4.3
CVE-2024-25037 - IBM Cognos Controller information disclosure
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
9.8
CVE-2025-21624 - ClipBucket V5 Playlist Cover File Upload to Remote Code Execution
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script fiβ¦
7.5
CVE-2025-21623 - ClipBucket V5 Unauthenticated Template Directory Update to Denial-of-Service
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service.
7.5
CVE-2025-21622 - ClipBucket V5 Avatar URL Path Traversal to Arbitrary File Delete
ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatar_url as a filepath within the avatars subdirectory. If the URL path exists within the β¦
4.3
CVE-2024-52813 - matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicationsβ¦
5.3
CVE-2025-0297 - code-projects Online Book Shop detail.php sql injection
A vulnerability was found in code-projects Online Book Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to theβ¦
8.1
CVE-2024-53800 - WordPress Rezgo Online Booking plugin <= 4.17 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in rezgo Rezgo rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through <= 4.17.
7.1
CVE-2024-56056 - WordPress SimpleCharm Theme <= 1.4.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm simplecharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through <= 1.4.3.
0.0
CVE-2025-22294 - WordPress Custom Field For WP Job Manager plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theme funda Custom Field For WP Job Manager custom-field-for-wp-job-manager allows Reflected XSS.This issue affects Custom Field For WP Job Manager: from n/a through <= 1.3.
0.0
CVE-2025-22335 - WordPress Opencart Product in WP plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rajib.dewan Opencart Product in WP opencart-product-in-wp allows Reflected XSS.This issue affects Opencart Product in WP: from n/a through <= 1.0.1.