Skip to main content
CVE-2022-1736 CRITICAL PATCH Act Now

Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ubuntu Gnome Remote Desktop Ubuntu Linux Red Hat +1
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-24891 CRITICAL This Week

Dumb Drop is a file upload application. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Path Traversal
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2024-57587 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the (1) username or (2). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Co2Scope Dcscope
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-55062 CRITICAL POC Act Now

Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Co2Scope Dcscope
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2024-53356 CRITICAL POC Act Now

Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Co2Scope Dcscope
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-22957 CRITICAL POC Act Now

A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Zzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-53584 CRITICAL POC Act Now

OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Openpanel
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-47857 CRITICAL This Week

SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-23215 CRITICAL PATCH This Week

PMD is an extensible multilanguage static code analyzer. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-53537 CRITICAL POC Act Now

An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Openpanel
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
6.1%
CVE-2024-53320 CRITICAL This Week

Qualisys C++ SDK commit a32a21a was discovered to contain multiple stack buffer overflows via the GetCurrentFrame, SaveCapture, and LoadProject functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-0929 CRITICAL This Week

SQL injection vulnerability in TeamCal Neo, version 3.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2025-0493 CRITICAL This Week

The MultiVendorX - The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Path Traversal RCE WordPress +1
NVD
CVSS 3.1
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy