Skip to main content
CVE-2024-40891 HIGH KEV THREAT Act Now

Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication command injection via Telnet management commands, companion vulnerability to CVE-2024-40890 affecting the same unsupported device.

Command Injection Zyxel Vmg1312 B10A Firmware Vmg1312 B10B Firmware Vmg1312 B10E Firmware +11
NVD
CVSS 3.1
8.8
EPSS
55.4%
CVE-2024-13330 HIGH POC This Week

The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Justrows Free
NVD WPScan
CVSS 3.1
7.1
EPSS
1.8%
CVE-2025-23015 HIGH PATCH This Week

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Privilege Escalation Cassandra Red Hat
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-1010 HIGH PATCH This Week

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Mozilla Denial Of Service
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-23058 HIGH This Week

A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-1014 HIGH PATCH This Week

Certificate length was not properly checked when added to a certificate store. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-1011 HIGH PATCH This Week

A bug in WebAssembly code generation could have lead to a crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Mozilla
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-22700 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Traveler Code.1.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-1003 HIGH This Week

A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation HP
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2023-39943 HIGH This Week

In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing XE files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cobalt
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2023-40222 HIGH This Week

In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Cobalt
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-23023 HIGH This Week

Discourse is an open source platform for community discussion. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-55948 HIGH This Week

Discourse is an open source platform for community discussion. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-11468 HIGH This Week

Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1012 HIGH PATCH This Week

A race during concurrent delazification could have led to a use-after-free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-22205 HIGH This Week

Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Admiror Gallery
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-24648 HIGH This Week

Incorrect Privilege Assignment vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Privilege Escalation.6.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13723 HIGH This Week

The "NagVis" component within Checkmk is vulnerable to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE File Upload
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-23690 HIGH This Week

The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-10238 HIGH This Week

A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-10239 HIGH This Week

A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-10237 HIGH This Week

There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-24598 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS.8.17.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-24602 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP24 WP24 Domain Check allows Reflected XSS.10.14. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-24599 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.9.9.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23645 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Optimize Worldwide Find Content IDs allows Reflected XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22794 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Landoweb Programador World Cup Predictor allows Reflected XSS.9.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-20890 HIGH This Week

Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-20888 HIGH This Week

Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-20882 HIGH This Week

Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-20881 HIGH This Week

Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-11467 HIGH This Month

Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24968 HIGH POC This Week

reNgine is an automated reconnaissance framework for web applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rengine
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-24967 HIGH POC This Month

reNgine is an automated reconnaissance framework for web applications. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Rengine
NVD GitHub
CVSS 4.0
7.4
EPSS
0.6%
CVE-2025-0509 HIGH PATCH This Month

A security issue was found in Sparkle before version 2.6.4. Rated high severity (CVSS 7.3).

Information Disclosure Path Traversal Sparkle Hci Compute Node Oncommand Workflow Automation +1
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-40890 HIGH KEV THREAT Act Now

Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication OS command injection in the CGI program, allowing authenticated attackers to execute OS commands via crafted HTTP POST requests. No patch available (EOL device).

Command Injection Zyxel Vmg1312 B10A Firmware Vmg1312 B10B Firmware Vmg1312 B10E Firmware +11
NVD
CVSS 3.1
8.8
EPSS
45.9%
CVE-2024-13329 HIGH POC This Month

The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Solidres
NVD WPScan
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy