Skip to main content
CVE-2024-13726 HIGH POC THREAT Act Now

The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

WordPress SQLi Themes Coder
NVD WPScan
CVSS 3.1
8.6
EPSS
10.4%
CVE-2024-13625 HIGH POC This Week

The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tube Video Ads Lite
NVD WPScan
CVSS 3.1
7.1
EPSS
1.9%
CVE-2024-13626 HIGH POC This Week

The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Vr Frases
NVD WPScan
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-13603 MEDIUM POC This Month

The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wise Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-1387 CRITICAL Act Now

Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orca Hcm
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-1379 MEDIUM POC This Month

A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Real Estate Property Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1380 MEDIUM POC This Month

A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1381 MEDIUM POC This Month

A vulnerability was found in code-projects Real Estate Property Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Real Estate Property Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-1374 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Real Estate Property Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2024-13627 MEDIUM POC This Month

The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Owl Carousel Slider
NVD WPScan
CVSS 3.1
4.7
EPSS
1.2%
CVE-2025-1388 HIGH This Week

Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Orca Hcm
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-1370 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Escan Anti Virus
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-1366 MEDIUM POC This Month

A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Escan Anti Virus
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-1372 MEDIUM POC PATCH This Month

A vulnerability was found in GNU elfutils 0.192. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Elfutils Red Hat Suse
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-1389 HIGH This Week

Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Orca Hcm
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-1373 MEDIUM POC PATCH This Month

A vulnerability was found in FFmpeg up to 7.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Ffmpeg Suse
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-1365 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Elfutils Red Hat Suse
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-1378 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Radare2 Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-1367 MEDIUM POC This Month

A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Escan Anti Virus
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-1377 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192.c of the component eu-strip. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Elfutils Red Hat Suse
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2024-13608 MEDIUM POC This Month

The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Track Logins
NVD WPScan
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-1368 MEDIUM POC This Month

A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Escan Anti Virus
NVD GitHub VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2024-25066 MEDIUM POC This Month

RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-0924 HIGH PATCH This Week

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Activity Log PHP
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2025-21103 HIGH This Week

Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell RCE Networker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-0591 HIGH This Week

Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23840 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webjema WP-NOTCAPTCHA allows Reflected XSS.3.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23845 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 ImageMeta allows Reflected XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-0001 MEDIUM This Month

Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-26770 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark allows Stored XSS.5.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26769 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilia Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26754 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Timeline Block allows Stored XSS.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26772 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detheme DethemeKit For Elementor allows Stored XSS.1.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26771 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks - Gutenberg based Page Builder allows Stored XSS.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0714 MEDIUM POC This Month

The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-1369 LOW POC Monitor

A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

Command Injection Escan Anti Virus
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-1376 LOW POC CISA Monitor

A vulnerability classified as problematic was found in GNU elfutils 0.192. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

Denial Of Service
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-26778 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Gallery allows Stored XSS.2.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-26775 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 BEAR allows Stored XSS.1.4.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-1392 MEDIUM This Month

A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link XSS Dir 816 Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
2.4%
CVE-2024-13879 MEDIUM This Month

The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-1391 MEDIUM PATCH This Month

A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-47935 MEDIUM This Month

Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock allows an attacker to escalate their privileges in the. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-26758 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds allows Retrieve Embedded Sensitive Data.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-26700 MEDIUM This Month

Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.0
5.2
EPSS
0.0%
CVE-2025-1371 MEDIUM PATCH This Month

A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Elfutils Red Hat Suse
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-26773 MEDIUM This Month

Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13837 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy