Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-69690
CRITICAL CVSS 9.1
Find Similar
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes t
CVE-2025-69691
CRITICAL CVSS 9.9
Find Similar
Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allo
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the Open
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this
If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or
CVE-2025-34061
CRITICAL CVSS 9.3
Find Similar
A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads
e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-controlled input in the `previous_steps` POST parameter using `unserialize(base64_
CVE-2024-40890
HIGH CVSS 8.8 KEV
Find Similar
**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file saniti
CVE-2018-25114
CRITICAL CVSS 9.3
Find Similar
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, t
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a
CVE-2025-30091
CRITICAL CVSS 9.4
Find Similar
In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-cont
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP modu
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later exe
Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Atta
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper val
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extensio
CVE-2025-44658
CRITICAL CVSS 9.8
Find Similar
In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malic
Page 1+ Next →