Skip to main content
CVE-2025-69906 HIGH POC This Week

Monstra Cms versions up to 3.0.4 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

RCE Monstra Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-37117 HIGH POC This Week

Jizhicms versions up to 1.6.7 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

File Upload Jizhicms
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-68722 HIGH POC This Week

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes base64-encoded commands queued in the _s parameter immediately after administrator authentication. Attackers can craft malicious URLs that, when clicked by administrators, execute arbitrary adminis...

CSRF Axigen Mail Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2020-37142 HIGH POC This Week

10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. [CVSS 8.4 HIGH]

RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2020-37139 HIGH POC This Week

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. [CVSS 8.4 HIGH]

Buffer Overflow Denial Of Service
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2020-37151 HIGH POC This Week

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. [CVSS 8.2 HIGH]

PHP SQLi Phpmychat Plus
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2020-37149 HIGH POC This Week

Ew-7438Rpn Mini Firmware versions up to 1.27 is affected by cross-site request forgery (csrf) (CVSS 8.1).

CSRF Ew 7438rpn Mini Firmware
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2019-25271 HIGH POC This Week

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations. [CVSS 7.8 HIGH]

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2019-25269 HIGH POC This Week

Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations. [CVSS 7.8 HIGH]

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25288 HIGH POC This Week

Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots. [CVSS 7.8 HIGH]

Authentication Bypass
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25287 HIGH POC This Week

WCAssistantService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25283 HIGH POC This Week

Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25274 HIGH POC This Week

ScsiAccess service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25273 HIGH POC This Week

EasyRedirect service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25272 HIGH POC This Week

CCSrvProxy service contains a vulnerability that allows attackers to execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25286 HIGH POC This Week

gbClientService contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated privileges (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25285 HIGH POC This Week

ApHidMonitorService contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Information Disclosure
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25281 HIGH POC This Week

multiple Windows services contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25275 HIGH POC This Week

BartVPNService contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25267 HIGH POC This Week

Wing Ftp Server versions up to 6.0.7 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).

RCE Wing Ftp Server
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25276 HIGH POC This Week

FactoryTalk Activation Service contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Code Injection
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37150 HIGH POC This Week

Ew-7438Rpn Mini Firmware versions up to 1.27 contains a vulnerability that allows attackers to access the /wizard_reboot (CVSS 7.5).

Information Disclosure Ew 7438rpn Mini Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-37143 HIGH POC This Week

ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. [CVSS 7.5 HIGH]

SCADA Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2020-37136 HIGH POC This Week

ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. [CVSS 7.5 HIGH]

SSH Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37134 HIGH POC This Week

UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37133 HIGH POC This Week

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Ultravnc
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70073 HIGH POC This Week

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function [CVSS 7.2 HIGH]

RCE Code Injection Chestnutcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-15330 HIGH This Week

Tanium addressed an improper input validation vulnerability in Deploy. [CVSS 8.8 HIGH]

Authentication Bypass Deploy
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-15557 HIGH This Week

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. [CVSS 8.8 HIGH]

TP-Link Tapo P100 Firmware Tapo H100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-10314 HIGH This Week

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation directory with specially crafted files. As a result, the attacker may be able to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a Denial of Service (...

Windows Denial Of Service
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-13379 HIGH This Week

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. [CVSS 8.6 HIGH]

IBM SQLi Aspera Console
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-24302 HIGH PATCH This Week

Azure Arc Elevation of Privilege Vulnerability [CVSS 8.6 HIGH]

Microsoft Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-61732 HIGH PATCH This Week

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. [CVSS 8.6 HIGH]

Go Code Injection RCE
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-13192 HIGH This Week

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 8.2 HIGH]

WordPress SQLi PHP
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2026-21532 HIGH PATCH This Week

Azure Function Information Disclosure Vulnerability [CVSS 8.2 HIGH]

Azure Information Disclosure Azure Functions
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-68721 HIGH This Week

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). [CVSS 8.1 HIGH]

TLS Axigen Mail Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-15311 HIGH This Week

Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. [CVSS 7.8 HIGH]

RCE Tanos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1707 HIGH PATCH This Week

Command execution in pgAdmin 4 server mode allows authenticated attackers to bypass restore operation restrictions by extracting the restrict key during PLAIN-format dump file operations and injecting malicious payloads to re-enable meta-commands. An attacker with web interface access can race the restore process in real time to achieve reliable code execution on the pgAdmin host. No patch is currently available for this vulnerability.

Authentication Bypass Pgadmin 4 Suse
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-11730 HIGH This Week

A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50(W) series firmware versions from V5.35 through V5.41, and USG20(W)-VPN series firmware versions from V5.35 through V5.41 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device by supplying a specially crafted string as an argument to the CLI command. [CVSS 7.2 HIGH]

Zyxel DNS Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-23572 HIGH This Week

Improper access control in TeamViewer clients (Windows, macOS, Linux) before version 15.74.5 permits authenticated remote users to circumvent confirmation-based access restrictions during active sessions. An attacker with valid remote session credentials can gain unauthorized access without triggering the expected local confirmation prompt, requiring only prior authentication via ID/password, session link, or Easy Access.

Linux Windows macOS
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-1294 HIGH This Week

All In One Image Viewer Block (WordPress plugin) is affected by server-side request forgery (ssrf) (CVSS 7.2).

WordPress SSRF
NVD
CVSS 3.1
7.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy