6.9
CVE-2024-45331 -
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 thβ¦
6.5
CVE-2024-12226 -
In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accoβ¦
0.0
CVE-2025-20066 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
4.3
CVE-2024-10789 - WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update
The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the pluginβ¦
6.4
CVE-2024-11452 - Chamber Dashboard Business Directory <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scriβ¦
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'business_categories' shortcode in all versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes β¦
5.4
CVE-2024-10970 - Motors β Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcβ¦
The The Motors β Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. Tβ¦
6.1
CVE-2025-0170 - DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting
The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possible for unauthenticated attackers to inject arβ¦
8.8
CVE-2025-0457 - NetVision Information airPASS - OS Command Injection
The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.
9.8
CVE-2025-0456 - NetVision Information airPASS - Missing Authentication
The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords.
9.8
CVE-2025-0455 - NetVision Information airPASS - SQL injection
The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.