Skip to main content
CVE-2024-50603 CRITICAL POC KEV THREAT Emergency

Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996 contains an OS command injection via improper neutralization of special elements in the /v1/api endpoint, allowing unauthenticated remote code execution.

RCE Command Injection Controller
NVD
CVSS 3.1
10.0
EPSS
94.4%
Threat
7.8
CVE-2025-0282 CRITICAL POC KEV THREAT CERT-EU Emergency

Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated remote code execution, the second major Ivanti VPN zero-day in twelve months.

RCE Stack Overflow Buffer Overflow Ivanti Connect Secure +2
NVD GitHub Exploit-DB
CVSS 3.1
9.0
EPSS
94.1%
Threat
7.6
CVE-2024-11613 CRITICAL PATCH Act Now

The WordPress File Upload plugin through version 4.24.15 contains critical vulnerabilities in wfu_file_downloader.php enabling remote code execution, arbitrary file read, and arbitrary file deletion. The lack of proper sanitization on the source parameter combined with user-defined directory paths allows unauthenticated attackers to fully compromise the server.

PHP RCE Code Injection WordPress File Upload
NVD
CVSS 3.1
9.8
EPSS
66.1%
CVE-2024-11635 CRITICAL Act Now

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

RCE File Upload Code Injection WordPress
NVD
CVSS 3.1
9.8
EPSS
19.2%
CVE-2018-4301 CRITICAL Act Now

This issue is fixed in SCSSU-201801. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Smart Card Services
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-22141 CRITICAL POC Act Now

WeGIA is a web manager for charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.4%
CVE-2025-22140 CRITICAL POC Act Now

WeGIA is a web manager for charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.4%
CVE-2025-22137 CRITICAL This Week

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-54676 CRITICAL PATCH This Week

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Openmeetings
NVD
CVSS 3.1
9.8
EPSS
6.1%
CVE-2024-11350 CRITICAL This Week

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Adforest
NVD
CVSS 3.1
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy