Skip to main content
CVE-2025-0349 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac6 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-12848 HIGH This Month

The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass WordPress
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2024-12542 HIGH This Week

The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.4% and no vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
8.6
EPSS
30.4%
CVE-2024-12330 HIGH This Month

The WP Database Backup - Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-43661 HIGH This Month

The <redacted>.so library, which is used by <redacted>, is vulnerable to a buffer overflow in the code that handles the deletion of certificates. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-43660 HIGH This Month

The CGI script <redacted>.sh can be used to download any file on the filesystem. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-43659 HIGH This Month

After gaining access to the firmware of a charging station, a file at <redacted> can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2024-43658 HIGH This Month

Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files Likelihood: High, but requires authentication Impact: Critical - The. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.2
EPSS
0.2%
CVE-2024-12805 HIGH This Month

A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-12803 HIGH This Month

A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2024-53706 HIGH This Month

A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-53705 HIGH This Month

A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-13206 HIGH This Month

A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-27980 HIGH POC PATCH This Month

Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Command Injection Red Hat Suse
NVD GitHub
CVSS 3.0
8.1
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy