Skip to main content
CVE-2025-24367 HIGH POC PATCH THREAT Act Now

Cacti monitoring platform prior to version 1.2.29 allows authenticated users to achieve remote code execution through the graph creation and template functionality. Attackers abuse the graphing engine to create arbitrary PHP scripts in the web root, escalating from monitoring access to full server control.

RCE PHP Cacti Suse
NVD GitHub
CVSS 4.0
8.7
EPSS
90.5%
Threat
6.0
CVE-2025-24085 CRITICAL POC KEV THREAT Emergency

Apple CoreMedia contains a use-after-free vulnerability allowing malicious applications to elevate privileges, exploited in the wild against iOS versions before iOS 17.2 as part of targeted surveillance operations.

Memory Corruption Use After Free Apple Denial Of Service
NVD GitHub Exploit-DB VulDB
CVSS 3.1
10.0
EPSS
25.2%
Threat
5.8
CVE-2024-48419 HIGH POC This Week

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6476Ac Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2024-48420 HIGH POC This Week

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Br 6476Ac Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-48416 HIGH POC This Week

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Br 6476Ac Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-48418 HIGH POC This Week

In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Br 6476Ac Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-13094 HIGH POC This Week

The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Triggers Lite
NVD WPScan
CVSS 3.1
7.1
EPSS
2.5%
CVE-2024-13055 HIGH POC This Week

The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Dyn Business Panel
NVD WPScan
CVSS 3.1
7.1
EPSS
2.1%
CVE-2025-24601 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-24671 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Object Injection.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-24146 CRITICAL Act Now

This issue was addressed with improved redaction of sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-24093 CRITICAL Act Now

A permissions issue was addressed with additional restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-24354 MEDIUM POC PATCH This Month

imgproxy is server for resizing, processing, and converting images. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
2.4%
CVE-2025-24612 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MORKVA Shipping for Nova Poshta allows SQL Injection.19.6. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-24665 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes - Unishippers Edition allows SQL Injection.4.8. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-24664 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology LTL Freight Quotes - Worldwide Express Edition allows SQL Injection.0.20. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-24667 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes - Worldwide Express Edition allows SQL Injection.2.17. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2024-48417 MEDIUM POC This Month

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Br 6476Ac Firmware
NVD GitHub
CVSS 3.1
5.2
EPSS
0.2%
CVE-2025-24154 CRITICAL Act Now

An out-of-bounds write was addressed with improved input validation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-54542 CRITICAL Act Now

An authentication issue was addressed with improved state management. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-54530 CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-54512 CRITICAL Act Now

The issue was addressed by removing the relevant flags. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2022-4975 HIGH This Week

A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XSS
NVD
CVSS 3.1
8.9
EPSS
0.2%
CVE-2025-24150 HIGH PATCH This Week

A privacy issue was addressed with improved handling of files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Apple Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-54499 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Use After Free Apple
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-24734 HIGH This Week

Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation.6.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-54543 HIGH PATCH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-54537 HIGH This Week

This issue was addressed with additional entitlement checks. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-54468 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-24685 HIGH This Week

Path Traversal vulnerability in MORKVA Morkva UA Shipping allows PHP Local File Inclusion.0.18. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-24137 HIGH This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Apple
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2025-24156 HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Apple
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24159 HIGH This Week

A validation issue was addressed with improved logic. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-54517 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-54522 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-54509 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24107 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24174 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-24177 HIGH This Week

A null pointer dereference was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Apple Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-24129 HIGH This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Apple
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54557 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-24120 HIGH This Week

This issue was addressed by improved management of object lifetimes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-24169 HIGH This Week

A logging issue was addressed with improved data redaction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-24126 HIGH This Week

An input validation issue was addressed. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-23756 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivan Chernyakov LawPress - Law Firm Website Management allows Reflected XSS.4.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23754 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ulrich Sossou The Loops allows Reflected XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23752 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CGD Arrange Terms allows Reflected XSS.1.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23574 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM allows Reflected XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23792 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Busters Passwordless WP - Login with your glance or fingerprint allows Reflected XSS.1.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22513 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple Locator allows Reflected XSS.0.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy