Skip to main content
CVE-2024-12749 HIGH POC This Week

The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Competition Form
NVD WPScan
CVSS 3.1
7.1
EPSS
1.7%
CVE-2021-3978 HIGH PATCH This Week

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Rated high severity (CVSS 7.5). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Octorpki Cloudflare
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-21396 HIGH This Month

Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Account
NVD
CVSS 3.1
8.2
EPSS
2.0%
CVE-2024-57510 HIGH This Month

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-57509 HIGH This Month

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-54851 HIGH POC This Week

Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Teedy
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-48761 HIGH POC This Week

Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Celk Saude
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23733 HIGH POC THREAT This Month

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.1%.

Information Disclosure
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
18.1%
CVE-2024-12705 HIGH PATCH This Month

Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-11187 HIGH PATCH This Month

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2025-24793 HIGH PATCH This Month

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated high severity (CVSS 7.0). This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Python SQLi Snowflake Connector
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-48849 HIGH POC This Week

Missing Origin Validation in WebSockets vulnerability in FLXEON. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2024-10001 HIGH This Month

A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Information Disclosure Enterprise Server
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-24789 HIGH PATCH This Month

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Java Privilege Escalation Snowflake Jdbc Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-24527 HIGH This Month

An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2024-57436 HIGH POC This Month

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-41140 HIGH This Month

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Manageengine Applications Manager
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-0762 HIGH PATCH This Month

Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Use After Free Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-7695 HIGH This Month

Multiple switches are affected by an out-of-bounds write vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-13696 HIGH This Month

The Flexible Wishlist for WooCommerce - Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wishlist_name’ parameter in all versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy