Skip to main content
CVE-2025-27607 HIGH POC PATCH This Week

Python JSON Logger is a JSON Formatter for Python Logging. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Python Json Logger Red Hat Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
9.3%
CVE-2025-2097 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316.cgi. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2025-27152 HIGH POC PATCH MAL This Week

axios is a promise based HTTP client for the browser and node.js. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Node.js Axios Red Hat Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2024-13668 HIGH POC This Week

The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Activity O Meter
NVD WPScan
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-12035 HIGH This Week

The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE Path Traversal
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2025-27597 HIGH PATCH This Week

Vue I18n is the internationalization plugin for Vue.js. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Node.js Denial Of Service
NVD GitHub
CVSS 4.0
8.9
EPSS
0.3%
CVE-2025-1309 HIGH This Week

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-9658 HIGH This Week

The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation School Management System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0959 HIGH This Week

The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up to, and including, 3.9.9.2 due to insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Eventer PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-53694 HIGH This Week

A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2024-13655 HIGH This Week

The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Denial Of Service
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-0749 HIGH This Week

The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-10804 HIGH This Week

The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2025-2024 HIGH This Week

Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Sketchup
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-26331 HIGH This Week

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell Thinos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-12837 HIGH This Week

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-50390 HIGH This Week

A command injection vulnerability has been reported to affect QHora. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
CVSS 4.0
7.7
EPSS
0.4%
CVE-2024-50394 HIGH This Week

An improper certificate validation vulnerability has been reported to affect Helpdesk. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Helpdesk
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2024-13320 HIGH This Week

The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wc_filter_price_meta[where]' parameter in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-27604 HIGH PATCH This Week

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Atlassian Information Disclosure Confluence Migrator
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-12036 HIGH This Week

The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-27822 HIGH This Week

An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13906 HIGH This Week

The Gallery by BestWebSoft - Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress PHP Deserialization
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2025-0162 HIGH This Week

IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Aspera Shares
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-53693 HIGH This Week

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Code Injection Qts Quts Hero
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-1886 HIGH This Week

Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-1887 HIGH This Week

SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy