7.2

CVSS3.1

CVE-2025-3294 - WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected si…

πŸ“… Published: April 17, 2025, 5:23 a.m. πŸ”„ Last Modified: April 8, 2026, 5:09 p.m.

4.9

CVSS3.1

CVE-2025-3295 - WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive info…

πŸ“… Published: April 17, 2025, 5:23 a.m. πŸ”„ Last Modified: April 8, 2026, 4:49 p.m.

6.9

CVSS4.0

CVE-2025-31338 - Wisdom Master Pro - Missing Authorization

A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality.

πŸ“… Published: April 17, 2025, 2:01 a.m. πŸ”„ Last Modified: April 17, 2025, 8:21 p.m.

5.3

CVSS4.0

CVE-2025-31339 - Wisdom Master Pro - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the course management function of Wisdom Master Pro versions 5.0 through 5.2 allows remote authenticated users to craft a malicious file.

πŸ“… Published: April 17, 2025, 2 a.m. πŸ”„ Last Modified: April 17, 2025, 8:21 p.m.

9.9

CVSS4.0

CVE-2025-31340 - Wisdom Master Pro - Improper Control of Filename for Include/Require Statement in PHP Program

A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to perform arbitrary system commands by running a malicious file.

πŸ“… Published: April 17, 2025, 1:59 a.m. πŸ”„ Last Modified: April 17, 2025, 8:21 p.m.

8.1

CVSS3.1

CVE-2025-1290 -

A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a …

πŸ“… Published: April 17, 2025, 12:13 a.m. πŸ”„ Last Modified: July 11, 2025, 1:55 p.m.

6.5

CVSS3.1

CVE-2025-28101 -

An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request.

πŸ“… Published: April 17, 2025, midnight πŸ”„ Last Modified: April 23, 2025, 7:03 p.m.

9.8

CVSS3.1

CVE-2024-53924 -

Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring.

πŸ“… Published: April 17, 2025, midnight πŸ”„ Last Modified: July 11, 2025, 4:40 p.m.

5.4

CVSS3.1

CVE-2024-40124 -

Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature.

πŸ“… Published: April 17, 2025, midnight πŸ”„ Last Modified: June 25, 2025, 6:49 p.m.

9.8

CVSS3.1

CVE-2025-29040 -

An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c

πŸ“… Published: April 17, 2025, midnight πŸ”„ Last Modified: May 1, 2025, 6:15 p.m.
Total resulsts: 343928
Page 5228 of 34,393
Β« previous page Β» next page
Filters