Skip to main content
CVE-2025-1232 HIGH POC THREAT Act Now

The Site Reviews WordPress plugin before version 7.2.5 contains a stored XSS vulnerability via review fields. Unauthenticated users can inject malicious scripts through review submissions that execute when administrators view the reviews in the dashboard, enabling admin session hijacking.

WordPress XSS Site Reviews PHP
NVD WPScan
CVSS 3.1
8.8
EPSS
53.1%
Threat
4.9
CVE-2025-29401 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection File Upload Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-29137 CRITICAL POC Act Now

Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac7 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-29925 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-27782 HIGH POC This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Deserialization Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
3.6%
CVE-2025-29926 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 4.0
7.9
EPSS
1.5%
CVE-2025-2476 HIGH PATCH Act Now

Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.4% and no vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
16.4%
CVE-2025-27787 HIGH POC This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Applio
NVD GitHub
CVSS 4.0
7.8
EPSS
0.3%
CVE-2025-27784 HIGH POC This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-29118 MEDIUM POC This Month

Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2512 CRITICAL Act Now

The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2025-29405 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Emlog
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-55009 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibliographic collection management system 3.1.140 and earlier allows attackers to execute arbitrary Javascript in the context of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Autobib
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-13790 CRITICAL Act Now

The MinimogWP - The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE LFI WordPress
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-27781 HIGH PATCH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.9
EPSS
5.1%
CVE-2024-13442 CRITICAL Act Now

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-57061 CRITICAL Act Now

An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27780 HIGH PATCH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.9
EPSS
4.6%
CVE-2025-27779 HIGH PATCH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.9
EPSS
4.6%
CVE-2025-27778 HIGH PATCH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.9
EPSS
3.4%
CVE-2025-29783 CRITICAL PATCH Act Now

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Vllm Red Hat
NVD GitHub
CVSS 3.1
9.0
EPSS
1.7%
CVE-2025-27775 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-27774 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-27776 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2024-12920 HIGH This Week

The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-13933 HIGH This Week

The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-29924 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xwiki
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-51459 HIGH This Week

IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-55551 HIGH This Week

An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Jdbc Driver
NVD GitHub
CVSS 3.1
8.3
EPSS
0.5%
CVE-2025-30234 HIGH This Week

SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image (a Debian 12 LX zone image from 2024-07-26). Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Debian
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-27783 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Deserialization Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
2.1%
CVE-2025-27786 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Applio
NVD GitHub
CVSS 4.0
7.8
EPSS
0.4%
CVE-2025-27785 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
0.3%
CVE-2025-27777 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
0.2%
CVE-2024-12137 HIGH This Week

Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.01.01. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-30153 HIGH PATCH This Week

kin-openapi is a Go project for handling OpenAPI files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-27415 HIGH PATCH This Week

Nuxt is an open-source web development framework for Vue.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nuxt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-12136 MEDIUM This Month

Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass.01.01. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-30144 MEDIUM PATCH This Month

fast-jwt provides fast JSON Web Token (JWT) implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2025-30258 LOW POC Monitor

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify. Rated low severity (CVSS 2.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Gnupg
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-29770 MEDIUM PATCH This Month

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Vllm Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30152 MEDIUM PATCH This Month

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-30196 MEDIUM This Month

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Anchorchain
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-26816 MEDIUM This Month

A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-27018 MEDIUM PATCH This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Apache Airflow Providers Mysql
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-30092 MEDIUM This Month

Intrexx Portal Server 12.x <= 12.0.2 and 11.x <= 11.9.2 allows XSS in multiple Velocity scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-26486 MEDIUM This Month

Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-2324 MEDIUM This Month

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.1.0 before 2023.1.12, from 2024.0.0 before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Moveit Transfer
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-26485 MEDIUM This Month

A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts (in case of the usage of a wrong password or a non existent user). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-0431 MEDIUM This Month

Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy