0.0
CVE-2025-22360 - WordPress WP Azure offload plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in promact WP Azure offload wp-azure-offload allows Reflected XSS.This issue affects WP Azure offload: from n/a through <= 2.0.
0.0
CVE-2025-22356 - WordPress Stencies plugin <= 0.58 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stencies Stencies stencies allows Reflected XSS.This issue affects Stencies: from n/a through <= 0.58.
0.0
CVE-2024-54362 - WordPress GetShop ecommerce plugin <= 1.3 - Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects GetShop ecommerce: from n/a through <= 1.3.
0.0
CVE-2024-54291 - WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Calls.This issue affects PluginPass: from n/a through <= 0.9.10.
0.0
CVE-2024-51624 - WordPress JΓ‘-JΓ‘ Pagamentos for WooCommerce plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jajapagamentos JΓ‘-JΓ‘ Pagamentos for WooCommerce wc-ja-ja-pagamentos-multicaixa-express allows Reflected XSS.This issue affects JΓ‘-JΓ‘ Pagamentos for WooCommerce: from n/a through <= 1.3.0.
7.5
CVE-2025-30211 - KEX init error results with excessive memory usage
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in Kβ¦
7.7
CVE-2025-30372 - Emlog Pro contains an SQL injection vulnerability.
Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potentiβ¦
2.1
CVE-2025-30371 - Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potentiallyβ¦
8
CVE-2025-29928 - authentik's deletion of sessions did not revoke sessions when using database session storage
authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage (which is a non-default setting), deleting sessions via the Web Interface or the API would not revoke the session and the session holder wouβ¦
1.8
CVE-2024-39311 - Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction
Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator using the redirect β¦