Skip to main content
CVE-2025-67038 CRITICAL POC KEV THREAT Emergency

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Code Injection RCE Eds5032 Firmware Eds5008 Firmware Eds5016 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
Threat
5.0
CVE-2019-25468 CRITICAL POC Act Now

RCE in NetGain EM Plus 10.1.68. PoC available.

RCE Code Injection
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2019-25471 CRITICAL POC Act Now

Arbitrary file upload in FileThingie 2.5.7 via ZIP archives. PoC available.

PHP File Upload Path Traversal
NVD GitHub Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2019-25487 CRITICAL POC Act Now

Command execution in SAPIDO RB-1732 V2.0.43 router. PoC available.

Authentication Bypass
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2018-25159 CRITICAL POC Act Now

OGNL injection in Epross AVCON6 management platform. PoC available.

Code Injection
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-31892 HIGH POC PATCH This Week

Authorization bypass in Argo Workflows (2.9.0 through 4.0.1 and 3.7.x before 3.7.11) lets any user permitted to submit Workflows override admin-defined WorkflowTemplate security controls by attaching a podSpecPatch to their submission. Because podSpecPatch is merged with Workflow-spec precedence and applied to the pod with no security validation, even controllers locked down with templateReferencing: Strict can be circumvented to run arbitrary pod settings such as privileged: true. Publicly available exploit code exists, but EPSS is low (0.04%) and it is not in CISA KEV.

Kubernetes Authentication Bypass Argo Workflows
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.0%
CVE-2019-25486 HIGH POC This Week

Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2019-25465 HIGH POC This Week

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. [CVSS 7.5 HIGH]

Path Traversal
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2019-25480 HIGH POC This Week

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. [CVSS 7.5 HIGH]

PHP RCE Path Traversal File Upload
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2019-25478 HIGH POC This Week

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Memory Corruption
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2019-25470 HIGH POC This Week

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. [CVSS 7.5 HIGH]

Authentication Bypass
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2019-25466 HIGH POC This Week

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. [CVSS 8.4 HIGH]

Buffer Overflow Memory Corruption RCE
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25483 HIGH POC This Week

Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). [CVSS 8.4 HIGH]

Authentication Bypass
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25467 HIGH POC This Week

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. [CVSS 8.4 HIGH]

Buffer Overflow Memory Corruption RCE
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-2413 HIGH POC This Week

Unauthenticated attackers can extract sensitive database information from WordPress sites running the Ally plugin (versions up to 4.0.3) through SQL injection in the URL parameter handling of the Remediation module. The vulnerability exists because user input is insufficiently sanitized before being concatenated into SQL queries, allowing time-based blind SQL injection attacks despite URL escaping being applied. No patch is currently available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-3805 HIGH POC PATCH This Week

Curl's SMB implementation contains a use-after-free vulnerability that causes denial of service when processing consecutive requests to the same host, as the library incorrectly dereferences freed memory on subsequent connections. Public exploit code exists for this vulnerability affecting Curl installations. An attacker can crash Curl-based applications or services by triggering multiple SMB requests, though remote code execution is not possible due to the nature of the memory corruption.

Use After Free Curl Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28229 HIGH POC PATCH This Week

Information disclosure in Argo Workflows before 4.0.2 and 3.7.11 lets any unauthenticated client read WorkflowTemplates and ClusterWorkflowTemplates by sending a bogus 'Authorization: Bearer nothing' token, leaking embedded Secret manifests and other sensitive template content. The CVSS 3.1 base score is 7.5 (confidentiality-only, network, no privileges) and publicly available exploit code exists, though EPSS is very low (0.04%) and it is not in CISA KEV, indicating no confirmed widespread exploitation yet.

