0.0
CVE-2025-31109 -
Not used
7.7
CVE-2025-27404 - Icinga Web 2 DOM-based XSS vulnerability
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of that β¦
4.3
CVE-2025-24972 - Discourse may bypass user preference when adding users to chat groups
Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions `3.3.4` and `3.4.0.betβ¦
4.3
CVE-2025-24808 - Discourse has race condition when adding users to a group DM
Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limβ¦
4.7
CVE-2022-39163 - IBM Cognos Controller HTTP response smuggling
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.
5.5
CVE-2025-23203 - Icinga has rest API endpoints accessible to restricted users
Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required (β¦
7.8
CVE-2024-45351 - Game center application has code execution Vulnerability
A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
5.7
CVE-2025-2228 - Responsive Addons for Elementor β Free Elementor Addons Plugin and Elementor Templates <= 1.6.8 - Aβ¦
The Responsive Addons for Elementor β Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possible for authenticated attackers, with Contribuβ¦
7.2
CVE-2025-1913 - Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via foβ¦
The Product Import Export for WooCommerce β Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'form_data' parameter This makes it possible for authenticated attackersβ¦
2.7
CVE-2025-1911 - Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administratoβ¦
The Product Import Export for WooCommerce β Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0. This makes it possible for authenticated aβ¦