Skip to main content
CVE-2025-24365 HIGH POC This Week

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vaultwarden
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-24364 HIGH POC This Month

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Vaultwarden
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2025-24357 HIGH PATCH This Month

vLLM is a library for LLM inference and serving. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Vllm Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-12740 HIGH This Month

Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2024-57276 HIGH This Month

In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-54146 HIGH POC PATCH This Month

Cacti is an open source performance and fault management framework. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Cacti Suse
NVD GitHub
CVSS 3.1
7.6
EPSS
9.8%
CVE-2025-24783 HIGH This Month

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Cocoon
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-13057 HIGH POC This Month

The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Dyn Business Panel
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13056 HIGH POC This Month

The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Dyn Business Panel
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13052 HIGH POC This Month

The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Dental Optimizer Patient Generator App
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-12773 HIGH POC This Month

The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Altra Side Menu
NVD WPScan
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-12321 HIGH POC This Month

The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wc Affiliate
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy