5.4
CVE-2024-52812 - LF Edge eKuiper has Stored XSS in Rules Functionality
LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g.…
10
CVE-2025-24813 - Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with parti…
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 1…
2.7
CVE-2024-52905 - IBM Sterling B2B Integrator information disclosure
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.
5.3
CVE-2024-47109 - IBM Sterling File Gateway information disclosure
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.
9
CVE-2025-26916 - WordPress Massive Dynamic theme <= 8.2 - Unauthenticated Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pixflow Massive Dynamic massive-dynamic.This issue affects Massive Dynamic: from n/a through <= 8.2.
7.1
CVE-2025-26910 - WordPress WPBookit plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit wpbookit allows Stored XSS.This issue affects WPBookit: from n/a through <= 1.0.1.
10
CVE-2025-26936 - WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Remote Code Execution (RCE) vulnerabil…
Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Fresh Framework fresh-framework allows Code Injection.This issue affects Fresh Framework: from n/a through <= 1.70.0.
7.5
CVE-2025-26933 - WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.7 - Local File Inclusion vulner…
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue affects WC Place Order Without Payment: from n/a through <=…
6.5
CVE-2024-12604 - Improper Authentication in Tapandsign Technologies Tap and Sign App
Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025.
3.5
CVE-2025-26865 - Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18. It's a regression between 18.12.17 and 18.12.18. In case you use something like that, which is not recommended! For security, only…