9.8
CVE-2024-11284 - WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This β¦
4.3
CVE-2025-1528 - Search and filter pro <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exβ¦
The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to β¦
5.3
CVE-2025-1285 - Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side β¦
The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests tβ¦
9.8
CVE-2024-11285 - WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. Thisβ¦
9.8
CVE-2025-29029 -
Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.
6.8
CVE-2025-30022 -
CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the DATANASC parameter.
9.8
CVE-2025-29386 -
In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
0.0
CVE-2025-26215 -
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
7.8
CVE-2023-52927 - netfilter: allow exp not to be removed in nf_ct_find_expectation
In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removedβ¦
7.1
CVE-2025-29387 -
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.