Skip to main content
CVE-2023-35685 HIGH POC This Week

In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-9939 HIGH PATCH This Week

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP File Upload WordPress Path Traversal
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2025-0283 HIGH CERT-EU This Month

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a. Rated high severity (CVSS 7.0). Epss exploitation probability 45.1% and no vendor patch available.

Stack Overflow Buffer Overflow Ivanti Connect Secure Neurons For Zero Trust Access +1
NVD
CVSS 3.1
7.0
EPSS
45.1%
CVE-2025-0291 HIGH PATCH This Month

Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.1% and no vendor patch available.

Google Memory Corruption RCE Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
12.1%
CVE-2024-54818 HIGH This Month

SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Computer Laboratory Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-21111 HIGH This Month

Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Dell Information Disclosure Vxrail D560 Firmware Vxrail D560F Firmware Vxrail E460 Firmware +39
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-56784 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Amd Memory Corruption Buffer Overflow Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-56775 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why] The mechanism to backup and restore plane states doesn't maintain refcount,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Amd Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-56772 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: kunit: string-stream: Fix a UAF bug in kunit_init_suite() In kunit_debugfs_create_suite(), if alloc_string_stream() fails in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Use After Free Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-51442 HIGH This Week

Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 32.7% and no vendor patch available.

Command Injection Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
32.7%
CVE-2025-22136 HIGH This Month

Tabby (formerly Terminus) is a highly configurable terminal emulator. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2024-55656 HIGH This Month

RedisBloom adds a set of probabilistic data structures to Redis. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.1% and no vendor patch available.

Redis Integer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
13.1%
CVE-2024-55517 HIGH This Month

An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-51737 HIGH This Month

RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. Rated high severity (CVSS 7.0). No vendor patch available.

Heap Overflow Redis Buffer Overflow RCE
NVD GitHub
CVSS 3.1
7.0
EPSS
1.5%
CVE-2024-51480 HIGH This Month

RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Rated high severity (CVSS 7.0). No vendor patch available.

Heap Overflow Redis Buffer Overflow RCE
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%
CVE-2025-21102 HIGH This Month

Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Dell Information Disclosure Vxrail D560 Firmware Vxrail D560F Firmware Vxrail E460 Firmware +39
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-11423 HIGH This Month

The Ultimate Gift Cards for WooCommerce - Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.7% and no vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
20.7%
CVE-2024-12854 HIGH This Month

The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.

RCE File Upload WordPress
NVD
CVSS 3.1
8.8
EPSS
15.1%
CVE-2024-12853 HIGH This Month

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.4% and no vendor patch available.

RCE File Upload WordPress Modula Image Gallery
NVD
CVSS 3.1
8.8
EPSS
12.4%
CVE-2024-45033 HIGH PATCH This Month

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider.5.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Apache Airflow Providers Fab
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-11939 HIGH This Month

The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-11271 HIGH PATCH This Month

The WordPress Webinar Plugin - WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Webinarpress
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-11270 HIGH PATCH This Month

The WordPress Webinar Plugin - WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

RCE Authentication Bypass WordPress Webinarpress
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2024-56451 HIGH This Month

Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-11916 HIGH PATCH This Month

The The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

RCE Authentication Bypass WordPress Wp Extended
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2024-11816 HIGH PATCH This Month

The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.1%.

RCE Authentication Bypass WordPress Ultimate Wordpress Toolkit
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2024-56447 HIGH This Month

Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-56444 HIGH This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-56439 HIGH This Month

Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy