Skip to main content
CVE-2025-24786 CRITICAL POC PATCH THREAT Act Now

WhoDB open-source database management tool allows unauthenticated path traversal to access any SQLite3 database on the host machine. Beyond data exposure, affected versions enable reading sensitive system files and executing arbitrary commands through SQLite extensions, achieving full server compromise.

Path Traversal Whodb Suse
NVD GitHub
CVSS 3.1
10.0
EPSS
51.3%
Threat
5.0
CVE-2024-57430 CRITICAL POC Act Now

An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SQLi Privilege Escalation Cinema Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40916 CRITICAL POC Act Now

Tiny File Manager v2.4.7 and below is vulnerable to session fixation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Fixation Tiny File Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-1066 CRITICAL Act Now

OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-36554 CRITICAL Act Now

Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-36555 CRITICAL Act Now

Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW-60. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-5878 CRITICAL Act Now

Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Honeywell
NVD
CVSS 4.0
9.4
EPSS
0.3%
CVE-2025-0982 CRITICAL Act Now

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google RCE Application Integration
NVD
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-24981 CRITICAL PATCH Act Now

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2024-51450 CRITICAL Act Now

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Security Verify Directory
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-36556 CRITICAL Act Now

Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b have a Hardcoded password. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-22992 CRITICAL POC Act Now

A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Emoncms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-57428 CRITICAL POC Act Now

A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Cinema Booking System
NVD GitHub
CVSS 3.1
9.3
EPSS
2.6%
CVE-2024-39272 CRITICAL This Week

A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Clearml Enterprise Server
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2024-51547 CRITICAL This Week

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy