6.5

CVSS3.1

CVE-2024-13680 - Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection

The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'CP_EASY_FORM_WILL_APPEAR_HERE' shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing…

πŸ“… Published: Jan. 24, 2025, 7:04 a.m. πŸ”„ Last Modified: Feb. 12, 2025, 8:41 p.m.

6.4

CVSS3.1

CVE-2024-13659 - Listamester <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated att…

πŸ“… Published: Jan. 24, 2025, 5:23 a.m. πŸ”„ Last Modified: Feb. 12, 2025, 8:41 p.m.

0.0

CVE-2025-22845 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

πŸ“… Published: Jan. 24, 2025, 4 a.m. πŸ”„ Last Modified: Feb. 13, 2026, 6:11 p.m.

6.4

CVSS3.1

CVE-2024-11931 - Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint.

πŸ“… Published: Jan. 24, 2025, 3:02 a.m. πŸ”„ Last Modified: Aug. 5, 2025, 7:57 p.m.

8.7

CVSS3.1

CVE-2025-0314 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.

πŸ“… Published: Jan. 24, 2025, 2:30 a.m. πŸ”„ Last Modified: Aug. 5, 2025, 8:41 p.m.

9.8

CVSS3.1

CVE-2024-50695 -

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks.

πŸ“… Published: Jan. 24, 2025, midnight πŸ”„ Last Modified: May 29, 2025, 4:02 p.m.

6.8

CVSS3.1

CVE-2024-57095 -

SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload.

πŸ“… Published: Jan. 24, 2025, midnight πŸ”„ Last Modified: April 18, 2025, 2:23 a.m.

7.8

CVSS3.1

CVE-2022-47090 -

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns

πŸ“… Published: Jan. 24, 2025, midnight πŸ”„ Last Modified: Jan. 24, 2025, 3:15 p.m.

9.8

CVSS3.1

CVE-2024-50694 -

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow.

πŸ“… Published: Jan. 24, 2025, midnight πŸ”„ Last Modified: May 29, 2025, 4:02 p.m.

8.4

CVSS3.1

CVE-2025-23222 -

An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services…

πŸ“… Published: Jan. 24, 2025, midnight πŸ”„ Last Modified: Feb. 12, 2025, 8:41 p.m.
Total resulsts: 342273
Page 6291 of 34,228
Β« previous page Β» next page
Filters