Skip to main content
CVE-2025-24989 HIGH KEV PATCH THREAT Act Now

Microsoft Power Pages contains an improper access control vulnerability allowing unauthenticated attackers to elevate privileges and bypass user registration controls over the network.

Authentication Bypass Power Pages
NVD
CVSS 3.1
8.2
EPSS
25.7%
CVE-2023-51302 HIGH POC This Week

PHPJabbers Hotel Booking System v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Hotel Booking System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-27092 HIGH POC PATCH This Week

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Path Traversal Ghosts
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-1024 HIGH POC This Week

A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass XSS Churchcrm
NVD GitHub
CVSS 4.0
8.4
EPSS
0.1%
CVE-2024-13478 HIGH PATCH Act Now

The LTL Freight Quotes - TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.3%.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
24.3%
CVE-2025-25943 HIGH POC This Week

Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Code Injection Bento4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-51301 HIGH POC This Week

A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hotel Booking System
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-51293 HIGH POC This Week

A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Event Booking Calendar v4.0 allows attackers to send an excessive amount of email for a legitimate user,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Event Booking Calendar
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-25944 HIGH POC This Week

Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Code Injection Bento4
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-13485 HIGH PATCH Act Now

The LTL Freight Quotes - ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1%.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
15.1%
CVE-2024-13481 HIGH PATCH Act Now

The LTL Freight Quotes - R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1%.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
15.1%
CVE-2025-21355 HIGH PATCH This Week

Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Bing
NVD
CVSS 3.1
8.6
EPSS
6.7%
CVE-2024-28777 HIGH This Week

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Deserialization Denial Of Service Cognos Controller +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-5706 HIGH This Week

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure RCE
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-0999 HIGH PATCH This Week

Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-1006 HIGH PATCH This Week

Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-5705 HIGH This Week

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-1426 HIGH PATCH This Week

Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow Chrome Android +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-52902 HIGH This Week

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Cognos Controller Controller
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46272 HIGH This Week

Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, allows an attacker to execute arbitrary code via the implementation of the ah_auth service. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-37359 HIGH This Week

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-24965 HIGH PATCH This Week

crun is an open source OCI Container Runtime fully written in C. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Red Hat Suse
NVD GitHub
CVSS 4.0
8.5
EPSS
0.4%
CVE-2024-13483 HIGH PATCH This Week

The LTL Freight Quotes - SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2024-13479 HIGH PATCH This Week

The LTL Freight Quotes - SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2024-13489 HIGH PATCH This Week

The LTL Freight Quotes - Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2023-47160 HIGH This Week

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Cognos Controller Controller
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-52541 HIGH This Week

Dell Client Platform BIOS contains a Weak Authentication vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Alienware M15 R6 Firmware Alienware M15 R7 Firmware Alienware M16 R1 Firmware +389
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2020-10095 HIGH This Week

Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2024-45084 HIGH This Week

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection Cognos Controller Controller
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-0624 HIGH PATCH This Week

A flaw was found in grub2. Rated high severity (CVSS 7.6). No vendor patch available.

Memory Corruption Buffer Overflow RCE
NVD
CVSS 3.1
7.6
EPSS
1.5%
CVE-2025-0893 HIGH This Week

Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-13533 HIGH PATCH This Week

The Small Package Quotes - USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Small Package Quotes
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-13534 HIGH PATCH This Week

The Small Package Quotes - Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-13491 HIGH PATCH This Week

The Small Package Quotes - For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Small Package Quotes
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-13468 HIGH This Week

The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-13592 HIGH This Week

The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure PHP RCE LFI WordPress +2
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-0916 HIGH PATCH This Week

The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft Google WordPress XSS Yaysmtp +1
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-11582 HIGH This Week

The Subscribe2 - Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-57262 HIGH This Week

In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-57261 HIGH This Week

In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow
NVD
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy