7.2
CVE-2024-13899 - Mambo Importer <= 1.0 - Authenticated (Administrator+) PHP Object Injection
The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. This makes it possible for authenticated attackers, with Administrator-level access andβ¦
7.3
CVE-2025-1510 - Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcβ¦
The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it β¦
7.3
CVE-2025-1509 - Show Me The Cookies <= 1.0 - Unauthenticated Arbitrary Shortcode Execution
The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for β¦
4.3
CVE-2024-13873 - WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photoβ¦
The WP Job Portal β A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key. This makes it β¦
5.3
CVE-2024-22341 - IBM Watson Query on Cloud Pak for Data information disclosure
IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.
0.0
CVE-2025-1573 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.8
CVE-2025-21704 - usb: cdc-acm: Check control transfer buffer size before access
In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification, we can't calculate an expected_size. Log an error and discard the notification instead of reading lβ¦
0.0
CVE-2025-1569 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
3.3
CVE-2024-45674 - IBM Security Verify Bridge information disclosure
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user.
2.3
CVE-2025-26622 - sqrt doesn't define rounding behavior in Vyper
vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressedβ¦