|
1221
|
7.5 |
HIGH
Network
open5gs
|
open5gs
|
A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
|
CWE-617
Reachable Assertion
|
CVE-2024-24428
|
2025-01-25 03:44 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1222
|
9.8 |
CRITICAL
Network
wpbot
|
wpot
|
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and in…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-13091
|
2025-01-25 03:42 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1223
|
5.3 |
MEDIUM
Network
wp-polls_project
|
wp-polls
|
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of suffic…
|
CWE-89
SQL Injection
|
CVE-2024-13426
|
2025-01-25 03:37 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1224
|
5.4 |
MEDIUM
Network
|
videowhisper
|
picture_gallery
|
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_pictures' shortcode in all versions up t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13584
|
2025-01-25 03:20 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1225
|
- |
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator allows Stored XSS. This issue affects Roi Calculator: from n/a through 1.0.
|
CWE-352
Origin Validation Error
|
CVE-2025-24756
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1226
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template Builder allows Stored XSS. This…
|
CWE-79
Cross-site Scripting
|
CVE-2025-24755
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1227
|
- |
|
-
|
-
|
Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutenberg Blocks by Ka…
|
CWE-862
Missing Authorization
|
CVE-2025-24753
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1228
|
- |
|
-
|
-
|
Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoBlocks: from n/a through 3.1.13.
|
CWE-862
Missing Authorization
|
CVE-2025-24751
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1229
|
- |
|
-
|
-
|
Missing Authorization vulnerability in ExactMetrics ExactMetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ExactMetrics: from n/a through 8.1.0.
|
CWE-862
Missing Authorization
|
CVE-2025-24750
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1230
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.…
|
CWE-79
Cross-site Scripting
|
CVE-2025-24746
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