Kubernetes Authentication Bypass Argo Workflows
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2019-25472 HIGH POC This Week

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. [CVSS 7.5 HIGH]

Information Disclosure
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2019-25485 MEDIUM POC This Month

R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. [CVSS 6.2 MEDIUM]

Buffer Overflow Memory Corruption Microsoft
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25484 MEDIUM POC This Month

WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service Memory Corruption
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25477 MEDIUM POC This Month

RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. [CVSS 6.2 MEDIUM]

Buffer Overflow Memory Corruption
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25476 MEDIUM POC This Month

Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service Memory Corruption Microsoft
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25475 MEDIUM POC This Month

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service Memory Corruption
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25469 MEDIUM POC This Month

Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service Memory Corruption
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25463 MEDIUM POC This Month

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service Memory Corruption
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25474 MEDIUM POC This Month

Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service Memory Corruption
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25464 MEDIUM POC This Month

InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. [CVSS 5.5 MEDIUM]

Buffer Overflow Denial Of Service
NVD Exploit-DB VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2026-3784 MEDIUM POC PATCH CISA This Month

curl's HTTP proxy connection reuse mechanism fails to validate credential changes, allowing an attacker to intercept or manipulate traffic by leveraging an existing proxy connection established with different authentication. This affects users whose applications reuse proxy connections across requests with varying credentials, enabling credential confusion attacks. Public exploit code exists for this vulnerability, though a patch is available.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27897 CRITICAL Act Now

Path traversal in Vociferous speech-to-text tool before 4.4.2. CVSS 10.0.

Path Traversal Vociferous
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.3%
CVE-2026-31957 CRITICAL Act Now

Default password in Himmelblau Azure Entra ID suite 3.0.0-3.0.x. CVSS 10.0.

Azure
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-31852 CRITICAL Act Now

Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.

Privilege Escalation RCE Apple iOS
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-66956 CRITICAL Act Now

Insecure access control in Asseco SEE Live 2.0. Remote access to attachments.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27591 CRITICAL PATCH Act Now

Access control bypass in Winter CMS before 1.0.477/1.1.12/1.2.12. CVSS 9.9.

PHP Laravel
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-31975 CRITICAL PATCH Act Now

OS command injection in Cloud CLI (Claude Code UI) before 1.25.0. EPSS 0.39%.

Command Injection Cloud Cli
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-3826 CRITICAL Act Now

LFI to RCE in IFTOP by WellChoose.

LFI PHP RCE Organization Portal System
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-2631 CRITICAL Act Now

Unauthenticated REST endpoint in Datalogics Ecommerce Delivery WordPress plugin before 2.6.60.

WordPress Privilege Escalation
NVD WPScan
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-32136 CRITICAL PATCH Act Now

Auth bypass in AdGuard Home before 0.107.73.

Authentication Bypass Adguardhome Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-31874 CRITICAL Act Now

Missing auth in Taskosaur project management 1.0.0.

Authentication Bypass Taskosaur
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70082 CRITICAL Act Now

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Command Injection RCE Eds3016Ps1Ns Firmware Eds3008Ps1Ns Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-30741 CRITICAL Act Now

RCE in OpenClaw Agent Platform v2026.2.6 via prompt injection.

RCE Code Injection Openclaw
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-23813 CRITICAL Act Now

Auth bypass in HPE Aruba AOS-CX switch web management.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-31840 CRITICAL PATCH Act Now

SQL injection in Parse Server before 9.6.0-alpha.2/8.6.28.

Node.js PostgreSQL SQLi Parse Server
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-67041 CRITICAL Act Now

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Command Injection Eds3016Ps1Ns Firmware Eds3008Ps1Ns Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31877 CRITICAL Act Now

SQL injection in Frappe framework before 15.84.0/14.99.0.

SQLi Frappe
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31896 CRITICAL Act Now

SQL injection in WeGIA before 3.6.6.

PHP SQLi Denial Of Service Information Disclosure Wegia
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31871 CRITICAL PATCH Act Now

SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31. Third Parse Server SQLi.

Node.js PostgreSQL SQLi Parse Server
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31856 CRITICAL PATCH Act Now

SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31.

Node.js PostgreSQL SQLi Parse Server
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-70041 CRITICAL Act Now

Hardcoded password in ThermaKube Kubernetes monitoring.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-70024 CRITICAL Act Now

SQL injection in generatedata 4.0.14.

SQLi
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-67035 CRITICAL Act Now

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Code Injection RCE Eds5032 Firmware Eds5008 Firmware Eds5016 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy