Skip to main content
CVE-2024-55211 HIGH POC This Week

An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tk Rt Wr135G Firmware
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-1290 HIGH POC This Week

A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption RCE Chrome Os Chrome
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-29039 HIGH POC This Week

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection D-Link Dir 823x Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
3.0%
CVE-2025-29458 HIGH POC This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mybb
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29457 HIGH POC This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mybb
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29461 HIGH POC This Week

An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF A Blogcms
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29459 HIGH POC This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mybb
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29452 HIGH POC This Week

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seo Panel
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29451 HIGH POC This Week

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seo Panel
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2024-13925 HIGH POC This Week

The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Klarna Checkout For Woocommerce
NVD WPScan
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-24752 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Reflected XSS.0.14. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
7.1
EPSS
2.4%
CVE-2025-25455 HIGH POC This Week

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-25454 HIGH POC This Week

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-25457 HIGH POC This Week

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-29661 HIGH POC This Week

Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Litepubl Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-55238 HIGH POC This Week

OpenMetadata <=1.4.1 is vulnerable to SQL Injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openmetadata
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39527 HIGH This Week

Deserialization of Untrusted Data vulnerability in bestwebsoft Rating by BestWebSoft allows Object Injection.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-32686 HIGH This Week

Deserialization of Untrusted Data vulnerability in WP Speedo Team Members allows Object Injection.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-32662 HIGH This Week

Deserialization of Untrusted Data vulnerability in Stylemix uListing allows Object Injection.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-32647 HIGH This Week

Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer allows Object Injection.2.70. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-32571 HIGH This Week

Deserialization of Untrusted Data vulnerability in turitop TuriTop Booking System allows Object Injection.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-39542 HIGH This Week

Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat allows Privilege Escalation.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-39533 HIGH This Week

Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing allows Privilege Escalation.1.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-26323 HIGH This Week

Incorrect Use of Privileged APIs vulnerability in OpenText™ Operations Bridge Manager, OpenText™ Operations Bridge Suite (Containerized), OpenText™ UCMDB ( Classic and Containerized) allows Privilege. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-3246 HIGH This Week

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Enterprise Server
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-39586 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection.9.4.8. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-39569 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection.0.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-32573 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiotviet KiotViet Sync allows SQL Injection.8.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-2903 HIGH This Week

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-43015 HIGH This Week

In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rubymine
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-43012 HIGH This Week

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Toolbox
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-32593 HIGH This Week

Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.0.6. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2025-22636 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vicente Ruiz Gálvez VR-Frases allows Reflected XSS.0.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-39526 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-1532 HIGH This Week

Phoneservice module is affected by code injection vulnerability, successful exploitation of this vulnerability may affect service confidentiality and integrity. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Phoneservice
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-2188 HIGH This Week

There is a whitelist mechanism bypass in GameCenter ,successful exploitation of this vulnerability may affect service confidentiality and integrity. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gamecenter
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-43715 HIGH This Week

Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2021-47670 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-47669 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: can: vxcan: vxcan_xmit: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-47668 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-29460 HIGH This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mybb
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2025-3294 HIGH PATCH This Week

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress RCE Path Traversal Wp Editor PHP
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2025-39462 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in teamzt Smart Agreements allows PHP Local File Inclusion.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-39461 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache allows PHP Local File Inclusion.07.02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-39429 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Földesi, Mihály Széchenyi 2020 Logo allows PHP Local File Inclusion.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-31030 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jbhovik Ray Enterprise Translation allows PHP Local File Inclusion.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-39568 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-39452 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.2.32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-32635 HIGH This Week

Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support allows Retrieve Embedded Sensitive Data.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-32594 HIGH This Week

Insertion of Sensitive Information Into Sent Data vulnerability in WPMinds Simple WP Events allows Retrieve Embedded Sensitive Data.8.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy