Skip to main content
CVE-2024-12749 HIGH POC This Week

The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Competition Form
NVD WPScan
CVSS 3.1
7.1
EPSS
1.7%
CVE-2021-3978 HIGH PATCH This Week

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Rated high severity (CVSS 7.5). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Octorpki Cloudflare
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-37398 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-35907 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-35017 MEDIUM This Month

IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-37413 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-37412 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Aspera Faspex
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-33838 MEDIUM This Month

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-21415 CRITICAL This Week

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Ai Face Service
NVD
CVSS 3.1
9.9
EPSS
3.7%
CVE-2025-21396 HIGH This Month

Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Account
NVD
CVSS 3.1
8.2
EPSS
2.0%
CVE-2025-0843 MEDIUM POC This Week

A vulnerability was found in needyamin Library Card System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Library Card System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-57665 CRITICAL POC Act Now

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Jfinalcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-0851 CRITICAL PATCH This Week

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.7% and no vendor patch available.

Java Path Traversal
NVD GitHub
CVSS 4.0
9.3
EPSS
30.7%
CVE-2025-0842 MEDIUM POC This Week

A vulnerability was found in needyamin Library Card System 1.0 and classified as critical.php of the component Login. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Library Card System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-57513 MEDIUM This Month

A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-57510 HIGH This Month

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-57509 HIGH This Month

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-57395 CRITICAL This Week

Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-54852 CRITICAL POC Act Now

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection LDAP Teedy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-54851 HIGH POC This Week

Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Teedy
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-51182 MEDIUM POC This Month

HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Celk Saude
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-48761 HIGH POC This Week

Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Celk Saude
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23733 HIGH POC THREAT This Month

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.1%.

Information Disclosure
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
18.1%
CVE-2024-12705 HIGH PATCH This Month

Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-11187 HIGH PATCH This Month

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2025-24884 MEDIUM PATCH This Month

kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kubernetes Suse
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-24795 MEDIUM PATCH Monitor

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Snowflake Connector
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-24794 MEDIUM PATCH This Month

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Privilege Escalation Python Snowflake Connector
NVD GitHub
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-24793 HIGH PATCH This Month

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated high severity (CVSS 7.0). This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Python SQLi Snowflake Connector
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-24788 MEDIUM PATCH This Month

snowflake-connector-net is the Snowflake Connector for .NET. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Apple Snowflake Connector macOS
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-0841 MEDIUM This Month

A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-20061 CRITICAL This Week

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-20014 CRITICAL This Week

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-0840 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Binutils Red Hat Suse
NVD VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2024-48852 MEDIUM POC This Week

Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
2.7%
CVE-2024-48849 HIGH POC This Week

Missing Origin Validation in WebSockets vulnerability in FLXEON. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2024-10001 HIGH This Month

A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Information Disclosure Enterprise Server
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-24882 MEDIUM PATCH This Month

regclient is a Docker and OCI Registry Client in Go. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
5.2
EPSS
0.2%
CVE-2025-24790 MEDIUM PATCH Monitor

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Java Snowflake Jdbc
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-24789 HIGH PATCH This Month

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Java Privilege Escalation Snowflake Jdbc Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-24791 MEDIUM PATCH Monitor

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Authentication Bypass Snowflake Connector
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-24527 HIGH This Month

An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-24792 MEDIUM Monitor

Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Rated medium severity (CVSS 4.4). No vendor patch available.

Denial Of Service PHP
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-24374 MEDIUM PATCH Monitor

Twig is a template language for PHP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-57439 MEDIUM POC Monitor

An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ruoyi
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-57438 MEDIUM POC This Month

Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-57437 MEDIUM POC This Week

RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruoyi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-57436 HIGH POC This Month

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-0353 MEDIUM This Month

The Divi Torque Lite - Best Divi Addon, Extensions, Modules & Social Modules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-54462 LOW Monitor

The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. Rated low severity (CVSS 2.1). No vendor patch available.

Information Disclosure Image Picker Android Android
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy