Skip to main content
CVE-2025-21101 MEDIUM This Month

Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Race Condition Information Disclosure Display Manager
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-23013 HIGH PATCH This Month

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Apple macOS Suse
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2024-13334 MEDIUM This Month

The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_condition' parameter in all versions up to, and including, 1.8.1 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2025-0343 HIGH This Month

Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-22997 MEDIUM POC Monitor

A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys XSS E5600 Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-22996 MEDIUM POC Monitor

A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys XSS E5600 Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-57767 HIGH POC This Week

MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mysiteforme
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2024-57766 CRITICAL POC Act Now

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Mysiteforme
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-57765 HIGH POC This Month

MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mysiteforme
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57764 CRITICAL POC Act Now

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Mysiteforme
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-57763 CRITICAL POC Act Now

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Mysiteforme
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-57762 HIGH POC This Month

MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Mysiteforme
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-57761 HIGH POC This Week

An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Jeewms
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-57760 MEDIUM POC This Week

JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeewms
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-57757 HIGH POC This Month

JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jeewms
NVD
CVSS 3.1
7.5
EPSS
0.1%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy