Skip to main content
CVE-2020-37123 CRITICAL POC THREAT Emergency

Remote code execution via OS command injection in Pinger 1.0 allows attackers to inject shell commands through the ping target parameter. EPSS 12.2% indicates significant exploitation likelihood. PoC available.

PHP RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
12.2%
CVE-2020-37125 CRITICAL POC Act Now

Unauthenticated remote code execution via OS command injection in Edimax EW-7438RPn-v3 Mini wireless extender firmware 1.27. EPSS 1.3% with PoC available.

RCE Command Injection Ew 7438rpn Mini Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-68121 CRITICAL POC PATCH Act Now

Critical certificate validation bypass in Go crypto/tls during session resumption. If ClientCAs or RootCAs fields are mutated between creating the config and resuming a session, the TLS stack uses the modified trust store, potentially accepting certificates from unintended CAs. CVSS 10.0, PoC available, patch available.

Information Disclosure Go
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2020-37120 CRITICAL POC Act Now

Buffer overflow in Rubo DICOM Viewer 2.0 through the DICOM server name input field allows attackers to execute arbitrary code. PoC available.

RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2020-37126 CRITICAL POC Act Now

Stack overflow in Free Desktop Clock 3.0 triggered by crafted Time Zones display name input allows attackers to execute arbitrary code. PoC available.

Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37124 CRITICAL POC Act Now

Buffer overflow in B64dec 1.1.2 base64 decoder allows attackers to execute arbitrary code by overwriting structured exception handler pointers. PoC available.

Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37138 CRITICAL POC Act Now

Buffer overflow in 10-Strike Network Inventory Explorer 9.03 file import functionality allows attackers to execute arbitrary code via crafted import files. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37119 CRITICAL POC Act Now

Stack-based buffer overflow in Nsauditor Network Auditing Tool 3.0.28 and 3.2.1.0 in the DNS Lookup tool allows attackers to execute arbitrary code via crafted input. PoC available.

DNS Buffer Overflow Nsauditor
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2020-37129 CRITICAL POC Act Now

Insecure folder permissions in MEmu Play 7.1.3 Android emulator allow low-privileged users to modify application binaries, enabling privilege escalation to SYSTEM. PoC available.

Privilege Escalation
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-69906 HIGH POC This Week

Monstra Cms versions up to 3.0.4 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

RCE Monstra Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-37117 HIGH POC This Week

Jizhicms versions up to 1.6.7 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

File Upload Jizhicms
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-68722 HIGH POC This Week

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes base64-encoded commands queued in the _s parameter immediately after administrator authentication. Attackers can craft malicious URLs that, when clicked by administrators, execute arbitrary adminis...

CSRF Axigen Mail Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2020-37142 HIGH POC This Week

10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. [CVSS 8.4 HIGH]

RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2020-37139 HIGH POC This Week

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. [CVSS 8.4 HIGH]

Buffer Overflow Denial Of Service
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2020-37151 HIGH POC This Week

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. [CVSS 8.2 HIGH]

PHP SQLi Phpmychat Plus
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2020-37149 HIGH POC This Week

Ew-7438Rpn Mini Firmware versions up to 1.27 is affected by cross-site request forgery (csrf) (CVSS 8.1).

CSRF Ew 7438rpn Mini Firmware
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2019-25271 HIGH POC This Week

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations. [CVSS 7.8 HIGH]

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2019-25269 HIGH POC This Week

Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations. [CVSS 7.8 HIGH]

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25288 HIGH POC This Week

Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots. [CVSS 7.8 HIGH]

Authentication Bypass
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25287 HIGH POC This Week

WCAssistantService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25283 HIGH POC This Week

Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25274 HIGH POC This Week

ScsiAccess service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25273 HIGH POC This Week

EasyRedirect service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25272 HIGH POC This Week

CCSrvProxy service contains a vulnerability that allows attackers to execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25286 HIGH POC This Week

gbClientService contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated privileges (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25285 HIGH POC This Week

ApHidMonitorService contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Information Disclosure
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25281 HIGH POC This Week

multiple Windows services contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25275 HIGH POC This Week

BartVPNService contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25267 HIGH POC This Week

Wing Ftp Server versions up to 6.0.7 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE Wing Ftp Server
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25276 HIGH POC This Week

FactoryTalk Activation Service contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37150 HIGH POC This Week

Ew-7438Rpn Mini Firmware versions up to 1.27 contains a vulnerability that allows attackers to access the /wizard_reboot (CVSS 7.5).

Information Disclosure Ew 7438rpn Mini Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-37143 HIGH POC This Week

ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. [CVSS 7.5 HIGH]

SCADA Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2020-37136 HIGH POC This Week

ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. [CVSS 7.5 HIGH]

SSH Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37134 HIGH POC This Week

UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37133 HIGH POC This Week

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Ultravnc
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70073 HIGH POC This Week

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function [CVSS 7.2 HIGH]

RCE Code Injection Chestnutcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2020-37130 MEDIUM POC This Month

Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. [CVSS 7.5 HIGH]

Denial Of Service Buffer Overflow Nsauditor
NVD Exploit-DB VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2020-37131 MEDIUM POC This Month

Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. [CVSS 6.2 MEDIUM]

Denial Of Service Buffer Overflow Product Key Explorer
NVD Exploit-DB VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2025-32393 MEDIUM POC PATCH This Month

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS vulnerability in ReadRSSFeedBlock. [CVSS 6.5 MEDIUM]

Denial Of Service AI / ML Autogpt Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2020-37128 MEDIUM POC This Month

ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. [CVSS 6.2 MEDIUM]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2020-37132 MEDIUM POC This Month

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. [CVSS 6.2 MEDIUM]

Denial Of Service Ultravnc
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2020-37137 MEDIUM POC This Month

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. [CVSS 6.1 MEDIUM]

PHP RCE Phpfusion
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-70792 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. [CVSS 6.1 MEDIUM]

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-70791 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. [CVSS 6.1 MEDIUM]

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2020-37152 MEDIUM POC This Month

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. [CVSS 6.1 MEDIUM]

PHP XSS Phpfusion
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23796 CRITICAL Act Now

Session fixation vulnerability in Quick.Cart allows attackers to set a user's session identifier before authentication. The session ID persists through login, enabling session hijacking of authenticated users.

Information Disclosure Quick.Cart
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24300 CRITICAL PATCH Act Now

Elevation of privilege vulnerability in Azure Front Door allows attackers to gain elevated access. Microsoft Azure cloud service vulnerability affecting CDN/WAF infrastructure.

Azure Azure Front Door
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37121 MEDIUM POC This Month

CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. [CVSS 5.5 MEDIUM]

RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-37127 MEDIUM POC PATCH This Month

Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. [CVSS 5.5 MEDIUM]

Buffer Overflow Denial Of Service Red Hat Suse
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-69619 MEDIUM POC This Month

A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. [CVSS 5.0 MEDIUM]

Denial Of Service Path Traversal My Teditor
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy