4.9
CVE-2024-12410 - Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection
The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible β¦
6.4
CVE-2025-2513 - Smart Icons For WordPress <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Fiβ¦
The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access aβ¦
6.1
CVE-2025-3098 - Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting
The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts inβ¦
6.1
CVE-2025-3099 - Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scriptβ¦
The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the 'MySolrServerSettings' page. This makes it possible for unauthenticated attackers to updateβ¦
9.8
CVE-2025-2005 - Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload
The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on theβ¦
9.7
CVE-2023-40714 -
A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements
7.8
CVE-2024-39780 - Use of unsafe yaml load in dynparam
A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() funcβ¦
8.6
CVE-2025-0676 - Commend Injection Leading to Privilege Escalation
This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gβ¦
9.2
CVE-2025-0415 - Command Injection in NTP Setting
A remote attacker with web administrator privileges can exploit the deviceβs web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downsβ¦
6
CVE-2024-45700 - DoS vulnerability due to uncontrolled resource exhaustion
Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to β¦