Skip to main content
CVE-2019-25614 CRITICAL POC Act Now

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Free Float Ftp
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2019-25613 HIGH POC This Week

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Easy Chat
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2019-25605 HIGH POC This Week

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2019-25607 HIGH POC This Week

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename.

Memory Corruption Buffer Overflow RCE Axessh
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25619 HIGH POC This Week

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Ftp Shell Server
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25615 HIGH POC This Week

Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field.

Memory Corruption Buffer Overflow RCE Lavavo Cd Ripper
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25611 HIGH POC This Week

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values.

Memory Corruption Buffer Overflow RCE Miniftp
NVD Exploit-DB GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25609 HIGH POC This Week

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers.

Memory Corruption Buffer Overflow RCE Server
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25604 HIGH POC This Week

DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files.

Memory Corruption Buffer Overflow RCE Dvdxplayer
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25603 HIGH POC This Week

TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string.

Memory Corruption Buffer Overflow RCE Tuneclone
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25608 HIGH POC This Week

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs.

Privilege Escalation RCE Iperius Backup
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25612 HIGH POC This Week

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field.

Memory Corruption Buffer Overflow RCE Admin Express
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-4558 HIGH POC This Week

OS command injection in Linksys MR9600 mesh router firmware 2.0.6.206937 allows authenticated remote attackers to execute arbitrary system commands with router privileges via crafted Smart Connect configuration parameters. The vulnerability exists in the SmartConnect.lua file's smartConnectConfigure function, which fails to sanitize user input in configApSsid, configApPassphrase, srpLogin, and srpPassword arguments before passing them to system commands. Publicly available exploit code exists (GitHub POC), but EPSS indicates low (0.15%) exploitation probability and CISA has not listed this in KEV, suggesting limited real-world targeting. Vendor (Linksys) did not respond to researcher disclosure.

Linksys Command Injection
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.2%
CVE-2026-4552 HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows remote attackers to achieve complete system compromise through manipulation of the page parameter in the VirtualSer handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access can execute arbitrary code with high impact on confidentiality, integrity, and availability.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4551 HIGH POC This Week

Tenda F453 version 1.0.0.3 contains a stack-based buffer overflow in the SafeClientFilter parameter handler that allows authenticated remote attackers to execute arbitrary code by manipulating the manufacturer/Go argument. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4535 HIGH POC This Week

Stack-based buffer overflow in Tenda FH451 1.0.0.9 allows authenticated remote attackers to achieve complete system compromise through crafted input to the WrlclientSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables attackers with valid credentials to execute arbitrary code with full system privileges.

Stack Overflow Tenda Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4534 HIGH POC This Week

Stack overflow in Tenda FH451 firmware version 1.0.0.9 allows authenticated remote attackers to execute arbitrary code through improper input validation in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires network access and valid credentials but can completely compromise the affected device's confidentiality, integrity, and availability.

Stack Overflow Tenda Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4555 HIGH POC This Week

Remote code execution in D-Link DIR-513 1.10 through stack-based buffer overflow in the /goform/formEasySetTimezone endpoint allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with valid credentials can exploit this remotely without user interaction to execute arbitrary commands with system privileges.

D-Link Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4553 HIGH POC This Week

Tenda F453 1.0.0.3 contains a stack-based buffer overflow in the Natlimit parameter handler that allows authenticated remote attackers to achieve full system compromise through a malicious page argument. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger the overflow to execute arbitrary code with high integrity and confidentiality impact.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2019-25610 HIGH POC This Week

NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences.

Path Traversal Netnumber Titan Enum Dns Np
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2019-25600 HIGH POC This Week

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field.

