0.0
CVE-2025-23474 - WordPress Live Dashboard plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard live-dashboard allows Reflected XSS.This issue affects Live Dashboard: from n/a through <= 0.3.3.
0.0
CVE-2025-23431 - WordPress Envato Affiliater plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khaninejad Envato Affiliater envato-affiliater allows Reflected XSS.This issue affects Envato Affiliater: from n/a through <= 1.2.4.
0.0
CVE-2025-23428 - WordPress QMean plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arash Safari QMean β WordPress Did You Mean qmean allows Reflected XSS.This issue affects QMean β WordPress Did You Mean: from n/a through <= 2.0.
9.9
CVE-2025-0867 - Privilege Escalation in MEAC300
The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This alloβ¦
5.1
CVE-2025-26524 - No Rate Limiting Vulnerability in RupeeWeb trading platform
This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/ floodβ¦
7.4
CVE-2025-26523 - Insufficient Authorization Vulnerability in RupeeWeb trading platform
This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vulnerability could allow an authenticated remote attacker to modify information belonging to other uβ¦
7.5
CVE-2025-26522 - Authentication Bypass Vulnerability in RupeeWeb trading platform
This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses. Successful exploitation of this vulnerability couldβ¦
6.5
CVE-2025-0821 - Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter
Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the βidβ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authentiβ¦
4.9
CVE-2024-13791 - Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downβ¦
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, β¦
9.5
CVE-2024-52577 - Apache Ignite: Possible RCE when deserializing incoming messages by the server node
In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server clasβ¦