6.1
CVE-2024-13603 - Wise Forms <= 1.2.0 - Unauthenticated Stored XSS
The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions.
4.8
CVE-2025-1377 - GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service
A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been diβ¦
2
CVE-2025-1376 - GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service
A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The compleβ¦
7.2
CVE-2025-0924 - WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βmessageβ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scriβ¦
8.8
CVE-2025-1389 - Learning Digital Orca HCM - SQL Injection
Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
5.3
CVE-2025-1374 - code-projects Real Estate Property Management System search.php sql injection
A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /search.php. The manipulation of the argument StateName/CityName/AreaName/CatId leads to sql injection. It is possible to initiate the attack rβ¦
8.8
CVE-2025-1388 - Learning Digital Orca HCM - Arbitrary File Upload
Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells
9.8
CVE-2025-1387 - Learning Digital Orca HCM - Improper Authentication
Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user.
4.8
CVE-2025-1373 - FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference
A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The β¦
4.8
CVE-2025-1372 - GNU elfutils eu-readelf readelf.c print_string_section buffer overflow
A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has toβ¦