Skip to main content
CVE-2025-25183 LOW PATCH Monitor

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Python Information Disclosure Vllm
NVD GitHub
CVSS 3.1
2.6
EPSS
0.3%
CVE-2021-41527 LOW Monitor

An error related to the 2-factor authorization (2FA) on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-25187 HIGH POC PATCH This Month

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE XSS Joplin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-24028 HIGH POC PATCH This Month

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

XSS Joplin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-1114 MEDIUM POC This Month

A vulnerability classified as problematic has been found in newbee-mall 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Newbee Mall
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-55630 LOW POC PATCH Monitor

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Joplin
NVD GitHub
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-24366 HIGH PATCH This Month

SFTPGo is an open source, event-driven file transfer solution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-57278 MEDIUM This Month

A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-24980 MEDIUM POC PATCH This Week

pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Admin Classic Bundle
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-1105 MEDIUM This Month

A vulnerability was found in SiberianCMS 4.20.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siberiancms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-9661 MEDIUM Monitor

The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-57707 CRITICAL POC Act Now

An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-55214 MEDIUM POC This Week

Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Explorer
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-55213 MEDIUM POC This Week

Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Explorer
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52884 HIGH This Month

An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mediant Session Border Controller
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-52881 HIGH This Month

An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure One Voice Operations Center
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-48091 HIGH This Month

Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-10383 HIGH This Month

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.4%
CVE-2025-0304 HIGH This Month

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-0675 HIGH This Month

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy