Skip to main content
CVE-2025-24989 HIGH KEV PATCH THREAT Act Now

Microsoft Power Pages contains an improper access control vulnerability allowing unauthenticated attackers to elevate privileges and bypass user registration controls over the network.

Authentication Bypass Power Pages
NVD
CVSS 3.1
8.2
EPSS
25.7%
CVE-2025-1135 CRITICAL POC Act Now

A vulnerability exists in ChurchCRM 5.13.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Churchcrm
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-1134 CRITICAL POC Act Now

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Churchcrm
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-1133 CRITICAL POC Act Now

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Churchcrm
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-1132 CRITICAL POC Act Now

A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP SQLi Churchcrm
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2023-51302 HIGH POC This Week

PHPJabbers Hotel Booking System v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Hotel Booking System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-27092 HIGH POC PATCH This Week

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Path Traversal Ghosts
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-1024 HIGH POC This Week

A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass XSS Churchcrm
NVD GitHub
CVSS 4.0
8.4
EPSS
0.1%
CVE-2024-13478 HIGH PATCH Act Now

The LTL Freight Quotes - TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.3%.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
24.3%
CVE-2025-25943 HIGH POC This Week

Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Code Injection Bento4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-51301 HIGH POC This Week

A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hotel Booking System
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-51293 HIGH POC This Week

A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Event Booking Calendar v4.0 allows attackers to send an excessive amount of email for a legitimate user,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Event Booking Calendar
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-25944 HIGH POC This Week

Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Code Injection Bento4
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-27090 MEDIUM POC PATCH This Month

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Sliver Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-1007 MEDIUM POC This Month

{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Vsx
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2023-51297 MEDIUM POC This Month

A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hotel Booking System
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-13485 HIGH PATCH Act Now

The LTL Freight Quotes - ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1%.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
15.1%
CVE-2024-13481 HIGH PATCH Act Now

The LTL Freight Quotes - R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1%.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
15.1%
CVE-2025-25945 MEDIUM POC This Month

An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the Mp4Fragment.cpp and in AP4_DescriptorFactory::CreateDescriptorFromStream at Ap4DescriptorFactory.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25942 MEDIUM POC This Month

An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4fragment tool when processing invalid files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51296 MEDIUM POC This Month

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters which allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Event Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-51300 MEDIUM POC This Month

PHPJabbers Hotel Booking System v4.0 is vulnerable to Cross-Site Scripting (XSS) vulnerabilities in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hotel Booking System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-51299 MEDIUM POC This Month

PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hotel Booking System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-51303 MEDIUM POC This Month

PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple HTML Injection in the "lid, name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Event Ticketing System
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-21355 HIGH PATCH This Week

Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Bing
NVD
CVSS 3.1
8.6
EPSS
6.7%
CVE-2023-46271 CRITICAL Act Now

Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-25947 MEDIUM POC This Month

An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4_AtomParent::RemoveChild, during the execution of mp4encrypt with a specially. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-25946 MEDIUM POC This Month

An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2020-35546 CRITICAL Act Now

Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-28777 HIGH This Week

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Deserialization Denial Of Service Cognos Controller +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-5706 HIGH This Week

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure RCE
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-0999 HIGH PATCH This Week

Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-1006 HIGH PATCH This Week

Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-5705 HIGH This Week

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-1426 HIGH PATCH This Week

Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow Chrome Android +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-52902 HIGH This Week

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Cognos Controller Controller
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46272 HIGH This Week

Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, allows an attacker to execute arbitrary code via the implementation of the ah_auth service. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-51298 MEDIUM POC This Month

PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Event Booking Calendar
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-37359 HIGH This Week

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-24965 HIGH PATCH This Week

crun is an open source OCI Container Runtime fully written in C. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Red Hat Suse
NVD GitHub
CVSS 4.0
8.5
EPSS
0.4%
CVE-2024-13483 HIGH PATCH This Week

The LTL Freight Quotes - SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2024-13479 HIGH PATCH This Week

The LTL Freight Quotes - SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2024-13489 HIGH PATCH This Week

The LTL Freight Quotes - Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2023-47160 HIGH This Week

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Cognos Controller Controller
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-52541 HIGH This Week

Dell Client Platform BIOS contains a Weak Authentication vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Alienware M15 R6 Firmware Alienware M15 R7 Firmware Alienware M16 R1 Firmware +389
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2020-10095 HIGH This Week

Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2024-45084 HIGH This Week

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection Cognos Controller Controller
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-0624 HIGH PATCH This Week

A flaw was found in grub2. Rated high severity (CVSS 7.6). No vendor patch available.

Memory Corruption Buffer Overflow RCE
NVD
CVSS 3.1
7.6
EPSS
1.5%
CVE-2025-0893 HIGH This Week

Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-13533 HIGH PATCH This Week

The Small Package Quotes - USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Small Package Quotes
NVD
CVSS 3.1
7.5
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy