Skip to main content
CVE-2024-57046 HIGH POC THREAT Act Now

Netgear DGN2200 router firmware v1.0.0.46 and earlier contains an authentication bypass. By appending ?x=1.gif to any URL, the router's authentication check is fooled into treating the request as an image file, granting unauthenticated access to all management functions including configuration and firmware management.

Netgear Authentication Bypass Dgn2200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
62.4%
Threat
5.1
CVE-2025-0981 HIGH POC This Week

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's session by exploiting a Stored Cross Site Scripting (XSS) vulnerability in the Group Editor page. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass XSS Churchcrm
NVD GitHub
CVSS 4.0
8.4
EPSS
0.1%
CVE-2024-56883 HIGH POC This Week

Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sage Dpw
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2024-50609 HIGH POC This Week

An issue was discovered in Fluent Bit 3.1.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Fluent Bit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-50608 HIGH POC This Week

An issue was discovered in Fluent Bit 3.1.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Fluent Bit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-25284 HIGH This Week

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal
NVD GitHub
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-13677 HIGH This Week

The GetBookingsWP - Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation Get Bookings Wp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-13315 HIGH PATCH This Week

The Shopwarden - Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Privilege Escalation Shopwarden
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-13852 HIGH This Week

The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Option Editor
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-0422 HIGH This Week

An authenticated user in the "bestinformed Web" application can execute commands on the underlying server running the application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2025-22663 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Paid Videochat Turnkey Site allows Path Traversal.2.12. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2024-13556 HIGH PATCH This Week

The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Information Disclosure PHP Authentication Bypass Deserialization WordPress +1
NVD
CVSS 3.1
8.1
EPSS
2.5%
CVE-2025-22639 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Distance Rate Shipping for WooCommerce allows Blind SQL Injection.3.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-0425 HIGH This Week

Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-26604 HIGH This Week

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure RCE
NVD GitHub
CVSS 3.1
8.3
EPSS
0.2%
CVE-2025-22656 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Oscar Alvarez Cookie Monster allows PHP Local File Inclusion.2.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-13684 HIGH This Week

The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2024-51505 HIGH This Week

An issue was discovered in Atos Eviden IDRA before 2.7.1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Privilege Escalation
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-25895 HIGH This Week

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the public_type parameter. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-25894 HIGH This Week

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and samba_nbn parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-25893 HIGH This Week

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-24928 HIGH PATCH This Week

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Active Iq Unified Manager Manageability Software Development Kit Ontap +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-56171 HIGH PATCH This Week

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Libxml2 Hci Compute Node +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21703 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-13797 HIGH This Week

The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Code Injection Pressmart
NVD
CVSS 3.1
7.3
EPSS
2.0%
CVE-2024-13681 HIGH This Week

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_admin_get_oembed' function in all versions up to, and including, 2.9.1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE Uncode
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-13622 HIGH This Week

The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-25475 HIGH PATCH This Week

A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Dcmtk Debian Linux Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-22657 HIGH This Week

Missing Authorization vulnerability in Vito Peleg Atarim allows Exploiting Incorrectly Configured Access Control Security Levels.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-25224 HIGH This Week

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Luxcal Web Calendar
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-0817 HIGH This Week

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Formcraft PHP
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-0521 HIGH PATCH This Week

The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Post Smtp PHP
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-13704 HIGH PATCH This Week

The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'st_user_title' parameter in all versions up to, and including, 4.0.1 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress XSS Super Testimonials
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-57964 HIGH This Week

Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-57963 HIGH This Week

Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-12314 HIGH This Week

The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Rapid Cache
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-20075 HIGH This Week

Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.0
7.2
EPSS
0.2%
CVE-2024-57259 HIGH PATCH This Week

sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required.

Buffer Overflow U Boot Suse
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-57258 HIGH PATCH CISA This Week

Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64. Rated high severity (CVSS 7.1), this vulnerability is no authentication required.

Integer Overflow Buffer Overflow
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-57256 HIGH PATCH CISA This Week

An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff,. Rated high severity (CVSS 7.1), this vulnerability is no authentication required.

Integer Overflow Buffer Overflow
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-57255 HIGH PATCH This Week

An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant. Rated high severity (CVSS 7.1), this vulnerability is no authentication required.

Integer Overflow Buffer Overflow U Boot Suse
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-57254 HIGH PATCH This Week

An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem. Rated high severity (CVSS 7.1), this vulnerability is no authentication required.

Integer Overflow Buffer Overflow U Boot Suse
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-25305 HIGH PATCH This Week

Home Assistant Core is an open source home automation that puts local control and privacy first. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-21702 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit,. Rated high severity (CVSS 7.0).

Linux Privilege Escalation
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy