8.1
CVE-2024-41140 - Improper Authorization
Zohocorp ManageEngine Applications Manager versionsΒ 174000 and prior are vulnerable to the incorrect authorization in the update user function.
6.4
CVE-2025-0353 - Divi Torque Lite <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Wβ¦
The Divi Torque Lite β Best Divi Addon, Extensions, Modules & Social Modules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thisβ¦
6.4
CVE-2024-13561 - Target Video Easy Publish <= 3.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bβ¦
The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's brid_override_yt shortcode in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for β¦
8.8
CVE-2025-0762 -
Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
5.9
CVE-2025-0617 -
An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service.
7.5
CVE-2021-3978 - Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when cβ¦
8.7
CVE-2024-7695 - Out-of-bounds Write Vulnerability
Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack.
7.2
CVE-2024-13696 - Flexible Wishlist for WooCommerce <= 1.2.25 - Unauthenticated Stored Cross-Site Scripting via wishlβ¦
The Flexible Wishlist for WooCommerce β Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βwishlist_nameβ parameter in all versions up to, and including, 1.2.25 due to insufficient input sanitization and output escaping. This makes it possβ¦
7.1
CVE-2024-12749 - Competition Form <= 2.0 - Reflected XSS
The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.4
CVE-2025-0804 - ClickWhale β Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4β¦
The ClickWhale β Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it poβ¦