Skip to main content
CVE-2021-4434 CRITICAL POC Act Now

Remote code execution in the Social Warfare WordPress plugin (versions ≤ 3.5.2) allows unauthenticated attackers to run arbitrary code on the server via the 'swp_url' parameter. Publicly available exploit code exists and the issue carries a maximum CVSS 10.0 with scope change, while the EPSS score of 7.99% (92nd percentile) signals meaningfully elevated exploitation interest. The flaw was reported by Wordfence and primarily threatens WordPress sites still running this abandoned/legacy plugin version.

RCE Code Injection WordPress Social Warfare
NVD
CVSS 3.1
10.0
EPSS
8.0%
CVE-2024-0649 CRITICAL Act Now

A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical.php of the component Search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Zhihuiyun
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0648 CRITICAL Act Now

A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Yunyou Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-20272 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco File Upload Unity Connection
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-0643 CRITICAL Act Now

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Live Encoder
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-0642 CRITICAL Act Now

Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Live Encoder
NVD
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy