Skip to main content
CVE-2025-22599 MEDIUM POC This Month

WeGIA is a web manager for charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.7%
CVE-2025-22598 HIGH POC This Week

WeGIA is a web manager for charitable institutions. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2025-22597 HIGH POC This Week

WeGIA is a web manager for charitable institutions. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2025-22596 MEDIUM POC This Month

WeGIA is a web manager for charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.7%
CVE-2025-22152 CRITICAL This Week

Atheos is a self-hosted browser-based cloud IDE. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD GitHub
CVSS 4.0
9.4
EPSS
0.1%
CVE-2024-56511 CRITICAL POC Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2024-50807 MEDIUM This Month

Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting (XSS) via file upload using the svg and pdf extensions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-46210 HIGH This Month

An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Redaxo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-29971 CRITICAL POC Act Now

Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected signals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Scone
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-29970 CRITICAL POC Act Now

Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads to state corruption via injected signals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-25371 HIGH POC This Month

Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from an Interface vulnerability due to mismatching SW signals vs HW exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-23022 MEDIUM POC PATCH Monitor

FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Freetype Red Hat Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-22946 CRITICAL POC Act Now

Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Buffer Overflow Ac9 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2024-57687 CRITICAL POC Act Now

An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP Land Record System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-57686 CRITICAL POC Act Now

A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Land Record System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-41787 CRITICAL This Week

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Doors Next
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-57823 CRITICAL POC PATCH Act Now

In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Raptor Rdf Syntax Library Red Hat Suse
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2024-57822 MEDIUM POC PATCH Monitor

In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal(). Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Raptor Rdf Syntax Library Red Hat Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-23016 CRITICAL PATCH This Week

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Suse
NVD GitHub
CVSS 3.1
9.3
EPSS
0.1%
CVE-2024-13318 MEDIUM This Month

The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Essential Wp Real Estate
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-13183 MEDIUM PATCH This Month

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Orbit Fox
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0311 MEDIUM PATCH This Month

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Orbit Fox PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy