Skip to main content
CVE-2023-6825 CRITICAL POC PATCH Act Now

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Path Traversal File Manager
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
3.7%
CVE-2024-28194 CRITICAL POC Act Now

your_spotify is an open source, self hosted Spotify tracking dashboard. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Your Spotify
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-0799 CRITICAL POC Act Now

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Udp
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2024-2418 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Best POS Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best Pos Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1071 CRITICAL POC PATCH THREAT Act Now

The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Ultimate Member
NVD GitHub
CVSS 3.1
9.8
EPSS
89.4%
CVE-2024-2413 CRITICAL Act Now

A critical authentication bypass vulnerability exists in Intumit SmartRobot due to the use of a hard-coded encryption key. Remote unauthenticated attackers can leverage this fixed key to forge authentication tokens by encrypting user credentials and timestamps, gaining full administrative access to the system. Once authenticated, attackers can execute arbitrary code on the server through built-in system functionality, achieving complete system compromise.

RCE Smartrobot
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-2172 CRITICAL Act Now

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-25250 CRITICAL Act Now

SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Agro School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25153 CRITICAL Act Now

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Filecatalyst Workflow
NVD GitHub
CVSS 3.1
9.8
EPSS
41.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy