Skip to main content
CVE-2025-25871 HIGH POC This Week

An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openpanel
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-55549 HIGH POC PATCH This Week

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Libxslt Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24855 HIGH POC PATCH This Week

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Libxslt Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-52927 HIGH POC PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Memory Corruption Linux Information Disclosure Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-2221 HIGH POC PATCH This Week

The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Wpcom Member PHP
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-29387 HIGH POC This Week

In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow RCE Ac9 Firmware
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-8176 HIGH PATCH CISA Act Now

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46662 HIGH This Week

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation Fortinet Fortimanager Fortimanager Cloud
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-12810 HIGH This Week

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Jobcareer
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-2103 HIGH This Week

The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation Soundrise PHP
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-13376 HIGH This Week

The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-13913 HIGH This Week

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP CSRF RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-54445 HIGH This Week

Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-54449 HIGH This Week

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Logicaldoc
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-12245 HIGH This Week

Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-29776 HIGH PATCH This Week

Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-54448 HIGH This Week

The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Logicaldoc
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2023-45588 HIGH This Week

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Forticlient
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-0952 HIGH This Week

The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Denial Of Service PHP
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-2056 HIGH PATCH This Week

The WP Ghost (Hide My WP Ghost) - Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Path Traversal Hide My Wp Ghost PHP
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-26006 HIGH This Week

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Fortinet Fortios Fortiproxy
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-11283 HIGH This Week

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Jobcareer
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-13321 HIGH This Week

The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Analyticswp
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-27594 HIGH This Week

The device uses an unencrypted, proprietary protocol for communication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-1764 HIGH This Week

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13773 HIGH This Week

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Civi
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-12019 HIGH This Week

The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-54447 HIGH This Week

Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-54446 HIGH This Week

Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy