6.1
CVE-2025-1511 - User Registration & Membership β Custom Registration Form, Login Form, and User Profile <= 4.0.4 - β¦
The User Registration & Membership β Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes iβ¦
4.3
CVE-2025-0801 - RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update
The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API kβ¦
6.1
CVE-2025-1505 - Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting
The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject aβ¦
6.4
CVE-2025-1757 - WordPress Portfolio Builder β Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Crosβ¦
The WordPress Portfolio Builder β Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhub_portfolio' and 'pfhub_portfolio_portfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping β¦
5.3
CVE-2024-13796 - Post Grid and Gutenberg Blocks β ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure
The Post Grid and Gutenberg Blocks β ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data includingβ¦
10
CVE-2025-1744 - Out-of-bounds Write in radare2
Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.
6.5
CVE-2024-56340 - IBM Cognos Analytics path traversal
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.
6.5
CVE-2025-0823 - IBM MQ path traversal
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
6.5
CVE-2025-23225 - IBM MQ denial of service
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.
4.7
CVE-2024-54173 - IBM MQ information disclosure
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.