Skip to main content
CVE-2025-24958 CRITICAL POC Act Now

WeGIA is a Web Manager for Charitable Institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.4%
CVE-2025-24957 CRITICAL POC Act Now

WeGIA is a Web Manager for Charitable Institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.5%
CVE-2025-24906 CRITICAL POC Act Now

WeGIA is a Web Manager for Charitable Institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.4%
CVE-2025-24905 CRITICAL POC Act Now

WeGIA is a Web Manager for Charitable Institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.4%
CVE-2025-24902 CRITICAL POC Act Now

WeGIA is a Web Manager for Charitable Institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.3%
CVE-2025-24901 CRITICAL POC Act Now

WeGIA is a Web Manager for Charitable Institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.5%
CVE-2025-24370 CRITICAL PATCH This Week

Django-Unicorn adds modern reactive component functionality to Django templates. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Python XSS
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-22978 CRITICAL POC Act Now

eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Eladmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-57968 CRITICAL POC KEV THREAT Act Now

Advantive VeraCore warehouse management system allows authenticated users to upload files to unintended directories, enabling web shell deployment through the upload.aspx endpoint.

File Upload Veracore
NVD
CVSS 3.1
9.9
EPSS
44.2%
CVE-2024-57450 CRITICAL POC Act Now

ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Chestnutcms
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-57099 CRITICAL POC Act Now

ClassCMS v4.8 has a code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Classcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-57098 CRITICAL POC Act Now

Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Moss
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-45569 CRITICAL PATCH This Week

Memory corruption while parsing the ML IE due to invalid frame content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +169
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-20634 CRITICAL This Week

In Modem, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Nr16 Nr17 +1
NVD
CVSS 3.1
9.8
EPSS
7.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy