Skip to main content
CVE-2025-0674 CRITICAL POC THREAT Emergency

Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.9% and no vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
16.9%
CVE-2024-55215 CRITICAL POC Act Now

An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Trojan
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2025-1107 CRITICAL Act Now

Unverified password change vulnerability in Janto, versions prior to r12. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-25101 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery.0.7. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
1.2%
CVE-2025-1061 CRITICAL Act Now

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple WordPress Authentication Bypass PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-1077 CRITICAL Act Now

A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Python RCE
NVD
CVSS 4.0
9.5
EPSS
1.1%
CVE-2025-25107 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery.1.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-25106 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery.0.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2024-57707 CRITICAL POC Act Now

An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy