3.5

CVSS3.1

CVE-2025-1622 - GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

πŸ“… Published: March 16, 2025, 6 a.m. πŸ”„ Last Modified: April 2, 2025, 12:32 p.m.

4.8

CVSS3.1

CVE-2025-1621 - GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

πŸ“… Published: March 16, 2025, 6 a.m. πŸ”„ Last Modified: April 2, 2025, 12:33 p.m.

4.8

CVSS3.1

CVE-2025-1620 - GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

πŸ“… Published: March 16, 2025, 6 a.m. πŸ”„ Last Modified: April 2, 2025, 12:33 p.m.

4.8

CVSS3.1

CVE-2025-1619 - GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

πŸ“… Published: March 16, 2025, 6 a.m. πŸ”„ Last Modified: April 2, 2025, 12:33 p.m.

4.8

CVSS3.1

CVE-2024-13602 - Poll Maker < 5.5.4 - Admin+ Stored XSS

The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

πŸ“… Published: March 16, 2025, 6 a.m. πŸ”„ Last Modified: April 9, 2025, 1:06 p.m.

4.6

CVSS3.1

CVE-2024-13126 - Download Manager < 3.3.07 - Unauthenticated Data Exposure

The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.

πŸ“… Published: March 16, 2025, 6 a.m. πŸ”„ Last Modified: April 9, 2025, 1:06 p.m.

5.1

CVSS4.0

CVE-2025-2335 - Drivin Soluçáes API registerSchool cross site scripting

A vulnerability classified as problematic was found in Drivin Soluçáes up to 20250226. This vulnerability affects unknown code of the file /api/school/registerSchool of the component API Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated rem…

πŸ“… Published: March 16, 2025, 2:31 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2025-30089 -

gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences.

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.8

CVSS3.1

CVE-2025-30074 -

Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.2

CVSS3.1

CVE-2025-30077 -

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 344963
Page 5910 of 34,497
Β« previous page Β» next page
Filters