|
141
|
- |
|
-
|
-
|
In its default configuration, the affected product transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of conf…
New
|
-
|
CVE-2025-0683
|
2025-02-1 01:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
- |
|
-
|
-
|
The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor bei…
New
|
-
|
CVE-2025-0626
|
2025-02-1 01:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
6.1 |
MEDIUM
Network
|
wallosapp
|
wallos
|
Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-57386
|
2025-02-1 01:13 |
2025-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
5.4 |
MEDIUM
Network
|
theeventscalendar
|
the_events_calendar
|
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-12118
|
2025-02-1 01:12 |
2025-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
5.4 |
MEDIUM
Network
|
videowhisper
|
broadcast_live_video
|
The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-12504
|
2025-02-1 01:05 |
2025-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
6.5 |
MEDIUM
Network
|
tainacan
|
tainacan
|
The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied para…
Update
|
CWE-89
SQL Injection
|
CVE-2024-13236
|
2025-02-1 01:03 |
2025-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
5.4 |
MEDIUM
Network
|
pluginus
|
meta_data_and_taxonomies_filter
|
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including, 1.3…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-13340
|
2025-02-1 01:02 |
2025-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
5.4 |
MEDIUM
Network
|
cliptakes
|
cliptakes
|
The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakes_input_email' shortcode in all versions up to, and including, 1.3.4 due to insufficient inpu…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-13389
|
2025-02-1 00:59 |
2025-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
7.5 |
HIGH
Network
-
|
-
|
IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation.
New
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2024-45650
|
2025-02-1 00:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
150
|
- |
|
-
|
-
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
New
|
CWE-426
Untrusted Search Path
|
CVE-2025-24827
|
2025-02-1 00:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
