Skip to main content
CVE-2025-24505 HIGH This Month

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. Rated high severity (CVSS 8.8). No vendor patch available.

File Upload
NVD
CVSS 4.0
8.8
EPSS
0.5%
CVE-2025-24504 MEDIUM This Month

An improper input validation the CSRF filter results in unsanitized user input written to the application logs. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-24503 CRITICAL This Week

A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-24502 MEDIUM This Month

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-24501 MEDIUM This Month

An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-24500 HIGH This Month

The vulnerability allows an unauthenticated attacker to access information in PAM database. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-0683 HIGH This Month

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.2%
CVE-2025-0681 MEDIUM This Month

The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-0680 CRITICAL This Week

Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.0%
CVE-2025-0626 HIGH This Month

The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2024-44142 HIGH This Month

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Garageband
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-12248 CRITICAL This Week

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow
NVD
CVSS 4.0
9.3
EPSS
3.4%
CVE-2025-0874 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Car Rental System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0498 HIGH This Month

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Rockwell Information Disclosure Factorytalk Assetcentre
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-0497 HIGH This Month

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. Rated high severity (CVSS 7.3). No vendor patch available.

Rockwell Information Disclosure Factorytalk Assetcentre
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-0477 CRITICAL This Week

An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Factorytalk Assetcentre
NVD
CVSS 4.0
9.3
EPSS
1.5%
CVE-2025-0873 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0367 MEDIUM This Month

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-2658 HIGH This Month

A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

OpenSSL Authentication Bypass
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-24883 HIGH PATCH This Month

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-24784 MEDIUM PATCH Monitor

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-24376 MEDIUM PATCH This Month

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23216 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kubernetes Argo Cd Red Hat Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-22222 HIGH This Month

VMware Aria Operations contains an information disclosure vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Aria Operations Cloud Foundation
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2025-22221 MEDIUM This Month

VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware XSS Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
5.2
EPSS
0.2%
CVE-2025-22220 MEDIUM Monitor

VMware Aria Operations for Logs contains a privilege escalation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22219 MEDIUM This Month

VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware XSS Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-0872 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-23367 MEDIUM PATCH This Month

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Wildfly Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-22218 HIGH This Month

VMware Aria Operations for Logs contains an information disclosure vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

VMware Information Disclosure Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2025-0871 MEDIUM This Month

A vulnerability classified as problematic has been found in Maybecms 1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-53615 MEDIUM This Month

A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
6.5
EPSS
20.6%
CVE-2024-8494 MEDIUM Monitor

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Website Builder Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13720 HIGH PATCH This Month

The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.6%.

RCE CSRF WordPress PHP Wp Image Uploader
NVD
CVSS 3.1
8.8
EPSS
11.6%
CVE-2024-13715 MEDIUM PATCH Monitor

The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Zstore Manager Basic
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13707 HIGH PATCH This Month

The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress Wp Image Uploader
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-13700 MEDIUM This Month

The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Embed Swagger Ui
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13670 MEDIUM PATCH This Month

The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pn_msv' shortcode in all versions up to, and including, 4.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Music Sheet Viewer
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13664 MEDIUM PATCH This Month

The WP Post List Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpb_post_list_table' shortcode in all versions up to, and including, 1.0.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Post List Table
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13661 MEDIUM PATCH This Month

The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditor_vtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Table Editor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13646 HIGH This Month

The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'single_user_chat_update_login'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Denial Of Service Single User Chat
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-13596 MEDIUM PATCH This Month

The WordPress Survey & Poll - Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'survey' shortcode in all versions up to,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Wordpress Survey And Poll
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13549 MEDIUM PATCH This Month

The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Accordion" widget in all versions up to, and including, 1.3.26 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS All Bootstrap Blocks Bootstrap
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13512 MEDIUM This Month

The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wonder Fontawesome
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-13460 MEDIUM This Month

The WE - Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Testimonial Author Names in all versions up to, and including, 1.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS We Testimonial Slide
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13400 MEDIUM This Month

The Kona Gallery Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Kona: Instagram for Gutenberg" Block, specifically in the "align" attribute, in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Kona Gallery Block
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12861 MEDIUM PATCH This Month

The W2S - Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2s_view_log' AJAX action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure W2S
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12822 CRITICAL This Week

The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Media Manager
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-12821 HIGH This Month

The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Media Manager
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-12444 MEDIUM This Month

The WP Dispensary plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpd_menu' shortcode in all versions up to, and including, 4.5.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Dispensary
NVD
CVSS 3.1
6.4
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy