7.5

CVSS3.1

CVE-2025-27594 - Unencrypted transmission of password hash

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack.

๐Ÿ“… Published: March 14, 2025, 12:50 p.m. ๐Ÿ”„ Last Modified: March 14, 2025, 1:35 p.m.

6.5

CVSS3.1

CVE-2025-26626 - GLPI Inventory Plugin vulnerable to reflective Cross-site Scripting

The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue.

๐Ÿ“… Published: March 14, 2025, 12:47 p.m. ๐Ÿ”„ Last Modified: March 14, 2025, 1:36 p.m.

9.3

CVSS3.1

CVE-2025-27593 - RCE due to Device Driver

The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.

๐Ÿ“… Published: March 14, 2025, 12:46 p.m. ๐Ÿ”„ Last Modified: March 14, 2025, 1:36 p.m.

9.4

CVSS4.0

CVE-2025-2304 - Camaleon CMS Privilege Escalation

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit!ย method, which allows all parameters to pass through without aโ€ฆ

๐Ÿ“… Published: March 14, 2025, 12:34 p.m. ๐Ÿ”„ Last Modified: March 17, 2025, 7:45 a.m.

7.3

CVSS3.1

CVE-2024-13773 - Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Sensitive Information Exposure

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedInโ€ฆ

๐Ÿ“… Published: March 14, 2025, 11:15 a.m. ๐Ÿ”„ Last Modified: March 14, 2025, 12:28 p.m.

5.6

CVSS3.1

CVE-2024-13772 - Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Non-Rโ€ฆ

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-On via Google or Facebook. This makes it possible forโ€ฆ

๐Ÿ“… Published: March 14, 2025, 11:15 a.m. ๐Ÿ”„ Last Modified: March 14, 2025, 12:35 p.m.

9.8

CVSS3.1

CVE-2025-2232 - Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'

The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticโ€ฆ

๐Ÿ“… Published: March 14, 2025, 11:15 a.m. ๐Ÿ”„ Last Modified: March 14, 2025, 12:42 p.m.

9.8

CVSS3.1

CVE-2024-13771 - Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Passwโ€ฆ

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change tโ€ฆ

๐Ÿ“… Published: March 14, 2025, 11:15 a.m. ๐Ÿ”„ Last Modified: March 14, 2025, 12:15 p.m.

8.8

CVSS3.1

CVE-2024-12810 - JobCareer | Job Board Responsive WordPress Theme <= 7.1 - Missing Authorization to Authenticated (Sโ€ฆ

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with โ€ฆ

๐Ÿ“… Published: March 14, 2025, 11:15 a.m. ๐Ÿ”„ Last Modified: March 14, 2025, 12:51 p.m.

6.9

CVSS3.1

CVE-2024-26006 -

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unaโ€ฆ

๐Ÿ“… Published: March 14, 2025, 9:24 a.m. ๐Ÿ”„ Last Modified: March 15, 2025, 3:55 a.m.
Total resulsts: 285464
Page 20 of 28,547
ยซ previous page ยป next page
Filters