6.4
CVE-2024-13463 - SeatReg <= 1.56.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The SeatReg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'seatreg' shortcode in all versions up to, and including, 1.56.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,โฆ
7.8
CVE-2024-47900 - GPU DDK - Multiple integer overflow in DmaTransfer PMR_DevPhysAddr functions leading to OOB writes
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
7.8
CVE-2024-47899 - GPU DDK - PVRSRVDeviceServicesOpen use-after-free condition
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
7.8
CVE-2024-47898 - GPU DDK - PVRSRVDeviceSyncOpen use-after-free condition
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
7.8
CVE-2024-47891 - GPU DDK - Exploitable double free on PTL_STREAM_DESC object in the kernel function TLServerCloseStrโฆ
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
7.8
CVE-2024-46974 - GPU DDK - Arbitrary write of read-only dmabuf
Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.
0.0
CVE-2025-0925 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-0818. Reason: This candidate is a reservation duplicate of CVE-2025-0818. Notes: All CVE users should reference CVE-2025-0818 instead of this candidate. All references and descriptions in this candidate have been removed to preventโฆ
6.4
CVE-2024-13397 - WPRadio โ WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Sitโฆ
The WPRadio โ WordPress Radio Streaming Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpradio_player' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makesโฆ
6.4
CVE-2024-13396 - Frictionless <= 0.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Frictionless plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'frictionless_form' shortcode[s] in all versions up to, and including, 0.0.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenโฆ
8.1
CVE-2024-13767 - Live2DWebCanvas <= 1.9.11 - Authenticated (Subscriber+) Arbitrary File Deletion
The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deleteโฆ