Memory Corruption Buffer Overflow Denial Of Service Ultravnc Viewer
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2019-25594 MEDIUM POC This Month

ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Asprunner Net
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25618 MEDIUM POC This Month

AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Adminexpress
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25617 MEDIUM POC This Month

Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ease Audio Converter
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25616 MEDIUM POC This Month

AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service File Upload Buffer Overflow Anming Mp3 Cd Burner
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25601 MEDIUM POC This Month

UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Ultravnc Launcher
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25599 MEDIUM POC This Month

Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Backup Key Recovery
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25598 MEDIUM POC This Month

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Microsoft Denial Of Service
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25597 MEDIUM POC This Month

NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Nsauditor
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25595 MEDIUM POC This Month

jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jetaudio
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25592 MEDIUM POC This Month

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Phprunner
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25591 MEDIUM POC This Month

DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Dnss Domain Name Search Software
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25590 MEDIUM POC This Month

Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Axessh
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25589 MEDIUM POC This Month

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Zoc Terminal
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25588 MEDIUM POC This Month

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bulletproof Ftp Server
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25587 MEDIUM POC This Month

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bulletproof Ftp Server
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25593 MEDIUM POC This Month

jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jetcast Server
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2019-25606 MEDIUM POC This Month

Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Fast Avi Mpeg Joiner
NVD Exploit-DB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2019-25602 MEDIUM POC This Month

GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gsearch
NVD Exploit-DB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2019-25596 MEDIUM POC This Month

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Spotauditor
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25586 MEDIUM POC This Month

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deluge
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25585 MEDIUM POC This Month

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deluge
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25584 MEDIUM POC This Month

RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Rarmaradio
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25583 MEDIUM POC This Month

RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Rarmaradio
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-4562 MEDIUM POC This Month

MacCMS version 2025.1000.4052 contains a missing authentication vulnerability in the Timming API endpoint (application/api/controller/Timming.php). An unauthenticated remote attacker can access protected functionality, potentially leading to unauthorized data access, modification, or service disruption. A public proof-of-concept exploit is available on GitHub, significantly increasing the risk of active exploitation in the wild.

PHP Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-4536 MEDIUM POC This Month

An unrestricted file upload vulnerability exists in Acrel Environmental Monitoring Cloud Platform version 1.1.0, allowing unauthenticated remote attackers to upload arbitrary files to the system. The vendor was notified but did not respond, and a public proof-of-concept exploit is available on GitHub. With a CVSS score of 7.3 and public exploit code, this presents an elevated risk for organizations using the affected platform.

File Upload Environmental Monitoring Cloud Platform
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4532 MEDIUM POC This Month

The Simple Food Ordering System through version 1.0 allows unauthenticated remote attackers to access sensitive database files through improper access controls in the Database Backup Handler component. Public exploit code exists for this vulnerability, which could enable attackers to retrieve database backups containing sensitive information. Configuration changes are recommended as no patch is currently available.

Path Traversal Information Disclosure Simple Food Ordering System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4540 MEDIUM POC This Month

SQL injection in projectworlds Online Notes Sharing System 1.0 allows unauthenticated remote attackers to manipulate the Benutzer parameter in /login.php, enabling unauthorized data access, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4314 HIGH This Week

The Ultimate WordPress Toolkit - WP Extended plugin for WordPress contains a privilege escalation vulnerability affecting all versions up to and including 3.2.4. Authenticated attackers with Subscriber-level access can exploit an insecure URL check to gain administrative capabilities, enabling them to modify WordPress options and create new administrator accounts. This is a critical vulnerability with a CVSS score of 8.8, requiring low attack complexity and no user interaction.

WordPress Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2580 HIGH This Week

A time-based SQL injection vulnerability exists in the WP Maps - Store Locator plugin for WordPress through version 4.9.1, allowing unauthenticated attackers to extract sensitive database information via the insufficiently sanitized 'orderby' parameter. With a CVSS score of 7.5 (High), this vulnerability requires no privileges or user interaction and can be exploited remotely over the network. No KEV listing or EPSS data is provided, but the vulnerability has been publicly disclosed by Wordfence with technical details and code references available.

WordPress SQLi Google
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy