4.2

CVSS3.1

CVE-2025-24856 -

An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: (1) an attacker can anticipate the …

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 3:44 p.m.

5.4

CVSS3.1

CVE-2025-30089 -

gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences.

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 4:15 p.m.

5.8

CVSS3.1

CVE-2024-58103 -

Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt.

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 3:50 p.m.

6.2

CVSS3.1

CVE-2025-30077 -

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 4:15 p.m.

5.3

CVSS4.0

CVE-2025-2334 - 274056675 springboot-openai-chatgpt Chat History chat deleteChat access control

A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access co…

πŸ“… Published: March 15, 2025, 11 p.m. πŸ”„ Last Modified: March 17, 2025, 4:15 p.m.

8.5

CVSS3.1

CVE-2025-27281 - WordPress All In Menu Plugin <= 1.1.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cookforweb All In Menu allows Blind SQL Injection. This issue affects All In Menu: from n/a through 1.1.5.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 17, 2025, 4:09 p.m.

8.5

CVSS3.1

CVE-2025-26978 - WordPress FS Poster plugin <= 6.5.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 17, 2025, 4:09 p.m.

8.5

CVSS3.1

CVE-2025-26976 - WordPress PrivateContent plugin <= 8.11.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.4.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 18, 2025, 4:11 p.m.

7.1

CVSS3.1

CVE-2025-26972 - WordPress PrivateContent plugin <= 8.11.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 18, 2025, 4:12 p.m.

8.3

CVSS3.1

CVE-2025-26969 - WordPress PrivateContent plugin <= 8.11.5 - Subscriber+ Site Wide Broken Access Control vulnerabili…

Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 18, 2025, 4:13 p.m.
Total resulsts: 285658
Page 24 of 28,566
Β« previous page Β» next page
Filters