8.8

CVSS3.1

CVE-2025-1653 - Directory Listings WordPress plugin – uListing <= 2.1.7 - Authenticated (Subscriber+) Privilege Esc…

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possib…

πŸ“… Published: March 15, 2025, 2:22 a.m. πŸ”„ Last Modified: March 15, 2025, 3:15 a.m.

8.8

CVSS3.1

CVE-2025-1657 - Directory Listings WordPress plugin – uListing <= 2.1.7 - Missing Authorization to Authenticated (S…

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authentic…

πŸ“… Published: March 15, 2025, 2:22 a.m. πŸ”„ Last Modified: March 15, 2025, 3:15 a.m.

8.6

CVSS3.1

CVE-2025-30066 -

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)

πŸ“… Published: March 15, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 3:47 p.m.

0.0

CVE-2025-2333 -

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

πŸ“… Published: March 14, 2025, 11:59 p.m. πŸ”„ Last Modified: March 15, 2025, 12:15 p.m.

6.9

CVSS4.0

CVE-2025-2320 - 274056675 springboot-openai-chatgpt User submit improper authorization

A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launc…

πŸ“… Published: March 14, 2025, 10 p.m. πŸ”„ Last Modified: March 17, 2025, 3:20 p.m.

3.5

CVSS3.1

CVE-2025-2295 - Potential iSCSI R2T PDU Vulnerability

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

πŸ“… Published: March 14, 2025, 9:35 p.m. πŸ”„ Last Modified: March 14, 2025, 10:15 p.m.

4.8

CVSS4.0

CVE-2025-2310 - HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow

A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and m…

πŸ“… Published: March 14, 2025, 9 p.m. πŸ”„ Last Modified: March 14, 2025, 9:15 p.m.

4.8

CVSS4.0

CVE-2025-2309 - HDF5 Type Conversion Logic H5T__bit_copy heap-based overflow

A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclo…

πŸ“… Published: March 14, 2025, 9 p.m. πŸ”„ Last Modified: March 14, 2025, 9:15 p.m.

4.8

CVSS4.0

CVE-2025-2308 - HDF5 Scale-Offset Filter H5Z__scaleoffset_decompress_one_byte heap-based overflow

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclo…

πŸ“… Published: March 14, 2025, 8:31 p.m. πŸ”„ Last Modified: March 14, 2025, 9:15 p.m.

6.4

CVSS4.0

CVE-2025-29782 - WeGIA Cross-Site Scripting (XSS) Stored in endpoint `adicionar_tipo_docs_atendido.php` parameter `t…

WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the `tipo` …

πŸ“… Published: March 14, 2025, 7:05 p.m. πŸ”„ Last Modified: March 14, 2025, 7:15 p.m.
Total resulsts: 285494
Page 19 of 28,550
Β« previous page Β» next page
Filters