| Page(s) : 1 ... 54 55 56 57 58 59 60 61 62 63 [64] 65 66 67 68 69 70 71 72 73 74 ... | Result(s) : 124961 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 6.4 | 2025-05-07 | CVE-2025-4171 | cve | The WZ Followed Posts – Display what visitors are reading plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wfp' shortcode in al... |
| 6.4 | 2025-05-07 | CVE-2025-4055 | cve | The Multiple Post Type Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mpto' shortcode in all versions up to, and includ... |
| 6.1 | 2025-05-07 | CVE-2025-4054 | cve | The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 ... |
| 5.4 | 2025-05-07 | CVE-2025-39361 | cve | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.This issue affec... |
| 5.3 | 2025-05-07 | CVE-2025-3924 | cve | The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up t... |
| 6.4 | 2025-05-07 | CVE-2025-3860 | cve | The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.7.2504.00 due to ... |
| 6.5 | 2025-05-07 | CVE-2025-3853 | cve | The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing va... |
| 4.3 | 2025-05-07 | CVE-2025-3851 | cve | The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the s... |
| 5.4 | 2025-05-07 | CVE-2025-3766 | cve | The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions u... |
| 5.3 | 2025-05-07 | CVE-2025-35939 | cve | Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. ... |
| 4.2 | 2025-05-07 | CVE-2025-32441 | cve | Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack sess... |
| 5.4 | 2025-05-07 | CVE-2025-3218 | cve | IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could u... |
| 5.3 | 2025-05-07 | CVE-2025-2821 | cve | The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions ... |
| 5.5 | 2025-05-07 | CVE-2025-20954 | cve | Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is re... |
| 4.4 | 2025-05-07 | CVE-2025-20953 | cve | Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. |
| 6.7 | 2025-05-07 | CVE-2025-20937 | cve | Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. |
| 4.7 | 2025-05-07 | CVE-2025-20223 | cve | A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an int... |
| 4.7 | 2025-05-07 | CVE-2025-20216 | cve | A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the bro... |
| 4.3 | 2025-05-07 | CVE-2025-20214 | cve | A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read acce... |
| 5.5 | 2025-05-07 | CVE-2025-20213 | cve | A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the loca... |
| Page(s) : 1 ... 54 55 56 57 58 59 60 61 62 63 [64] 65 66 67 68 69 70 71 72 73 74 ... | Result(s) : 124961 |
