Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2012-10024 | XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files. | 7.1 | 1.06% | 2025-08-05 | 2026-06-16 |
| CVE-2012-10023 | A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication. | 6.9 | 1.67% | 2025-08-05 | 2026-06-16 |
| CVE-2012-10022 | Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication. | 8.5 | 0.44% | 2025-08-01 | 2026-06-16 |
| CVE-2012-10021 | A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device. | 9.3 | 2.96% | 2025-07-31 | 2026-06-16 |
| CVE-2012-10020 | The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to, and including, 0.4.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 9.8 | 2.87% | 2025-07-21 | 2026-06-16 |
| CVE-2012-10019 | The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 9.8 | 2.28% | 2025-07-19 | 2026-06-16 |
| CVE-2012-10018 | The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file. | 8.3 | 1.13% | 2024-10-16 | 2026-06-16 |
| CVE-2012-6664 | Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands. | 9.1 | 29.54% | 2024-06-21 | 2026-06-16 |
| CVE-2012-10017 | A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955. | 4.3 | 0.35% | 2023-12-26 | 2026-06-16 |
| CVE-2012-10016 | A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upg | 4.3 | 0.58% | 2023-10-16 | 2026-06-16 |
| CVE-2012-3788 | Rejected reason: This candidate is unused by its CNA. | N/A | 0.04% | 2023-09-14 | 2023-11-06 |
| CVE-2012-3787 | Rejected reason: This candidate is unused by its CNA. | N/A | 0.04% | 2023-09-14 | 2023-11-06 |
| CVE-2012-3786 | Rejected reason: This candidate is unused by its CNA. | N/A | 0.04% | 2023-09-14 | 2023-11-06 |
| CVE-2012-3785 | Rejected reason: This candidate is unused by its CNA. | N/A | 0.04% | 2023-09-14 | 2023-11-06 |
| CVE-2012-3784 | Rejected reason: This candidate is unused by its CNA. | N/A | 0.04% | 2023-09-14 | 2023-11-06 |
| CVE-2012-3783 | Rejected reason: This candidate is unused by its CNA. | N/A | 0.04% | 2023-09-14 | 2023-11-06 |
| CVE-2012-3782 | Rejected reason: This candidate is unused by its CNA. | N/A | 0.04% | 2023-09-14 | 2023-11-06 |
| CVE-2012-3781 | Rejected reason: This candidate is unused by its CNA. | N/A | 0.04% | 2023-09-14 | 2023-11-06 |
| CVE-2012-3780 | Rejected reason: This candidate is unused by its CNA. | N/A | 0.04% | 2023-09-14 | 2023-11-06 |
| CVE-2012-3779 | Rejected reason: This candidate is unused by its CNA. | N/A | 0.04% | 2023-09-14 | 2023-11-06 |