7.1
CVE-2025-22593 - WordPress Laika Pedigree Tree plugin <= 1.4 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burria Laika Pedigree Tree laika-pedigree-tree allows Stored XSS.This issue affects Laika Pedigree Tree: from n/a through <= 1.4.
6.9
CVE-2024-11681 - Remote Code Execution in MacPorts
A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror.
5.3
CVE-2025-0296 - code-projects Online Book Shop booklist.php sql injection
A vulnerability was found in code-projects Online Book Shop 1.0. It has been classified as critical. This affects an unknown part of the file /booklist.php. The manipulation of the argument subcatid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos…
5.3
CVE-2025-0295 - code-projects Online Book Shop booklist.php cross site scripting
A vulnerability was found in code-projects Online Book Shop 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /booklist.php?subcatid=1. The manipulation of the argument subcatnm leads to cross site scripting. The attack may be launched remotely. The…
5.1
CVE-2025-0294 - SourceCodester Home Clean Services Management System process.php sql injection
A vulnerability has been found in SourceCodester Home Clean Services Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /public_html/admin/process.php. The manipulation of the argument type/length/business leads to sql injection.…
0.0
CVE-2025-0307 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
4.3
CVE-2024-12131 - WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authentica…
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated attacker…
6.1
CVE-2024-12738 - User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.…
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization and output escaping. …
4.9
CVE-2024-45100 - IBM Security QRadar EDR denial of service
IBM Security ReaQta 3.12Â could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.
6.7
CVE-2024-12426 - URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a re…