7.5
CVE-2024-10804 - Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download
The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the serv…
5.3
CVE-2024-12611 - School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting
The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to …
8.8
CVE-2024-12035 - CS Framework <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion
The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to d…
6.5
CVE-2024-12607 - School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'm…
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparat…
7.8
CVE-2025-26331 -
Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
7.8
CVE-2024-12837 - GPU DDK - Exploitable kernel double free on apsFenceSyncCheckpoints allocated with arbitrary size
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.
5.5
CVE-2024-12576 - GPU DDK - Untrusted app can crash firmware by forcing MCU access to non-aligned address
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a crash of the FW running on the GPU freezing graphics output.
7.2
CVE-2024-13906 - Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authentica…
The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function. This makes it possible for authe…
8.8
CVE-2025-1309 - UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.04 - Missing Authorizati…
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5…
6.4
CVE-2025-0863 - Flexmls® IDX <= 3.14.27 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idx_frame' shortcode in all versions up to, and including, 3.14.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentic…