|
851
|
- |
|
-
|
-
|
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user gr…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-26345
|
2025-02-19 03:15 |
2025-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
852
|
- |
|
-
|
-
|
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-26344
|
2025-02-19 03:15 |
2025-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
853
|
- |
|
-
|
-
|
A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /_parse/l…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-1197
|
2025-02-19 03:15 |
2025-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
854
|
- |
|
-
|
-
|
The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2025-0506
|
2025-02-19 03:15 |
2025-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
855
|
- |
|
-
|
-
|
The LTL Freight Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameter in all versions up to, and including, 5.0.20 …
|
CWE-89
SQL Injection
|
CVE-2024-13473
|
2025-02-19 03:15 |
2025-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
856
|
- |
|
-
|
-
|
The Ebook Downloader plugin for WordPress is vulnerable to SQL Injection via the 'download' parameter in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied param…
|
CWE-89
SQL Injection
|
CVE-2024-13435
|
2025-02-19 03:15 |
2025-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
857
|
- |
|
-
|
-
|
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through t…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-13365
|
2025-02-19 03:15 |
2025-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
858
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutin…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-1188
|
2025-02-19 03:15 |
2025-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
859
|
- |
|
-
|
-
|
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. Thi…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-12315
|
2025-02-19 03:15 |
2025-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
860
|
- |
|
-
|
-
|
A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument…
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2025-1186
|
2025-02-19 03:15 |
2025-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
