6.4
CVE-2024-13590 - Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated aβ¦
6.4
CVE-2024-13584 - Picture Gallery β Frontend Image Uploads, AJAX Photo List <= 1.5.19 - Authenticated (Contributor+) β¦
The Picture Gallery β Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_pictures' shortcode in all versions up to, and including, 1.5.19 due to insufficient input sanitization and output escaping on user suppliedβ¦
5.4
CVE-2024-13426 - WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers toβ¦
0.0
CVE-2025-23090 -
This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.
7.7
CVE-2025-23083 - nodejs: Node.js Worker Thread Exposure via Diagnostics Channel
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. β¦
8.8
CVE-2025-23087 - node.js: End-of-Life Node.js Versions Pose Security Risks 17.x or prior
This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities
8.8
CVE-2025-23088 - nodejs: End-of-Life Node.js Versions Pose Security Risks 19.x
This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities
8.8
CVE-2025-23089 - nodejs: End-of-Life Node.js Versions Pose Security Risks 21.x
This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities
2.3
CVE-2025-0625 - CampCodes School Management Software Attachment resource injection
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The compβ¦
8.6
CVE-2024-34235 -
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service.