| CVE-2012-10037 | Cri | 0.68 | — | 0.63 | | Aug 11, 2025 | PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required. |
| CVE-2012-10046 | Cri | 0.68 | — | 0.53 | | Aug 8, 2025 | The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system. |
| CVE-2012-10041 | Cri | 0.68 | — | 0.58 | | Aug 8, 2025 | WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary named dosu, which is vulnerable to command injection via its first argument. An attacker can exploit both flaws in sequence to achieve full remote code execution and escalate privileges to root. |
| CVE-2014-125113 | Cri | 0.68 | — | 0.56 | | Aug 5, 2025 | An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible directory, which are later executed through inclusion in backend code that loads files under attacker-controlled paths. |
| CVE-2013-10049 | Cri | 0.68 | — | 0.55 | | Aug 1, 2025 | An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone parameter of a POST request, allowing remote attackers to inject arbitrary shell commands. |
| CVE-2014-125126 | Cri | 0.68 | — | 0.66 | | Jul 31, 2025 | An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise. |
| CVE-2014-125118 | Cri | 0.68 | — | 0.47 | | Jul 25, 2025 | A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary commands via a specially crafted password value. Successful exploitation results in remote code execution. Privilege escalation to root is possible by abusing the runasroot utility with mwconf-level privileges. |
| CVE-2014-125116 | Cri | 0.68 | — | 0.54 | | Jul 25, 2025 | A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated attacker can inject arbitrary PHP code into config.php, which is later executed when the file is loaded. This allows attackers to achieve remote code execution on the server. Exploitation of this issue will overwrite the existing configuration, rendering the application non-functional. |
| CVE-2015-10141 | Cri | 0.68 | — | 0.54 | | Jul 23, 2025 | An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user. |
| CVE-2025-34117 | Cri | 0.68 | — | 0.61 | | Jul 16, 2025 | A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability. |
| CVE-2025-47608 | Cri | 0.68 | 9.3 | 0.58 | | Jun 9, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows SQL Injection.This issue affects Recover abandoned cart for WooCommerce: from n/a through <= 2.5. |
| CVE-2025-4524 | Cri | 0.68 | 9.8 | 0.14 | | May 21, 2025 | The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. |
| CVE-2025-47577 | Cri | 0.68 | 10.0 | 0.40 | | May 19, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2. |
| CVE-2025-3605 | Cri | 0.68 | 9.8 | 0.13 | | May 9, 2025 | The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. |
| CVE-2024-12824 | Cri | 0.68 | 9.8 | 0.48 | | Mar 1, 2025 | The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and leverage that to gain access to their account. |
| CVE-2024-48445 | Cri | 0.68 | 9.8 | 0.12 | | Feb 4, 2025 | An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters. |
| CVE-2024-48841 | Cri | 0.68 | 10.0 | 0.04 | | Jan 27, 2025 | Network access can be used to execute arbitrary code with elevated privileges.
This
issue affects FLXEON 9.3.4 and older. |
| CVE-2024-29671 | Cri | 0.68 | 9.8 | 0.55 | | Dec 16, 2024 | Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. |
| CVE-2024-52429 | Cri | 0.68 | 9.9 | 0.41 | | Nov 18, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through <= 2.0. |
| CVE-2024-10586 | Cri | 0.68 | 9.8 | 0.59 | | Nov 9, 2024 | The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. CVE-2024-52416 may be a duplicate of this issue. |
| CVE-2024-50510 | Cri | 0.68 | 10.0 | 0.33 | | Oct 30, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through <= 6.3. |
| CVE-2024-50490 | Cri | 0.68 | 9.8 | 0.52 | | Oct 29, 2024 | Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through <= 1.0.2. |
| CVE-2024-50483 | Cri | 0.68 | 9.8 | 0.54 | | Oct 28, 2024 | Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1. |
| CVE-2024-45622 | Cri | 0.68 | 9.8 | 0.57 | | Sep 2, 2024 | ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. |
| CVE-2024-38944 | Cri | 0.68 | 9.8 | 0.10 | | Jul 22, 2024 | An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component. |
| CVE-2012-6664 | Cri | 0.68 | 9.1 | 0.73 | | Jun 21, 2024 | Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands. |
| CVE-2024-3080 | Cri | 0.68 | 9.8 | 0.54 | | Jun 14, 2024 | Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. |
| CVE-2024-27954 | Cri | 0.68 | 9.3 | 0.93 | | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. |
| CVE-2024-24882 | Cri | 0.68 | 9.8 | 0.48 | | May 17, 2024 | Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. |
| CVE-2024-3806 | Cri | 0.68 | 9.8 | 0.59 | | May 14, 2024 | The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. |
| CVE-2024-32709 | Cri | 0.68 | 9.3 | 0.93 | | Apr 24, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. |
| CVE-2024-3136 | Cri | 0.68 | 9.8 | 0.54 | | Apr 9, 2024 | The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. |
| CVE-2021-4374 | Cri | 0.68 | 9.1 | 0.75 | | Jun 7, 2023 | The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to arbitrarily update the settings of a vulnerable site and ultimately compromise the entire site. |
| CVE-2017-18001 | Cri | 0.68 | 9.8 | 0.21 | | Dec 31, 2017 | Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. |
| CVE-2017-17759 | Cri | 0.68 | 9.8 | 0.13 | | Dec 19, 2017 | Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service). |
| CVE-2017-17739 | Cri | 0.68 | 9.8 | 0.21 | | Dec 18, 2017 | The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. |
| CVE-2017-17672 | Cri | 0.68 | 9.8 | 0.15 | | Dec 14, 2017 | In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates. |
| CVE-2017-17111 | Cri | 0.68 | 9.8 | 0.18 | | Dec 11, 2017 | Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. |
| CVE-2017-17110 | Cri | 0.68 | 9.8 | 0.18 | | Dec 11, 2017 | Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. |
| CVE-2017-11282 | Cri | 0.68 | 9.8 | 0.21 | | Dec 1, 2017 | Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. |
| CVE-2017-16934 | Cri | 0.68 | 9.8 | 0.18 | | Nov 24, 2017 | The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter. |
| CVE-2017-15962 | Cri | 0.68 | 9.8 | 0.18 | | Oct 29, 2017 | iStock Management System 1.0 allows Arbitrary File Upload via user/profile. |
| CVE-2014-1203 | Cri | 0.68 | 9.8 | 0.56 | | Oct 24, 2017 | The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php. |
| CVE-2017-15220 | Cri | 0.68 | 9.8 | 0.12 | | Oct 11, 2017 | Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code. |
| CVE-2017-14702 | Cri | 0.68 | 9.8 | 0.12 | | Sep 30, 2017 | ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization. |
| CVE-2015-4073 | Cri | 0.68 | 9.8 | 0.10 | | Sep 20, 2017 | Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. |
| CVE-2015-3313 | Cri | 0.68 | 9.8 | 0.18 | | Sep 7, 2017 | SQL injection vulnerability in WordPress Community Events plugin before 1.4. |
| CVE-2017-9834 | Cri | 0.68 | 9.8 | 0.12 | | Sep 7, 2017 | SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php. |
| CVE-2017-12965 | Cri | 0.68 | 9.8 | 0.22 | | Aug 23, 2017 | Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. |
| CVE-2017-12787 | Cri | 0.68 | 9.8 | 0.19 | | Aug 22, 2017 | A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow. |
