Skip to main content
CVE-2025-22510 HIGH Act Now

Deserialization of Untrusted Data vulnerability in Konrad Karpieszuk WC Price History for Omnibus allows Object Injection.1.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.8% and no vendor patch available.

Deserialization
NVD
CVSS 3.1
7.2
EPSS
14.8%
CVE-2025-22537 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in traveller11 Google Maps Travel Route allows SQL Injection.3.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-22535 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jonathan Kern WPListCal allows SQL Injection.3.5. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-22505 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabaraj Chapagain NC Wishlist for Woocommerce allows SQL Injection.0.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-22508 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI Information Disclosure PHP
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2024-54887 HIGH This Week

TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow TP-Link Tl Wr940n Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.7%
CVE-2023-24012 HIGH This Week

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-24011 HIGH This Week

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-24010 HIGH This Week

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-1907 HIGH PATCH This Week

A vulnerability was found in pgadmin. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable.

Information Disclosure Pgadmin Suse
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-22527 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv allows SQL Injection.0.9. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2025-0306 HIGH PATCH This Week

A vulnerability was found in Ruby. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2025-22539 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ka2 Custom DataBase Tables allows Reflected XSS.1.34. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22361 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Opentracker Opentracker Analytics allows Reflected XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22345 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tobias Spiess TS Comfort DB allows Reflected XSS.0.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22331 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in P3JX Cf7Save Extension allows Reflected XSS. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22814 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Admin Theme allows Cross Site Request Forgery.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22595 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Khawaja Mailing Group Listserv allows Reflected XSS.0.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22594 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder - Sándor Fodor Better User Shortcodes allows Reflected XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22521 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Farrell wp Hosting Performance Check allows Reflected XSS.18.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22330 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Waghmare MG Parallax Slider allows Reflected XSS.0.. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22313 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22307 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeAstrology Team Product Table for WooCommerce allows Reflected XSS.5.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22295 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes - Tripetto allows. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-21380 HIGH This Month

Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Marketplace
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2025-21385 HIGH This Week

Microsoft Purview contains a server-side request forgery vulnerability that allows an authorized attacker to access internal network resources and disclose sensitive information. The SSRF enables reading internal service responses, accessing cloud metadata endpoints, and potentially pivoting to internal infrastructure.

Microsoft SSRF Purview
NVD
CVSS 3.1
8.8
EPSS
48.3%
CVE-2024-51229 HIGH POC This Week

Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Pb Cms
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-46464 HIGH This Month

In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13311 HIGH This Month

Vulnerability in Drupal Allow All File Extensions for file fields.*. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Allow All File Extensions For File Fields Drupal
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-13291 HIGH This Month

Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.X-1.0 before 7.X-1.4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Basic Http Authentication Drupal
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-56113 HIGH This Month

Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-13284 HIGH PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.0.0 before 2.13.0, from 3.0.0 before 3.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gutenberg Drupal
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-13282 HIGH PATCH This Month

Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.0.0 before 1.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Block Permissions Drupal
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-13276 HIGH This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.X-* before 7.X-2.39. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure File Entity Drupal
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-13267 HIGH This Month

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.X-1.0 before 7.X-1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection PHP Tincan Question Type Drupal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13265 HIGH PATCH This Month

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.0.0 before 3.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection PHP Learning Path Drupal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13260 HIGH PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.0.0 before 2.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Migrate Queue Importer Drupal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-21598 HIGH This Month

An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Juniper Junos Junos Os Evolved
NVD VulDB
CVSS 4.0
8.2
EPSS
0.6%
CVE-2024-13259 HIGH PATCH This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.0.0 before 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Image Sizes Drupal
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-13256 HIGH PATCH This Month

Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.0.0 before 2.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Email Contact Drupal
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-13255 HIGH This Month

Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.X-2.0 before 7.X-2.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Restful Web Services Drupal
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-13254 HIGH PATCH This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.0.0 before 3.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rest Views Drupal
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-13251 HIGH PATCH This Month

Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.0.0 before 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Registration Role Drupal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-13250 HIGH PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.0.0 before 1.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Drupal Symfony Mailer Lite Drupal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-13244 HIGH PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.0.0 before 6.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Migrate Tools Drupal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-13240 HIGH This Month

Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.0.0 before 12.05. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Open Social Drupal
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-21602 HIGH This Month

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-21600 HIGH This Month

An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Juniper Junos +1
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-21599 HIGH This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-21593 HIGH This Month

An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy