Skip to main content
CVE-2024-57727 HIGH POC KEV THREAT Act Now

SimpleHelp remote support software contains multiple path traversal vulnerabilities allowing unauthenticated remote attackers to download arbitrary files including server configuration and hashed passwords.

Path Traversal Simplehelp
NVD
CVSS 3.1
7.5
EPSS
94.0%
Threat
7.3
CVE-2024-57728 HIGH POC KEV THREAT Act Now

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD VulDB
CVSS 3.1
7.2
EPSS
1.1%
Threat
4.5
CVE-2025-22736 HIGH This Week

Incorrect Privilege Assignment vulnerability in WPExperts User Management allows Privilege Escalation.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2020-8094 HIGH This Week

An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Antivirus 2020
NVD
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-22784 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Johan Ström Background Control allows Path Traversal.0.5. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-22799 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.1.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2024-40771 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Authentication Bypass Apple
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27856 HIGH PATCH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22786 HIGH This Week

Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.2.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP Elementor
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-22755 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in James Bavington WP Headmaster allows Reflected XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-22750 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tarak Patel Post Carousel & Slider allows Reflected XSS.0.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22778 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lijit Networks Inc. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22776 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jay Carter WP Bulletin Board allows Reflected XSS.1.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22766 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masoud Amini Zarinpal Paid Download allows Reflected XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22765 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uri Weil WP Order By allows Reflected XSS.4.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22764 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpwebs Team - VA Jariwala WP Post Corrector allows Reflected XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22795 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thorsten Krug Multilang Contact Form allows Reflected XSS.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22760 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard Help Desk allows Reflected XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22793 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea allows DOM-Based XSS.1.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22751 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mighty Digital Partners allows Reflected XSS.2.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22317 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in galleryape Photo Gallery - Image Gallery by Ape allows Reflected XSS.2.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22752 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.0.11. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22753 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dueclic turboSMTP allows Reflected XSS.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22754 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berkman Center for Internet & Society Amber allows Reflected XSS.4.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22976 HIGH This Month

SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

PHP RCE SQLi
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22964 HIGH This Month

DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.6% and no vendor patch available.

Authentication Bypass SQLi Cm3 Acora Content Management System
NVD GitHub
CVSS 3.1
8.1
EPSS
12.6%
CVE-2025-0492 HIGH POC This Week

A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dir 823x Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-48125 HIGH This Month

An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-48123 HIGH This Month

An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-0501 HIGH This Month

An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.7
EPSS
0.3%
CVE-2025-0500 HIGH This Month

An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.7
EPSS
0.4%
CVE-2024-52005 HIGH PATCH This Month

Git is a source code management tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Git Red Hat Suse
NVD GitHub
CVSS 4.0
7.5
EPSS
0.4%
CVE-2024-7085 HIGH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Solutions Business Manager (SBM) allows Stored XSS. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
8.2
EPSS
0.2%
CVE-2024-57022 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-57021 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-57020 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-57019 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-57018 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-57017 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-57016 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-57015 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-57014 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-57013 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2024-57012 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2024-57011 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-50954 HIGH This Month

The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-50953 HIGH This Month

An issue in XINJE XL5E-16T V3.7.2a allows attackers to cause a Denial of Service (DoS) via a crafted Modbus message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-8603 HIGH This Month

A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2024-47140 HIGH POC This Week

A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Observium
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-47002 HIGH POC This Week

A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Observium
NVD
CVSS 3.1
8.7
EPSS
8.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy