Skip to main content
CVE-2025-24650 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server.15.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-50698 CRITICAL This Week

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Winet S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-50695 CRITICAL This Week

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Winet S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-50694 CRITICAL This Week

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Winet S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-56404 CRITICAL This Week

In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2025-22612 CRITICAL POC Act Now

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Coolify
NVD GitHub
CVSS 3.1
10.0
EPSS
0.5%
CVE-2025-22611 CRITICAL POC Act Now

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Coolify
NVD GitHub
CVSS 3.1
9.9
EPSS
0.5%
CVE-2025-22609 CRITICAL POC Act Now

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Coolify
NVD GitHub
CVSS 3.1
10.0
EPSS
0.5%
CVE-2024-13545 CRITICAL This Week

The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Path Traversal RCE WordPress +3
NVD
CVSS 3.1
9.8
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy