Skip to main content
CVE-2025-1974 CRITICAL POC PATCH THREAT CERT-EU Act Now

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access to achieve arbitrary code execution in the controller context. Dubbed 'IngressNightmare', this flaw exposes cluster Secrets including TLS certificates and service account tokens accessible to the ingress controller.

Nginx RCE Kubernetes Red Hat Suse
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
90.3%
Threat
6.2
CVE-2025-1098 HIGH POC PATCH THREAT CERT-EU Act Now

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress annotations. Attackers can inject arbitrary NGINX configuration directives that lead to code execution in the ingress controller context, exposing cluster Secrets. This is a companion vulnerability to CVE-2025-1974 (IngressNightmare).

Nginx RCE Kubernetes Red Hat Suse
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
49.9%
Threat
4.8
CVE-2025-29635 HIGH POC KEV THREAT Act Now

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.6%
Threat
4.5
CVE-2025-24514 HIGH POC PATCH THREAT CERT-EU Act Now

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

Nginx RCE Kubernetes Red Hat Suse
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
23.0%
Threat
4.0
CVE-2025-1097 HIGH POC PATCH THREAT CERT-EU Act Now

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Nginx RCE Kubernetes Red Hat Suse
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
20.8%
CVE-2025-30567 HIGH POC THREAT Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wp01ru WP01 allows Path Traversal.6.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.2% and no vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
27.2%
CVE-2025-30216 CRITICAL POC PATCH Act Now

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE Cryptolib
NVD GitHub
CVSS 3.1
9.4
EPSS
5.9%
CVE-2025-25373 CRITICAL POC Act Now

The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-13617 HIGH POC This Week

The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Downloadable By American Osteopathic Association
NVD WPScan
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-25371 HIGH POC This Week

NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-25374 HIGH POC This Week

In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-25372 HIGH POC This Week

NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-13863 HIGH POC This Week

The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Stylish Google Sheet Reader
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-2736 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2739 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2740 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Old Age Home Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2734 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-55029 MEDIUM POC This Month

NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fprime
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-10566 MEDIUM POC This Month

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Slider
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-10565 MEDIUM POC This Month

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Slider
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-11272 MEDIUM POC This Month

The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pirate Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-42533 CRITICAL Act Now

SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-10105 MEDIUM POC This Month

The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jobs For Wordpress
NVD WPScan
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-27837 CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ghostscript Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-27836 CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27831 CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27832 CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-30091 CRITICAL Act Now

In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE
NVD
CVSS 4.0
9.4
EPSS
1.0%
CVE-2025-2752 MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic.h of the component CSM File Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-2743 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ruoyi Vue Pro
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-2757 MEDIUM POC PATCH This Month

A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2756 MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2755 MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2753 MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2750 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-28904 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shamalli Web Directory Free allows Blind SQL Injection.7.6. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2024-45480 CRITICAL Act Now

An improper control of generation of code ('Code Injection') vulnerability in the AprolCreateReport component of B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to read files. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2025-2319 HIGH This Week

The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-12169 HIGH This Week

A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-8313 HIGH This Week

An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-1445 HIGH This Week

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-9770 MEDIUM POC This Month

The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Recall
NVD WPScan
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-2725 HIGH This Week

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2732 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2731 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2730 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2729 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2728 HIGH This Week

A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2727 HIGH This Week

A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2726 HIGH This Week

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy