6.1

CVSS3.1

CVE-2025-2165 - SH Email Alert <= 1.0 - Reflected Cross-Site Scripting

The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts …

πŸ“… Published: March 26, 2025, 2:23 a.m. πŸ”„ Last Modified: April 8, 2026, 5:27 p.m.

6.4

CVSS3.1

CVE-2025-2573 - Amazing service box Addons For WPBakery Page Builder <= 2.0.0 - Authenticated (Author+) Stored Cros…

The Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible f…

πŸ“… Published: March 26, 2025, 2:23 a.m. πŸ”„ Last Modified: April 8, 2026, 5:13 p.m.

6.4

CVSS3.1

CVE-2025-2576 - Ayyash Studio <= 1.0.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Ayyash Studio β€” The kick-start kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level…

πŸ“… Published: March 26, 2025, 2:23 a.m. πŸ”„ Last Modified: April 8, 2026, 4:57 p.m.

6.5

CVSS3.1

CVE-2024-55965 -

An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, s…

πŸ“… Published: March 26, 2025, midnight πŸ”„ Last Modified: July 8, 2025, 5:35 p.m.

9.8

CVSS3.1

CVE-2025-26004 -

Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns.

πŸ“… Published: March 26, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 4:34 p.m.

7.5

CVSS3.1

CVE-2025-26009 -

Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi.

πŸ“… Published: March 26, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 4:33 p.m.

9.8

CVSS3.1

CVE-2024-55964 -

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that da…

πŸ“… Published: March 26, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 4:34 p.m.

7.5

CVSS3.1

CVE-2025-26001 -

Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword.

πŸ“… Published: March 26, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 4:35 p.m.

9.8

CVSS3.1

CVE-2025-26006 -

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest.

πŸ“… Published: March 26, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 4:34 p.m.

9.8

CVSS3.1

CVE-2025-25535 -

HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.

πŸ“… Published: March 26, 2025, midnight πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.
Total resulsts: 343921
Page 5688 of 34,393
Β« previous page Β» next page
Filters