Skip to main content
CVE-2024-50603 CRITICAL POC KEV THREAT Emergency

Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996 contains an OS command injection via improper neutralization of special elements in the /v1/api endpoint, allowing unauthenticated remote code execution.

RCE Command Injection Controller
NVD
CVSS 3.1
10.0
EPSS
94.4%
Threat
7.8
CVE-2025-0282 CRITICAL POC KEV THREAT CERT-EU Emergency

Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated remote code execution, the second major Ivanti VPN zero-day in twelve months.

RCE Stack Overflow Buffer Overflow Ivanti Connect Secure +2
NVD GitHub Exploit-DB
CVSS 3.1
9.0
EPSS
94.1%
Threat
7.6
CVE-2024-11613 CRITICAL PATCH Act Now

The WordPress File Upload plugin through version 4.24.15 contains critical vulnerabilities in wfu_file_downloader.php enabling remote code execution, arbitrary file read, and arbitrary file deletion. The lack of proper sanitization on the source parameter combined with user-defined directory paths allows unauthenticated attackers to fully compromise the server.

PHP RCE Code Injection WordPress File Upload
NVD
CVSS 3.1
9.8
EPSS
66.1%
CVE-2024-11635 CRITICAL Act Now

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

RCE File Upload Code Injection WordPress
NVD
CVSS 3.1
9.8
EPSS
19.2%
CVE-2023-35685 HIGH POC This Week

In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-12585 MEDIUM POC This Month

The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Propertyhive
NVD WPScan
CVSS 3.1
6.1
EPSS
1.1%
CVE-2018-4301 CRITICAL Act Now

This issue is fixed in SCSSU-201801. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Smart Card Services
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-9939 HIGH PATCH This Week

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP File Upload WordPress Path Traversal
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-52955 MEDIUM This Month

Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52953 MEDIUM This Month

Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-53995 LOW POC Monitor

SickChill is an automatic video library manager for TV shows. Rated low severity (CVSS 1.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect
NVD GitHub
CVSS 4.0
1.9
EPSS
1.2%
CVE-2023-52954 MEDIUM This Month

Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-0283 HIGH CERT-EU This Month

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a. Rated high severity (CVSS 7.0). Epss exploitation probability 45.1% and no vendor patch available.

Stack Overflow Buffer Overflow Ivanti Connect Secure Neurons For Zero Trust Access +1
NVD
CVSS 3.1
7.0
EPSS
45.1%

Rejected reason: loading template... No vendor patch available.

Information Disclosure
NVD
CVE-2024-13193 MEDIUM POC This Month

A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Semcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13192 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Myblog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13191 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java Myblog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-22145 MEDIUM PATCH This Month

Carbon is an international PHP extension for DateTime. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE LFI PHP
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2024-54010 LOW Monitor

A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. Rated low severity (CVSS 3.4), this vulnerability is no authentication required. No vendor patch available.

Aruba Authentication Bypass Information Disclosure
NVD
CVSS 3.1
3.4
EPSS
0.0%
CVE-2024-52869 MEDIUM This Month

Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2024-13190 MEDIUM This Month

A vulnerability classified as critical was found in ZeroWdd myblog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-12431 MEDIUM POC Monitor

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-22143 MEDIUM POC This Month

WeGIA is a web manager for charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.6%
CVE-2025-0194 MEDIUM POC This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD

Rejected reason: reserved but not needed. No vendor patch available.

Information Disclosure
NVD
CVE-2024-13189 MEDIUM POC This Week

A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Myblog
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-22141 CRITICAL POC Act Now

WeGIA is a web manager for charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.4%
CVE-2025-22140 CRITICAL POC Act Now

WeGIA is a web manager for charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.4%
CVE-2025-22139 MEDIUM POC This Month

WeGIA is a web manager for charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.6%
CVE-2025-0291 HIGH PATCH This Month

Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.1% and no vendor patch available.

Google Memory Corruption RCE Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
12.1%
CVE-2024-54818 HIGH This Month

SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Computer Laboratory Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-53526 MEDIUM POC PATCH This Month

composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Composio
NVD GitHub
CVSS 3.1
6.4
EPSS
0.8%
CVE-2024-13188 MEDIUM POC Monitor

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Escan Anti Virus
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-21111 HIGH This Month

Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Dell Information Disclosure Vxrail D560 Firmware Vxrail D560F Firmware Vxrail E460 Firmware +39
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-6350 MEDIUM This Month

A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-56787 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56785 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Fix the dtc warnings:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56784 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Amd Memory Corruption Buffer Overflow Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-56783 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56782 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() acpi_dev_hid_match() does not check for adev == NULL,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56780 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56779 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur The action force umount(umount -f) will attempt to kill all rpc_task. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56778 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56777 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56776 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy