Skip to main content
CVE-2022-50936 HIGH POC This Week

Wbce Cms versions up to 1.5.2 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE Wbce Cms
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-50898 HIGH POC This Week

Nanocms versions up to 0.4 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE Nanocms
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-50909 HIGH POC This Week

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. [CVSS 8.8 HIGH]

Golang RCE Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-68707 HIGH POC This Week

Tongyu Ax1800 Firmware versions up to 1.0.0 contains a vulnerability that allows attackers to full compromise of the device (i (CVSS 8.8).

Authentication Bypass Tongyu Ax1800 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-22861 HIGH POC PATCH This Week

Memory corruption in iccDEV library versions before 2.3.1.2 allows remote attackers to achieve code execution via maliciously crafted ICC color profiles, affecting users who process untrusted profile data. Public exploit code exists for this vulnerability. Organizations using iccDEV should upgrade to version 2.3.1.2 immediately.

Buffer Overflow Heap Overflow Iccdev
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-66698 HIGH POC This Week

An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints. [CVSS 8.6 HIGH]

Authentication Bypass Veda
NVD GitHub
CVSS 3.1
8.6
EPSS
0.2%
CVE-2022-50902 HIGH POC This Week

FSService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 8.4).

Code Injection
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2023-54338 HIGH POC This Week

Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 8.4 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2023-54336 HIGH POC This Week

servermedicontservice contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 8.4).

Code Injection
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50930 HIGH POC This Week

TrapiServer service contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 8.4).

Code Injection
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50924 HIGH POC This Week

Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 8.4 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50904 HIGH POC This Week

Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 8.4 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50918 HIGH POC This Week

VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. [CVSS 8.4 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50903 HIGH POC This Week

Mobiletrans versions up to 3.5.9 contains a vulnerability that allows attackers to potentially execute code with elevated system privileges (CVSS 8.4).

Information Disclosure Mobiletrans
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50900 HIGH POC This Week

Dr.Fone versions up to 12.0.18 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 8.4).

RCE Dr.Fone
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2023-53984 HIGH POC This Week

Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. [CVSS 8.4 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50938 HIGH POC This Week

CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. [CVSS 8.4 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50929 HIGH POC This Week

its ConnectifyService executable contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).

RCE
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50920 HIGH POC This Week

SbieSvc Windows service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).

Windows
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50914 HIGH POC This Week

EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges. [CVSS 8.4 HIGH]

Code Injection
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50913 HIGH POC This Week

ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot. [CVSS 8.4 HIGH]

Information Disclosure
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50808 HIGH POC This Week

CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. [CVSS 8.4 HIGH]

Privilege Escalation RCE
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50693 HIGH POC This Week

Splashtop Software Updater Service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).

RCE
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50901 HIGH POC This Week

Dr.Fone versions up to 11.4.9 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).

RCE Dr.Fone
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2022-50892 HIGH POC This Week

VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface. [CVSS 8.2 HIGH]

SQLi Authentication Bypass Wallpaper Admin
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-54340 HIGH POC This Week

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. [CVSS 8.2 HIGH]

SQLi
NVD GitHub Exploit-DB
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-54333 HIGH POC This Week

Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. [CVSS 8.2 HIGH]

SQLi
NVD GitHub Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2022-50805 HIGH POC This Week

Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. [CVSS 8.2 HIGH]

SQLi
NVD GitHub Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2022-50923 HIGH POC This Week

Cobian Backup versions up to 0.9.93 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE Cobian Backup
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50917 HIGH POC This Week

Protonvpn versions up to 1.26.0 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Wireguard Protonvpn
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50915 HIGH POC This Week

Ptpublisher versions up to 2.3.4 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated privileges (CVSS 7.8).

RCE Ptpublisher
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50931 HIGH POC This Week

Teamspeak versions up to 3.5.6 is affected by incorrect permission assignment for critical resource (CVSS 7.8).

Privilege Escalation Teamspeak
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50928 HIGH POC This Week

Bluesoleilcs versions up to 5.4.277 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows Bluesoleilcs
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-54331 HIGH POC This Week

Outline versions up to - contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE Outline
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50933 HIGH POC This Week

Cain \& Abel versions up to 4.9.56 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated privileges (CVSS 7.8).

RCE Cain Abel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50921 HIGH POC This Week

Wow21 versions up to 5.0.1.9 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE Wow21
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-25652 HIGH POC This Week

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. [CVSS 7.5 HIGH]

Path Traversal Archibus
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-50932 HIGH POC This Week

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. [CVSS 7.5 HIGH]

Path Traversal Command Center Rx
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-50890 HIGH POC This Week

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. [CVSS 7.5 HIGH]

Path Traversal Owlfiles
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-47751 HIGH POC This Week

CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. [CVSS 7.5 HIGH]

PHP Path Traversal Rich Text Editor
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-22870 HIGH POC PATCH This Week

GuardDog versions prior to 2.7.1 fail to validate decompressed file sizes when extracting Python package archives, enabling denial of service attacks through zip bomb payloads that can consume gigabytes of disk space from minimal compressed data. Public exploit code exists for this vulnerability, affecting users who rely on GuardDog to scan PyPI packages for malicious content. Upgrade to version 2.7.1 or later to remediate this flaw.

Denial Of Service AI / ML Guarddog
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-71027 HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-71026 HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-71025 HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-71024 HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-71023 HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70753 HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-0889 HIGH POC PATCH This Week

Service Workers in Mozilla Firefox and Thunderbird versions below 147 are vulnerable to remote denial-of-service attacks that require no user interaction or authentication. An unauthenticated attacker can crash affected applications over the network, and public exploit code exists for this vulnerability. Currently no patch is available for remediation.

Mozilla Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2022-50939 HIGH POC This Week

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. [CVSS 7.2 HIGH]

PHP Path Traversal E107
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-50907 HIGH POC This Week

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. [CVSS 7.2 HIGH]

PHP RCE E107
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.4%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy