Skip to main content
CVE-2025-0199 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Point of Sales and Inventory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Point Of Sales And Inventory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-55897 MEDIUM Monitor

IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Powerha System Mirror
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-55896 MEDIUM This Month

IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-12237 MEDIUM Monitor

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.15 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-11733 HIGH This Month

The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection WordPress
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2025-22376 MEDIUM This Month

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-13129 HIGH POC This Week

A vulnerability was found in Roxy-WI up to 8.1.3. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
4.2%
CVE-2025-0198 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Point of Sales and Inventory Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Point Of Sales And Inventory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2024-56332 MEDIUM PATCH This Month

Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Next.js Vercel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-0197 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Point of Sales and Inventory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Point Of Sales And Inventory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0196 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Point of Sales and Inventory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Point Of Sales And Inventory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0195 MEDIUM POC This Month

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Point Of Sales And Inventory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-56412 MEDIUM POC PATCH Monitor

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-56411 MEDIUM POC PATCH Monitor

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 4.0
4.8
EPSS
0.9%
CVE-2024-56410 MEDIUM POC PATCH Monitor

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 4.0
4.8
EPSS
0.7%
CVE-2024-36613 MEDIUM PATCH This Month

FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ffmpeg Red Hat Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-35365 HIGH PATCH This Month

FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg Red Hat Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21610 MEDIUM PATCH This Month

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-21609 HIGH POC PATCH This Week

SiYuan is self-hosted, open source personal knowledge management software. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Siyuan Suse
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-56514 MEDIUM PATCH This Month

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Suse
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-56513 HIGH PATCH This Month

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Suse
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-56409 HIGH POC PATCH This Week

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 4.0
8.3
EPSS
0.7%
CVE-2024-56366 HIGH POC PATCH This Week

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 4.0
8.3
EPSS
0.9%
CVE-2024-56365 HIGH POC PATCH This Week

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 4.0
8.3
EPSS
0.7%
CVE-2024-56408 HIGH POC PATCH This Week

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 4.0
8.3
EPSS
1.0%
CVE-2024-56324 LOW PATCH Monitor

GoCD is a continuous deliver server. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE SSRF Information Disclosure Path Traversal Gocd
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2024-56322 LOW PATCH Monitor

GoCD is a continuous deliver server. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Gocd
NVD GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2024-56321 LOW PATCH Monitor

GoCD is a continuous deliver server. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gocd
NVD GitHub
CVSS 3.1
3.8
EPSS
0.7%
CVE-2024-56320 CRITICAL PATCH This Week

GoCD is a continuous deliver server. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Privilege Escalation Gocd
NVD GitHub
CVSS 4.0
9.4
EPSS
0.7%
CVE-2024-55507 CRITICAL POC Act Now

An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Complaint Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-5591 MEDIUM Monitor

IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Foundation
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-55078 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Java
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-48814 HIGH POC PATCH This Month

SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType parameter of the findbywhereclause function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Silverpeas
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-41780 MEDIUM Monitor

IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Jazz Foundation
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2024-9140 CRITICAL This Week

Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-9138 HIGH This Month

Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2024-12132 MEDIUM PATCH Monitor

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Wp Job Portal
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2025-22275 CRITICAL This Week

iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Iterm2
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2024-53842 CRITICAL This Week

In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Android Google
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2024-53841 HIGH This Month

In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-53840 HIGH This Month

there is a possible biometric bypass due to an unusual root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-53839 MEDIUM This Month

In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-53838 HIGH This Month

In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-53837 HIGH This Month

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-53836 MEDIUM This Month

In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-53835 HIGH This Month

there is a possible biometric bypass due to an unusual root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-53834 HIGH This Month

In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-53833 HIGH This Month

In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-47032 HIGH This Month

In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-11624 HIGH This Month

there is a possible to add apps to bypass VPN due to Undeclared Permission . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy