Skip to main content
CVE-2025-26794 HIGH PATCH Act Now

Exim mail server version 4.98 before 4.98.1 contains a remote SQL injection vulnerability when SQLite hints and ETRN serialization features are enabled. The vulnerability allows remote attackers to inject SQL through crafted SMTP commands, potentially compromising the mail server's configuration and queued messages.

SQLi Exim Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
72.1%
CVE-2025-1538 HIGH POC This Week

A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dap 1320 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
0.8%
CVE-2025-26013 HIGH POC This Week

An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Loggrove
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-25282 HIGH POC This Week

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ragflow
NVD GitHub
CVSS 3.0
8.1
EPSS
0.1%
CVE-2024-57176 HIGH POC This Week

An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal White Jotter
NVD GitHub
CVSS 3.1
7.6
EPSS
0.5%
CVE-2025-25876 HIGH POC This Week

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP SQLi Simple Chatbox
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-13353 HIGH PATCH This Week

The Responsive Addons for Elementor - Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PHP RCE LFI WordPress +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-1539 HIGH This Week

A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Buffer Overflow Dap 1320 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-9150 HIGH This Week

Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ssti
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-1403 HIGH PATCH This Week

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service Qiskit
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2025-25769 HIGH This Week

Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Wangmarket
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-27106 HIGH This Week

binance-trading-bot is an automated Binance trading bot with trailing buy/sell strategy. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 4.0
7.7
EPSS
1.5%
CVE-2024-11260 HIGH This Week

The Events Manager - Calendar, Bookings, Tickets, and more!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Events Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-27108 HIGH PATCH This Week

dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dom Expressions
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-27109 HIGH PATCH This Week

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-0726 HIGH PATCH This Week

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Threadx Netx Duo
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-1471 HIGH PATCH This Week

In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Omr
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy