Skip to main content
CVE-2025-1232 HIGH POC THREAT Act Now

The Site Reviews WordPress plugin before version 7.2.5 contains a stored XSS vulnerability via review fields. Unauthenticated users can inject malicious scripts through review submissions that execute when administrators view the reviews in the dashboard, enabling admin session hijacking.

WordPress XSS Site Reviews PHP
NVD WPScan
CVSS 3.1
8.8
EPSS
53.1%
Threat
4.9
CVE-2025-29925 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-27782 HIGH POC This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Deserialization Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
3.6%
CVE-2025-29926 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 4.0
7.9
EPSS
1.5%
CVE-2025-2476 HIGH PATCH Act Now

Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.4% and no vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
16.4%
CVE-2025-27787 HIGH POC This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Applio
NVD GitHub
CVSS 4.0
7.8
EPSS
0.3%
CVE-2025-27784 HIGH POC This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-27781 HIGH PATCH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.9
EPSS
5.1%
CVE-2025-27780 HIGH PATCH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.9
EPSS
4.6%
CVE-2025-27779 HIGH PATCH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.9
EPSS
4.6%
CVE-2025-27778 HIGH PATCH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.9
EPSS
3.4%
CVE-2025-27775 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-27774 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-27776 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2024-12920 HIGH This Week

The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-13933 HIGH This Week

The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-29924 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xwiki
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-51459 HIGH This Week

IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-55551 HIGH This Week

An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Jdbc Driver
NVD GitHub
CVSS 3.1
8.3
EPSS
0.5%
CVE-2025-30234 HIGH This Week

SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image (a Debian 12 LX zone image from 2024-07-26). Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Debian
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-27783 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Deserialization Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
2.1%
CVE-2025-27786 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Applio
NVD GitHub
CVSS 4.0
7.8
EPSS
0.4%
CVE-2025-27785 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
0.3%
CVE-2025-27777 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
0.2%
CVE-2024-12137 HIGH This Week

Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.01.01. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-30153 HIGH PATCH This Week

kin-openapi is a Go project for handling OpenAPI files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-27415 HIGH PATCH This Week

Nuxt is an open-source web development framework for Vue.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nuxt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-30154 HIGH POC KEV PATCH THREAT Act Now

reviewdog/action-setup GitHub Action was compromised with malicious code that dumped CI/CD secrets to workflow logs, affecting all reviewdog actions that depend on this setup action.

Information Disclosure Action Ast Grep Action Composite Template Action Setup Action Shellcheck +2
NVD GitHub
CVSS 3.1
8.6
EPSS
15.4%
CVE-2024-13412 HIGH This Month

The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-30236 HIGH This Month

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-50631 HIGH This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology SQLi Drive Server
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-50630 HIGH This Month

Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Authentication Bypass Drive Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-12295 HIGH This Month

The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-10444 HIGH This Month

Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Synology Diskstation Manager
NVD
CVSS 3.1
7.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy