7.1
CVE-2024-46910 - Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versionsย 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.
6.4
CVE-2024-3303 - Improper Neutralization of Input Used for LLM Prompting in GitLab
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection.
4.3
CVE-2024-13639 - Read More & Accordion <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary 'Reโฆ
The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level accessโฆ
7.3
CVE-2024-13345 - Avada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode Execution
The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthโฆ
7.3
CVE-2024-13346 - Avada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcoโฆ
4.3
CVE-2025-0661 - DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post Disclosure
The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicate_post() function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributoโฆ
6.9
CVE-2025-0814 -
CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network services running on the product when malicious IEC61850-MMS packets are sent to the device. The core functionality of the breaker remains intact during the attack.
7.1
CVE-2025-0815 -
CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious ICMPV6 packets are sent to the device.
7.1
CVE-2025-0816 -
CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious IPV6 packets are sent to the device.
2.7
CVE-2024-47266 -
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files โฆ