|
171
|
7.8 |
HIGH
Local
|
apple
|
watchos
ipados
macos
tvos
iphone_os
|
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-54517
|
2025-02-1 06:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
172
|
7.2 |
HIGH
Network
|
vruiz
|
vr-frases
|
The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user …
|
CWE-89
SQL Injection
|
CVE-2025-0861
|
2025-02-1 05:43 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
173
|
6.1 |
MEDIUM
Network
|
vruiz
|
vr-frases
|
The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all versions up to, and including, 3.0.1 due to insufficient inpu…
|
CWE-79
Cross-site Scripting
|
CVE-2025-0860
|
2025-02-1 05:42 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
174
|
6.5 |
MEDIUM
Network
|
dwbooster
|
cp_contact_form
|
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on …
|
CWE-352
Origin Validation Error
|
CVE-2024-13758
|
2025-02-1 05:28 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
175
|
5.4 |
MEDIUM
Network
|
cyberchimps
|
responsive_blocks
|
The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘section_tag’ parameter in all versions up to, and including, 1.9.9 due to…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13732
|
2025-02-1 05:22 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
176
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. This affects an unknown part of the file /parse/_call_job_search_ajax.php. The manipulation of t…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0934
|
2025-02-1 05:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
177
|
- |
|
-
|
-
|
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only mean…
|
-
|
CVE-2025-0938
|
2025-02-1 05:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
178
|
- |
|
-
|
-
|
In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied…
|
-
|
CVE-2025-0662
|
2025-02-1 05:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
179
|
- |
|
-
|
-
|
A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4.
|
-
|
CVE-2024-57513
|
2025-02-1 05:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
180
|
4.3 |
MEDIUM
Network
|
visualmodo
|
borderless
|
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zi…
|
CWE-862
Missing Authorization
|
CVE-2024-11583
|
2025-02-1 05:03 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
