| Page(s) : 1 ... 309 310 311 312 313 314 315 316 317 318 [319] 320 321 322 323 324 325 326 327 328 329 ... | Result(s) : 324741 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-05-07 | CVE-2025-45388 | cve | Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user c... |
| N/A | 2025-05-07 | CVE-2025-43878 | cve | When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing s... |
| 8.8 | 2025-05-07 | CVE-2025-4335 | cve | The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrict... |
| 6.4 | 2025-05-07 | CVE-2025-4220 | cve | The Xavin's List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and inclu... |
| 6.4 | 2025-05-07 | CVE-2025-4171 | cve | The WZ Followed Posts – Display what visitors are reading plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wfp' shortcode in al... |
| N/A | 2025-05-07 | CVE-2025-41433 | cve | When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed r... |
| N/A | 2025-05-07 | CVE-2025-41431 | cve | When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems i... |
| N/A | 2025-05-07 | CVE-2025-41414 | cve | When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of... |
| N/A | 2025-05-07 | CVE-2025-41399 | cve | When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: So... |
| 9.8 | 2025-05-07 | CVE-2025-4104 | cve | The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() function in versions... |
| 6.4 | 2025-05-07 | CVE-2025-4055 | cve | The Multiple Post Type Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mpto' shortcode in all versions up to, and includ... |
| 6.1 | 2025-05-07 | CVE-2025-4054 | cve | The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 ... |
| N/A | 2025-05-07 | CVE-2025-4043 | cve | An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot. |
| N/A | 2025-05-07 | CVE-2025-39361 | cve | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.This issue affec... |
| N/A | 2025-05-07 | CVE-2025-3925 | cve | BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for... |
| 5.3 | 2025-05-07 | CVE-2025-3924 | cve | The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up t... |
| 8.2 | 2025-05-07 | CVE-2025-3921 | cve | The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() functi... |
| 6.4 | 2025-05-07 | CVE-2025-3860 | cve | The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.7.2504.00 due to ... |
| 6.5 | 2025-05-07 | CVE-2025-3853 | cve | The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing va... |
| 8.8 | 2025-05-07 | CVE-2025-3852 | cve | The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly vali... |
| Page(s) : 1 ... 309 310 311 312 313 314 315 316 317 318 [319] 320 321 322 323 324 325 326 327 328 329 ... | Result(s) : 324741 |
