Skip to main content
CVE-2023-54340 HIGH POC This Week

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. [CVSS 8.2 HIGH]

SQLi
NVD GitHub Exploit-DB
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-54333 HIGH POC This Week

Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. [CVSS 8.2 HIGH]

SQLi
NVD GitHub Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2022-50805 HIGH POC This Week

Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. [CVSS 8.2 HIGH]

SQLi
NVD GitHub Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2022-50923 HIGH POC This Week

Cobian Backup versions up to 0.9.93 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE Cobian Backup
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50917 HIGH POC This Week

Protonvpn versions up to 1.26.0 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Wireguard Protonvpn
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50915 HIGH POC This Week

Ptpublisher versions up to 2.3.4 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated privileges (CVSS 7.8).

RCE Ptpublisher
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50931 HIGH POC This Week

Teamspeak versions up to 3.5.6 is affected by incorrect permission assignment for critical resource (CVSS 7.8).

Privilege Escalation Teamspeak
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50928 HIGH POC This Week

Bluesoleilcs versions up to 5.4.277 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows Bluesoleilcs
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-54331 HIGH POC This Week

Outline versions up to - contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE Outline
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50933 HIGH POC This Week

Cain \& Abel versions up to 4.9.56 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated privileges (CVSS 7.8).

RCE Cain Abel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50921 HIGH POC This Week

Wow21 versions up to 5.0.1.9 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE Wow21
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-25652 HIGH POC This Week

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. [CVSS 7.5 HIGH]

Path Traversal Archibus
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-50932 HIGH POC This Week

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. [CVSS 7.5 HIGH]

Path Traversal Command Center Rx
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-50890 HIGH POC This Week

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. [CVSS 7.5 HIGH]

Path Traversal Owlfiles
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-47751 HIGH POC This Week

CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. [CVSS 7.5 HIGH]

PHP Path Traversal Rich Text Editor
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-22870 HIGH POC PATCH This Week

GuardDog versions prior to 2.7.1 fail to validate decompressed file sizes when extracting Python package archives, enabling denial of service attacks through zip bomb payloads that can consume gigabytes of disk space from minimal compressed data. Public exploit code exists for this vulnerability, affecting users who rely on GuardDog to scan PyPI packages for malicious content. Upgrade to version 2.7.1 or later to remediate this flaw.

Denial Of Service AI / ML Guarddog
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-71027 HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-71026 HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-71025 HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-71024 HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-71023 HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70753 HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-0889 HIGH POC PATCH This Week

Service Workers in Mozilla Firefox and Thunderbird versions below 147 are vulnerable to remote denial-of-service attacks that require no user interaction or authentication. An unauthenticated attacker can crash affected applications over the network, and public exploit code exists for this vulnerability. Currently no patch is available for remediation.

Mozilla Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2022-50939 HIGH POC This Week

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. [CVSS 7.2 HIGH]

PHP Path Traversal E107
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-50907 HIGH POC This Week

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. [CVSS 7.2 HIGH]

PHP RCE E107
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2022-50806 HIGH POC This Week

4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. [CVSS 7.2 HIGH]

PHP 4images
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2022-50916 HIGH POC This Week

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. [CVSS 7.2 HIGH]

PHP E107
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2022-50908 HIGH POC This Week

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation. [CVSS 7.2 HIGH]

XSS
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-22791 MEDIUM POC PATCH This Month

openCryptoki is a PKCS#11 library and tools for Linux and AIX. [CVSS 6.6 MEDIUM]

Linux Buffer Overflow Opencryptoki Red Hat Suse
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2022-50899 MEDIUM POC This Month

Geonetwork versions up to 4.2.0 is affected by improper restriction of xml external entity reference (CVSS 6.5).

XXE Geonetwork
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-54328 MEDIUM POC This Month

AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism. [CVSS 6.5 MEDIUM]

Buffer Overflow Denial Of Service Aimone Video Converter
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-65784 MEDIUM POC This Month

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request. [CVSS 6.5 MEDIUM]

SSRF Hub
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2022-50894 MEDIUM POC This Month

VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. [CVSS 6.5 MEDIUM]

PHP SQLi Wallpaper Admin
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-54855 MEDIUM POC This Month

fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts. [CVSS 6.4 MEDIUM]

Vanilla Os Core Image Information Disclosure
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2022-50927 MEDIUM POC This Month

Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. [CVSS 6.2 MEDIUM]

Privilege Escalation
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2023-54341 MEDIUM POC This Month

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. [CVSS 6.1 MEDIUM]

PHP XSS Webgrind
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-53985 MEDIUM POC This Month

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. [CVSS 6.1 MEDIUM]

XSS Zstore
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-54332 MEDIUM POC This Month

Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. [CVSS 6.1 MEDIUM]

XSS Jetpack
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2020-36919 MEDIUM POC This Month

WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser. [CVSS 6.1 MEDIUM]

PHP XSS Wpforms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2021-47750 MEDIUM POC This Month

YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. [CVSS 6.1 MEDIUM]

XSS Youphptube
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2022-50937 MEDIUM POC This Month

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modules. [CVSS 6.1 MEDIUM]

XSS Ametys
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2022-50896 MEDIUM POC This Month

Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in victim's browser context. [CVSS 6.1 MEDIUM]

PHP XSS
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-68271 CRITICAL PATCH Act Now

OpenC3 COSMOS (space mission control software, 5.0.0-6.10.1) has unauthenticated RCE through the JSON-RPC API. String parameters are evaluated as Ruby code via convert_to_value. Maximum CVSS 10.0 with scope change.

Ruby RCE
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-47855 CRITICAL Act Now

Fortinet FortiFone 7.0.0-7.0.1 and 3.0.13-3.0.23 allows unauthenticated attackers to download the complete device configuration via crafted HTTP/HTTPS requests. Configuration files contain credentials and network settings.

Fortinet
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-40805 CRITICAL Act Now

An API authentication bypass allows unauthenticated attackers to impersonate legitimate users. Maximum CVSS 10.0 with scope change. Requires knowledge of a legitimate user's identity.

Authentication Bypass IoT Industrial
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-0881 CRITICAL PATCH Act Now

Firefox Messaging System component has a sandbox escape vulnerability. Maximum CVSS 10.0 with scope change. Affects Firefox < 147 and Thunderbird < 147.

Authentication Bypass Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-22871 CRITICAL PATCH Act Now

GuardDog security scanner before 2.7.1 has a path traversal in safe_extract() that allows malicious PyPI packages to write files outside the extraction directory. Ironic vulnerability in a tool designed to detect malicious packages. Patch available.

RCE Path Traversal AI / ML Guarddog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-0501 CRITICAL Act Now

SAP S/4HANA General Ledger (Private Cloud and On-Premise) has SQL injection allowing authenticated users to read, modify, and delete backend database data with scope change (CVSS 9.9). Financial data is directly at risk.

SAP
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-23478 CRITICAL Act Now

Cal.com scheduling software (3.1.6 to 6.0.7) has a critical authentication bypass in the NextAuth JWT callback. Attackers can gain full access to any user account by supplying a target email via session.update(). Fixed in 6.0.7.

Information Disclosure Cal.Com
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-65783 CRITICAL Act Now

Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF files can be uploaded and may achieve code execution.

File Upload RCE Hub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
Prev Page 2 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy