Skip to main content
CVE-2024-12638 HIGH POC This Week

The Bulk Me Now!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bulk Me Now
NVD WPScan
CVSS 3.1
7.1
EPSS
1.6%
CVE-2024-10591 HIGH PATCH This Week

The MWB HubSpot for WooCommerce - CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-29080 HIGH This Week

Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Path Traversal
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-13671 HIGH PATCH This Week

The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.1 via the read_score_file() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-12269 HIGH PATCH This Week

The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-11600 HIGH PATCH This Week

The Borderless - Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.9 via the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection WordPress
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-24886 HIGH This Month

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-24885 HIGH This Month

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-0574 HIGH This Month

Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Sante Pacs Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2025-0569 HIGH This Month

Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Sante Pacs Server
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2025-0568 HIGH This Month

Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Sante Pacs Server
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2024-11611 HIGH This Month

AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow C More Ea9 T10Cl Firmware C More Ea9 T10Wcl Firmware C More Ea9 T12Cl Firmware +6
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2024-11610 HIGH This Month

AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow C More Ea9 T10Cl Firmware C More Ea9 T10Wcl Firmware C More Ea9 T12Cl Firmware +6
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2024-11609 HIGH This Month

AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow C More Ea9 T10Cl Firmware C More Ea9 T10Wcl Firmware +7
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2025-24802 HIGH PATCH This Month

Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-0147 HIGH This Month

Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Meeting Software Development Kit Video Software Development Kit Workplace Desktop
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-24507 HIGH This Month

This vulnerability allows appliance compromise at boot time. Rated high severity (CVSS 8.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.9
EPSS
0.1%
CVE-2025-24505 HIGH This Month

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. Rated high severity (CVSS 8.8). No vendor patch available.

File Upload
NVD
CVSS 4.0
8.8
EPSS
0.5%
CVE-2025-24500 HIGH This Month

The vulnerability allows an unauthenticated attacker to access information in PAM database. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-0683 HIGH This Month

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.2%
CVE-2025-0626 HIGH This Month

The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2024-44142 HIGH This Month

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Garageband
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-0498 HIGH This Month

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Rockwell Information Disclosure Factorytalk Assetcentre
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-0497 HIGH This Month

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. Rated high severity (CVSS 7.3). No vendor patch available.

Rockwell Information Disclosure Factorytalk Assetcentre
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2024-2658 HIGH This Month

A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

OpenSSL Authentication Bypass
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-24883 HIGH PATCH This Month

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-22222 HIGH This Month

VMware Aria Operations contains an information disclosure vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Aria Operations Cloud Foundation
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2025-22218 HIGH This Month

VMware Aria Operations for Logs contains an information disclosure vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

VMware Information Disclosure Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-13720 HIGH PATCH This Month

The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.6%.

RCE CSRF WordPress PHP Wp Image Uploader
NVD
CVSS 3.1
8.8
EPSS
11.6%
CVE-2024-13707 HIGH PATCH This Month

The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress Wp Image Uploader
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-13646 HIGH This Month

The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'single_user_chat_update_login'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Denial Of Service Single User Chat
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-12821 HIGH This Month

The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Media Manager
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-12129 HIGH This Month

The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Royal Core
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-0747 HIGH This Month

A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Embedai
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-0745 HIGH This Month

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedai
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0744 HIGH This Month

an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedai
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0740 HIGH This Month

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedai
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-0739 HIGH This Month

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedai
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-13453 HIGH This Month

The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.6.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection WordPress
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-21107 HIGH This Month

Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Networker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-0834 HIGH This Month

Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-13694 HIGH PATCH This Month

The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Woocommerce Wishlist
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-12708 HIGH POC This Month

The Bulk Me Now!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bulk Me Now
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-12400 HIGH POC This Month

The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tour Master
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23374 HIGH This Month

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Enterprise Sonic Distribution
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2025-0848 HIGH POC This Month

A vulnerability was found in Tenda A18 up to 15.13.07.09. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow A18 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy