi-bin/cstecgi.cgi exportOvpn function. The vulnerability requires valid login credentials but results in complete system compromise once authenticated. Public exploit code is available, and the CVSS score of 2.1 significantly underrepresents the true risk due to the low-impact scoring parameters masking the severity of unauthenticated command execution in a network-accessible management interface.

Command Injection X5000r Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
1.7%
CVE-2025-14589 LOW POC Monitor

SQL injection in code-projects Prison Management System 2.0 allows authenticated remote attackers to execute arbitrary SQL commands via the keyname parameter in /admin/search.php, with publicly available exploit code but limited real-world impact due to authentication requirement and restricted scope (confidentiality only, CVSS 2.1).

PHP SQLi Prison Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-14617 LOW Monitor

Path traversal vulnerability in JW Library App for Android up to version 15.5.1 allows local authenticated users to access files outside intended directories via manipulation of the SiloContainer component. CVSS score of 1.9 reflects low confidentiality impact with no integrity or availability consequences; however, publicly available exploit code exists. Real-world risk is minimal given requirement for local access and prior authentication, EPSS score of 0.03% indicates negligible exploitation probability.

Google Path Traversal
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-14606 LOW Monitor

Deserialization vulnerability in Tiny RDM up to version 1.2.5 allows authenticated remote attackers to trigger unsafe pickle deserialization via the Pickle Decoding component, potentially leading to code execution. The attack requires high complexity and prior authentication, making practical exploitation difficult. Public exploit code is available, but the low EPSS score (0.10%) and absence of active exploitation tracking suggest limited real-world risk at present.

Deserialization
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy