6.5
CVE-2024-52895 - IBM i denial of service
IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the databas…
9.8
CVE-2024-56180 - Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution
CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hessian deserialization rpc protocol. Users can…
8.5
CVE-2024-12651 - Sensitive Data Exposure in PTT Inc.'s HGS Mobile App
Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0.
5.1
CVE-2025-0178 - WatchGaurd Firebox Host Header Injection Vulnerability
Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious JavaSc…
4.8
CVE-2025-1239 - WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Blocked Sites List
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa…
4.8
CVE-2025-1071 - WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa…
10
CVE-2024-13152 - SQLi in BSS Software's Mobuy Online Machinery Monitoring Panel
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.
7.1
CVE-2025-23905 - WordPress Admin Options Pages plugin <= 0.9.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johannes van Poelgeest Admin Options Pages admin-options-pages allows Reflected XSS.This issue affects Admin Options Pages: from n/a through <= 0.9.7.
7.1
CVE-2025-22705 - WordPress Disqus Popular Posts plugin <= 2.1.1 - CSRF to Reflected Cross Site Scripting (XSS) vulne…
Cross-Site Request Forgery (CSRF) vulnerability in godthor Disqus Popular Posts disqus-popular-posts allows Reflected XSS.This issue affects Disqus Popular Posts: from n/a through <= 2.1.1.
6.3
CVE-2025-22702 - WordPress Photography Theme <= 7.7.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ThemeGoods Photography photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photography: from n/a through <= 7.7.2.