8.8

CVSS3.1

CVE-2024-43115 - Apache DolphinScheduler: Alert Script Attack

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

πŸ“… Published: Sept. 3, 2025, 8:38 a.m. πŸ”„ Last Modified: Nov. 4, 2025, 10:16 p.m.

7.5

CVSS3.1

CVE-2014-125127 - Denial of Service (DoS) vulnerability in mikecao/flight

The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service (DoS) attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application…

πŸ“… Published: Sept. 3, 2025, 8:35 a.m. πŸ”„ Last Modified: Dec. 18, 2025, 5:47 p.m.

6.8

CVSS3.1

CVE-2024-13063 - IDOR in Akinsoft's MyRezzta

Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft MyRezzta allows Forceful Browsing.This issue affects MyRezzta: from s2.02.02 before v2.05.01.

πŸ“… Published: Sept. 3, 2025, 8:33 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2025-9219 - Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Upd…

The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_post_smtp_pro_option_callbac…

πŸ“… Published: Sept. 3, 2025, 8:27 a.m. πŸ”„ Last Modified: April 21, 2026, 3:30 a.m.

7.8

CVSS3.1

CVE-2025-9817 - NULL Pointer Dereference in Wireshark

SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service

πŸ“… Published: Sept. 3, 2025, 7:38 a.m. πŸ”„ Last Modified: March 27, 2026, 1:56 p.m.

8.8

CVSS4.0

CVE-2025-8663 -

Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.0.0 before 5.2.12.

πŸ“… Published: Sept. 3, 2025, 7:05 a.m. πŸ”„ Last Modified: Nov. 26, 2025, 4:27 p.m.

5.3

CVSS3.1

CVE-2025-58210 - WordPress Makeaholic Theme <= 1.8.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through <= 1.8.5.

πŸ“… Published: Sept. 3, 2025, 6:58 a.m. πŸ”„ Last Modified: April 23, 2026, 3:33 p.m.

9.8

CVSS3.1

CVE-2024-32444 - WordPress RealHomes theme <= 4.3.6 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6.

πŸ“… Published: Sept. 3, 2025, 6:55 a.m. πŸ”„ Last Modified: April 23, 2026, 3:18 p.m.

6.4

CVSS3.1

CVE-2025-9378 - Vayu Blocks <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Block …

The Vayu Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attributes in the Lottie block in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for aut…

πŸ“… Published: Sept. 3, 2025, 6:43 a.m. πŸ”„ Last Modified: April 20, 2026, 7:45 p.m.

6.2

CVSS3.1

CVE-2025-21041 -

Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.

πŸ“… Published: Sept. 3, 2025, 6:05 a.m. πŸ”„ Last Modified: Sept. 19, 2025, 8:13 p.m.
Total resulsts: 349182
Page 4039 of 34,919
Β« previous page Β» next page
Filters