Skip to main content
CVE-2025-1302 HIGH POC PATCH THREAT Act Now

The jsonpath-plus npm package before version 10.3.0 contains a remote code execution vulnerability due to improper input sanitization in the eval='safe' mode. Despite being labeled 'safe', the evaluation mode allows attackers to escape the sandbox and execute arbitrary JavaScript, affecting any application processing untrusted JSONPath expressions.

RCE Code Injection Red Hat Suse
NVD GitHub
CVSS 4.0
8.9
EPSS
88.9%
Threat
5.9
CVE-2024-13488 HIGH PATCH This Week

The LTL Freight Quotes - Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
7.2%
CVE-2025-0995 HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-5461 HIGH This Week

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-26819 HIGH PATCH This Week

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Monero
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-4282 HIGH This Week

Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-0997 HIGH PATCH This Week

Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy