Skip to main content
CVE-2026-27180 CRITICAL POC THREAT Emergency

MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method without authentication due to improper use of gr() (which reads from $_REQUEST), allowing attackers to redirect update URLs and push malicious code packages.

PHP TLS RCE Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
61.8%
Threat
5.3
CVE-2026-27174 CRITICAL POC THREAT Emergency

MajorDoMo home automation platform allows unauthenticated remote code execution through the admin panel's PHP console. An include order bug in panel.class.php causes execution to continue past a redirect() call that lacks an exit statement, allowing unauthenticated requests to reach the PHP code execution functionality in inc_panel_ajax.php.

PHP RCE Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
60.3%
Threat
5.3
CVE-2026-27175 CRITICAL POC THREAT Emergency

Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available.

PHP RCE Command Injection Race Condition Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
41.7%
Threat
4.7
CVE-2026-2329 CRITICAL POC PATCH THREAT Act Now

Unauthenticated stack-based buffer overflow in /cgi-bin/api.values.get HTTP API endpoint. EPSS 41.1% indicates very high exploitation probability. Patch available.

RCE Buffer Overflow Stack Overflow Gxp1628 Firmware Gxp1630 Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
41.1%
Threat
4.7
CVE-2025-65791 CRITICAL POC Act Now

Command injection in ZoneMinder v1.36.34 video surveillance system via web/views/image.php. Unsanitized user input enables unauthenticated remote code execution. PoC available.

PHP Command Injection Zoneminder
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-70150 CRITICAL POC Act Now

Missing authentication in CodeAstro Membership Management System 1.0 delete_members.php allows unauthenticated deletion of member records. PoC available.

PHP Membership Management System
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2019-25364 CRITICAL POC Act Now

Buffer overflow in MailCarrier 2.51 POP3 server via USER command allows remote attackers to execute arbitrary code. Network-exploitable without authentication. PoC available.

Buffer Overflow Mailcarrier
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2019-25361 CRITICAL POC Act Now

Buffer overflow in Ayukov NFTP client 1.71 in SYST command handling allows remote FTP servers to execute arbitrary code on connecting clients. PoC available.

DNS Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2019-25365 CRITICAL POC Act Now

Buffer overflow in ChaosPro 2.0 fractal generator via configuration file path handling allows code execution through crafted configuration files. PoC available.

Windows RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-70998 CRITICAL POC Act Now

Insecure default telnet credentials in UTT HiPER 810 router firmware v1.5.0. Default credentials are publicly known, enabling unauthenticated access to the router management. PoC available.

Information Disclosure 810 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-70152 CRITICAL POC Act Now

SQL injection in code-projects Community Project Scholars Tracking System 1.0 admin user management. Allows database compromise via admin panel. PoC available.

PHP SQLi Scholars Tracking System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2019-25362 CRITICAL POC Act Now

Buffer overflow in WMV to AVI MPEG DVD Convertor 4.6.1217 allows code execution via crafted media files. PoC available.

DNS Buffer Overflow Stack Overflow Wmv To Avi Mpeg Dvd Wmv Convertor
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70149 CRITICAL POC Act Now

SQL injection in CodeAstro Membership Management System 1.0 via ID parameter in print_membership_card.php enables unauthenticated database access. PoC available.

PHP SQLi Membership Management System
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-70141 CRITICAL POC Act Now

Incorrect access control in SourceCodester Customer Support System 1.0 allows unauthenticated access to AJAX dispatcher, enabling full system compromise. PoC available.

PHP Customer Support System
NVD
CVSS 3.1
9.4
EPSS
0.4%
CVE-2026-25548 CRITICAL POC PATCH Act Now

Remote Code Execution in InvoicePlane self-hosted invoicing application through code injection. PoC and patch available.

PHP RCE LFI Invoiceplane
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-70146 CRITICAL POC Act Now

Missing authentication on multiple admin action scripts in ProjectWorlds Online Time Table Generator allows unauthenticated users to perform administrative operations. PoC available.

Authentication Bypass Online Time Table Generator
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-14009 HIGH POC PATCH GHSA This Week

Arbitrary code execution in the NLTK (Natural Language Toolkit) Python library affects all versions through its data downloader: the _unzip_iter function in nltk/downloader.py calls zipfile.extractall() with no path validation, so a malicious data package can drop attacker-controlled Python files (e.g. __init__.py) that execute automatically on import. Any application that downloads NLTK data from an attacker-influenced source is exposed to full remote code execution. Publicly available exploit code exists (huntr.com bounty), EPSS is modest at 0.57% (68th percentile), and there is no public exploit identified as actively exploited in CISA KEV.

Python RCE Nltk Code Injection
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-70151 HIGH POC This Week

Scholars Tracking System versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE Scholars Tracking System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-70064 HIGH POC This Week

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. [CVSS 8.8 HIGH]

Privilege Escalation Hospital Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2019-25351 HIGH POC This Week

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. [CVSS 8.8 HIGH]

Authentication Bypass
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2019-25360 HIGH POC This Week

Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. [CVSS 9.8 CRITICAL]

RCE Buffer Overflow Stack Overflow Aida64
NVD Exploit-DB VulDB
CVSS 4.0
8.4
EPSS
0.2%
CVE-2019-25357 HIGH POC This Week

Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). [CVSS 8.4 HIGH]

Windows Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-27179 HIGH POC This Week

Unauthenticated SQL injection in MajorDoMo's commands module allows remote attackers to extract database contents including unsalted MD5 password hashes without authentication, enabling credential compromise and admin panel access. The vulnerability stems from unsanitized $_GET parameters in SQL queries accessible via the /objects/?module=commands endpoint, and public exploit code is available. Affected versions lack a patch and impact both MajorDoMo and PHP installations running this software.

PHP SQLi Majordomo
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25359 HIGH POC This Week

SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. [CVSS 8.2 HIGH]

.NET SQLi Information Disclosure
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2019-25355 HIGH POC This Week

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. [CVSS 7.5 HIGH]

Path Traversal Gsoap Suse
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-25352 HIGH POC This Week

Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. [CVSS 7.5 HIGH]

Windows Path Traversal
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-70147 HIGH POC This Week

Online Time Table Generator versions up to 1.0 is affected by missing authentication for critical function (CVSS 7.5).

PHP Online Time Table Generator
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-23491 HIGH POC PATCH This Week

Unauthenticated attackers can read arbitrary files from InvoicePlane servers through path traversal in the Guest controller's file retrieval function, potentially exposing database credentials and other sensitive configuration data. This vulnerability affects InvoicePlane versions up to 1.6.3 and has public exploit code available. Version 1.6.4 resolves the issue.

Path Traversal Invoiceplane
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2019-25401 HIGH POC This Week

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70148 HIGH POC This Week

Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR). [CVSS 7.5 HIGH]

PHP Membership Management System
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-22860 HIGH POC PATCH This Week

Directory traversal in Rack versions prior to 2.2.22, 3.1.20, and 3.2.5 allows unauthenticated remote attackers to list directories outside the configured root by exploiting a string prefix matching flaw in path validation. An attacker can craft requests with path traversal sequences to enumerate sensitive directories if the target path shares a common prefix with the configured root directory. Public exploit code exists for this vulnerability.

Rack Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2019-25358 HIGH POC This Week

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2019-25353 HIGH POC This Week

Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2019-25349 HIGH POC This Week

ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices. [CVSS 7.5 HIGH]

SCADA Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27181 HIGH POC This Week

Unauthenticated module deletion in Majordomo's market module allows remote attackers to completely disable installations through a series of GET requests. The vulnerability stems from improper authentication checks that expose the uninstall functionality without requiring credentials, enabling attackers to iteratively remove all modules and associated files. Public exploit code exists for this high-severity flaw, and no patch is currently available.

Authentication Bypass Majordomo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2019-25350 HIGH POC This Week

XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2019-25354 HIGH POC This Week

iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2019-25363 HIGH POC This Week

Wmv To Avi Mpeg Dvd Wmv Convertor versions up to 4.6.1217 is affected by stack-based buffer overflow (CVSS 7.5).

Buffer Overflow Denial Of Service Wmv To Avi Mpeg Dvd Wmv Convertor
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-1368 HIGH POC This Week

Video Conferencing with Zoom WordPre versions up to 4.6.6 is affected by improper authentication (CVSS 7.5).

WordPress Zoom
NVD WPScan
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27178 HIGH POC This Week

MajorDomo's shoutbox feature is vulnerable to stored XSS due to unsanitized user input in the /objects/?method= endpoint, allowing unauthenticated attackers to inject malicious scripts that persist in the database. When administrators access the auto-refreshing dashboard, the stored payload executes automatically, enabling session hijacking and cookie theft. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP XSS Majordomo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-27177 HIGH POC This Week

MajorDoMo's unauthenticated /objects/?op=set endpoint fails to sanitize property values, allowing remote attackers to inject stored XSS payloads that execute when administrators access the property editor, with public exploit code available. The vulnerability is compounded by session cookies lacking HttpOnly protection, enabling attackers to enumerate properties via the /api.php/data/ endpoint and hijack admin sessions through JavaScript exfiltration.

PHP IoT XSS Majordomo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-65519 MEDIUM POC This Month

mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. [CVSS 6.5 MEDIUM]

Denial Of Service Ezbookkeeping
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-70063 MEDIUM POC This Month

Hospital Management System versions up to 4.0 is affected by authorization bypass through user-controlled key (CVSS 6.5).

Authentication Bypass Hospital Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-70062 MEDIUM POC This Month

Hospital Management System versions up to 4.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

PHP CSRF Hospital Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2019-25399 MEDIUM POC This Month

IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. [CVSS 6.4 MEDIUM]

XSS Ipfire
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25326 MEDIUM POC This Month

ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content. [CVSS 6.2 MEDIUM]

Denial Of Service Ippulse
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25398 MEDIUM POC This Month

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. [CVSS 6.1 MEDIUM]

XSS Ipfire
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25397 MEDIUM POC This Month

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. [CVSS 6.1 MEDIUM]

XSS Ipfire
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25396 MEDIUM POC This Month

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. [CVSS 6.1 MEDIUM]

XSS Ipfire
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25356 MEDIUM POC This Month

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. [CVSS 6.1 MEDIUM]

XSS
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy