| Page(s) : 1 ... 415 416 417 418 419 420 421 422 423 424 [425] 426 427 428 429 430 431 432 433 434 435 ... | Result(s) : 325186 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.8 | 2025-04-24 | CVE-2025-31324 | cve | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries ... |
| 8.8 | 2025-04-24 | CVE-2025-3101 | cve | The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly valida... |
| 9.1 | 2025-04-24 | CVE-2025-3065 | cve | The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This mak... |
| 8.8 | 2025-04-24 | CVE-2025-3058 | cve | The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwc_sav... |
| N/A | 2025-04-24 | CVE-2025-30409 | cve | Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904. |
| N/A | 2025-04-24 | CVE-2025-30408 | cve | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber... |
| N/A | 2025-04-24 | CVE-2025-29568 | cve | A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class... |
| N/A | 2025-04-24 | CVE-2025-29529 | cve | ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx. |
| N/A | 2025-04-24 | CVE-2025-27820 | cve | A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team... |
| N/A | 2025-04-24 | CVE-2025-27581 | cve | NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known end... |
| N/A | 2025-04-24 | CVE-2025-27580 | cve | NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) an... |
| N/A | 2025-04-24 | CVE-2025-26382 | cve | Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue |
| 6.4 | 2025-04-24 | CVE-2025-2579 | cve | The Lottie Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 1.1.8 due to insufficient input saniti... |
| N/A | 2025-04-24 | CVE-2025-25777 | cve | Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attac... |
| N/A | 2025-04-24 | CVE-2025-2558 | cve | The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to per... |
| 6.4 | 2025-04-24 | CVE-2025-2543 | cve | The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.1 due to ... |
| 6.7 | 2025-04-24 | CVE-2025-1976 | cve | Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privile... |
| N/A | 2025-04-24 | CVE-2025-1908 | cve | An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all ... |
| N/A | 2025-04-24 | CVE-2025-1453 | cve | The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Store... |
| 7.2 | 2025-04-24 | CVE-2025-1294 | cve | The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.18.0 due to insufficient input sanit... |
| Page(s) : 1 ... 415 416 417 418 419 420 421 422 423 424 [425] 426 427 428 429 430 431 432 433 434 435 ... | Result(s) : 325186 |
