Skip to main content
CVE-2024-57045 CRITICAL POC THREAT Emergency

A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.5%.

D-Link PHP Authentication Bypass Dir 859 A3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
74.5%
Threat
5.7
CVE-2024-57049 CRITICAL POC THREAT Emergency

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.8%.

TP-Link Authentication Bypass Archer C20 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
48.8%
Threat
4.9
CVE-2025-26613 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
1.9%
CVE-2025-26612 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Authentication Bypass Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.5%
CVE-2025-26617 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Authentication Bypass Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.4%
CVE-2025-26611 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Authentication Bypass Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.4%
CVE-2025-26609 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Authentication Bypass Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.4%
CVE-2025-26608 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Authentication Bypass Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.4%
CVE-2025-26607 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Authentication Bypass Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.4%
CVE-2025-26606 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Authentication Bypass Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.4%
CVE-2025-26616 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Path Traversal Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.3%
CVE-2025-26615 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Path Traversal Wegia
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-1023 CRITICAL POC Act Now

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Churchcrm
NVD GitHub
CVSS 4.0
9.3
EPSS
0.9%
CVE-2025-26614 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.4%
CVE-2025-26610 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.4%
CVE-2025-26605 CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.4%
CVE-2025-22654 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified allows Using Malicious Files.0.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
6.5%
CVE-2024-13725 CRITICAL PATCH Act Now

The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Information Disclosure PHP RCE WordPress Path Traversal
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-39327 CRITICAL Act Now

Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the possibility to obtain CA signing in an illegitimate way. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2024-12860 CRITICAL Act Now

The CarSpot - Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Carspot
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-46686 CRITICAL Act Now

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2025-25467 CRITICAL Act Now

Insufficient tracking and releasing of allocated used memory in libx264 git master allows attackers to execute arbitrary code via creating a crafted AAC file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-55460 CRITICAL Act Now

A time-based SQL injection vulnerability in the login page of BoardRoom Limited Dividend Distribution Tax Election System Version v2.0 allows attackers to execute arbitrary code via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-56000 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements allows Privilege Escalation.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25222 CRITICAL Act Now

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Luxcal Web Calendar
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-25221 CRITICAL Act Now

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Luxcal Web Calendar
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-24895 CRITICAL PATCH Act Now

CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-24894 CRITICAL PATCH Act Now

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy