5.3
CVE-2025-1285 - Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side β¦
The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests tβ¦
9.8
CVE-2024-11285 - WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. Thisβ¦
7.8
CVE-2024-55549 -
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
0.0
CVE-2025-30022 -
CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the DATANASC parameter.
0.0
CVE-2025-26163 -
CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the CPF parameter.
7.8
CVE-2025-24855 -
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
3.3
CVE-2025-27496 - Snowflake JDBC Driver client-side encryption key in DEBUG logs
Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption maβ¦
8.5
CVE-2025-2229 - Philips Intellispace Cardiovascular (ISCV) Use of Weak Credentials
A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.
8.5
CVE-2025-2230 - Philips Intellispace Cardiovascular (ISCV) Improper Authentication
A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.
3.3
CVE-2025-2157 - foreman: Disclosure of Executed Commands and Outputs in Foreman / Red Hat Satellite
A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited eβ¦