6.9

CVSS4.0

CVE-2025-2342 - IROAD X5 Mobile App API Endpoint hard-coded credentials

A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the p…

πŸ“… Published: March 16, 2025, 4 p.m. πŸ”„ Last Modified: March 17, 2025, 2:18 p.m.

2.3

CVSS4.0

CVE-2025-2341 - IROAD Dash Cam X5 SSID default credentials

A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The complexity of an at…

πŸ“… Published: March 16, 2025, 2:31 p.m. πŸ”„ Last Modified: March 17, 2025, 2:21 p.m.

4.8

CVSS4.0

CVE-2025-2340 - otale Tale Blog Site Settings save saveOptions cross site scripting

A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be initiat…

πŸ“… Published: March 16, 2025, 1:31 p.m. πŸ”„ Last Modified: March 17, 2025, 2:21 p.m.

6.9

CVSS4.0

CVE-2025-2339 - otale Tale Blog logs improper authentication

A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and …

πŸ“… Published: March 16, 2025, 1 p.m. πŸ”„ Last Modified: March 17, 2025, 3:15 p.m.

5.3

CVSS4.0

CVE-2025-2338 - tbeu matio io.c strdup_vprintf heap-based overflow

A vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Affected is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may b…

πŸ“… Published: March 16, 2025, 12:31 p.m. πŸ”„ Last Modified: March 17, 2025, 3:15 p.m.

5.3

CVSS4.0

CVE-2025-2337 - tbeu matio mat.c Mat_VarPrint heap-based overflow

A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of the file src/mat.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and ma…

πŸ“… Published: March 16, 2025, 9:31 a.m. πŸ”„ Last Modified: March 17, 2025, 3:15 p.m.

3.5

CVSS3.1

CVE-2025-1624 - GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

πŸ“… Published: March 16, 2025, 6 a.m. πŸ”„ Last Modified: March 17, 2025, 6:15 p.m.

3.5

CVSS3.1

CVE-2025-1623 - GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

πŸ“… Published: March 16, 2025, 6 a.m. πŸ”„ Last Modified: March 17, 2025, 6:15 p.m.

3.5

CVSS3.1

CVE-2025-1622 - GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

πŸ“… Published: March 16, 2025, 6 a.m. πŸ”„ Last Modified: March 17, 2025, 7:15 p.m.

4.8

CVSS3.1

CVE-2025-1621 - GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

πŸ“… Published: March 16, 2025, 6 a.m. πŸ”„ Last Modified: March 17, 2025, 4:15 p.m.
Total resulsts: 285586
Page 15 of 28,559
Β« previous page Β» next page
Filters