6.4
CVE-2025-24329 - OAM service path traversal issue caused by a crafted SOAP message archive field within the RAN manaโฆ
Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has bโฆ
4.2
CVE-2025-24328 - OAM service stack overflow caused by crafted SOAP message within the MNO internal RAN management neโฆ
Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected โฆ
9.8
CVE-2024-13786 - Education Center | LMS & Online Courses WordPress Theme <= 3.6.10 - PHP Object Injection
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerex_callback_view_more_posts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP โฆ
5.5
CVE-2025-6017 - Rhacm: users with clusterreader role can see credentials from managed-clusters
A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to aโฆ
5.3
CVE-2024-13451 - Contact Form by Bit Form <= 2.17.5 - Unauthenticated Sensitive Information Exposure
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing prevenโฆ
7.5
CVE-2025-6464 - Forminator Forms โ Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHPโฆ
The Forminator Forms โ Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entry_delete_upload_files' function. This makes it possible for unauthenticaโฆ
2.1
CVE-2025-52463 -
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a specially crafted URL while being logged in.
5.1
CVE-2025-52462 -
Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL.
8.8
CVE-2025-6463 - Forminator Forms โ Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbโฆ
The Forminator Forms โ Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and including, 1.44.2. This makes it possible for unautheโฆ
6.1
CVE-2024-11405 - WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting
The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmp_reset_password_token parameters in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenโฆ