Skip to main content
CVE-2024-13742 CRITICAL PATCH Act Now

The iControlWP - Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Information Disclosure PHP
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2025-24503 CRITICAL This Week

A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-0680 CRITICAL This Week

Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.0%
CVE-2024-12248 CRITICAL This Week

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow
NVD
CVSS 4.0
9.3
EPSS
3.4%
CVE-2025-0477 CRITICAL This Week

An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Factorytalk Assetcentre
NVD
CVSS 4.0
9.3
EPSS
1.5%
CVE-2024-12822 CRITICAL This Week

The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Media Manager
NVD
CVSS 3.1
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy