Skip to main content
CVE-2025-26365 HIGH This Week

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-26364 HIGH This Week

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-26363 HIGH This Week

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-26362 HIGH This Week

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-26520 HIGH PATCH This Week

Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Cacti Suse
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-51376 HIGH This Week

Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-46923 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service Exynos 2200 Firmware Exynos 1480 Firmware Exynos 2400 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-12315 HIGH PATCH This Week

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Export All Posts Products Orders Refunds Users
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-13475 HIGH PATCH This Week

The Small Package Quotes - UPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 4.5.16 due to insufficient escaping on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Small Package Quotes
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-51123 HIGH This Week

An issue in Zertificon Z1 SecureMail Z1 SecureMail Gateway 4.44.2-7240-debian12 allows a remote attacker to obtain sensitive information via the /compose-pdf.xhtml?convid=[id] component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26356 HIGH This Week

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2024-13435 HIGH This Week

The Ebook Downloader plugin for WordPress is vulnerable to SQL Injection via the 'download' parameter in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Ebook Downloader
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-13600 HIGH PATCH This Week

The Majestic Support - The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Majestic Support
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-56940 HIGH This Week

An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service (DoS) via excessive file uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Learndash
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-25283 HIGH PATCH This Week

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13532 HIGH This Week

The Small Package Quotes - Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.6.4 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13473 HIGH This Week

The LTL Freight Quotes - Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameter in all versions up to, and including, 5.0.20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13477 HIGH PATCH This Week

The LTL Freight Quotes - Unishippers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 2.5.8 due to insufficient escaping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13480 HIGH PATCH This Week

The LTL Freight Quotes - For Customers of FedEx Freight plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13531 HIGH This Week

The ShipEngine Shipping Quotes plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.0.7 due to insufficient escaping on the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13490 HIGH PATCH This Week

The LTL Freight Quotes - XPO Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.7 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13528 HIGH PATCH This Week

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

WordPress Authentication Bypass Customer Email Verification For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-0112 HIGH This Week

NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure RCE Privilege Escalation Denial Of Service Nvidia
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-31345 HIGH This Week

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. Rated high severity (CVSS 7.5). No vendor patch available.

RCE
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-0511 HIGH PATCH This Week

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Welcart E Commerce PHP
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-31858 HIGH PATCH This Week

Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Intel Privilege Escalation Quickassist Technology
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2024-39805 HIGH This Week

Insufficient verification of data authenticity in some Intel(R) DSA software before version 23.4.39 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-26349 HIGH This Week

A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal File Upload Maxtime
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-11629 HIGH This Week

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Telerik Document Processing Libraries
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2025-0937 HIGH This Week

Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nomad Red Hat
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-26372 HIGH This Week

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-26370 HIGH This Week

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-41168 HIGH This Week

Use after free in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Intel Denial Of Service Microsoft +1
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-38307 HIGH This Week

Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow an authenticated user to potentially enable denial of service via network access. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-39356 HIGH This Week

NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Intel Null Pointer Dereference Denial Of Service Windows
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-36274 HIGH This Week

Out-of-bounds write in the Intel(R) 800 Series Ethernet Driver for Intel(R) Ethernet Adapter Complete Driver Pack before versions 29.1 may allow an unauthenticated user to potentially enable denial. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Intel Denial Of Service
NVD
CVSS 4.0
7.1
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy