Skip to main content
CVE-2025-8281 HIGH POC This Month

The WP Talroo WordPress plugin through 2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Talroo PHP
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-41451 HIGH This Month

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
8.7
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy