| Page(s) : 1 ... 298 299 300 301 302 303 304 305 306 307 [308] 309 310 311 312 313 314 315 316 317 318 ... | Result(s) : 299046 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.8 | 2025-05-07 | CVE-2025-4104 | cve | The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() function in versions... |
| 6.4 | 2025-05-07 | CVE-2025-4055 | cve | The Multiple Post Type Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mpto' shortcode in all versions up to, and includ... |
| 6.1 | 2025-05-07 | CVE-2025-4054 | cve | The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 ... |
| N/A | 2025-05-07 | CVE-2025-4043 | cve | An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot. |
| N/A | 2025-05-07 | CVE-2025-39361 | cve | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.This issue affec... |
| N/A | 2025-05-07 | CVE-2025-3925 | cve | BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for... |
| 5.3 | 2025-05-07 | CVE-2025-3924 | cve | The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up t... |
| 8.2 | 2025-05-07 | CVE-2025-3921 | cve | The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() functi... |
| 6.4 | 2025-05-07 | CVE-2025-3860 | cve | The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.7.2504.00 due to ... |
| 6.5 | 2025-05-07 | CVE-2025-3853 | cve | The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing va... |
| 8.8 | 2025-05-07 | CVE-2025-3852 | cve | The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly vali... |
| 4.3 | 2025-05-07 | CVE-2025-3851 | cve | The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the s... |
| 9.8 | 2025-05-07 | CVE-2025-3844 | cve | The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not hav... |
| 5.4 | 2025-05-07 | CVE-2025-3766 | cve | The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions u... |
| N/A | 2025-05-07 | CVE-2025-36557 | cve | When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to termina... |
| N/A | 2025-05-07 | CVE-2025-36546 | cve | On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-bas... |
| N/A | 2025-05-07 | CVE-2025-36525 | cve | When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of... |
| N/A | 2025-05-07 | CVE-2025-36504 | cve | When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions w... |
| N/A | 2025-05-07 | CVE-2025-35995 | cve | When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed r... |
| 5.3 | 2025-05-07 | CVE-2025-35939 | cve | Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. ... |
| Page(s) : 1 ... 298 299 300 301 302 303 304 305 306 307 [308] 309 310 311 312 313 314 315 316 317 318 ... | Result(s) : 299046 |
