|
1371
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficie…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10552
|
2025-01-25 16:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1372
|
8.8 |
HIGH
Network
|
-
|
-
|
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-0682
|
2025-01-25 15:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1373
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input…
|
CWE-85
|
CVE-2024-13721
|
2025-01-25 15:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1374
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. Th…
|
CWE-352
Origin Validation Error
|
CVE-2024-13709
|
2025-01-25 13:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1375
|
9.8 |
CRITICAL
Network
-
|
-
|
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-0357
|
2025-01-25 11:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1376
|
- |
|
-
|
-
|
Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of th…
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2025-24361
|
2025-01-25 10:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1377
|
- |
|
-
|
-
|
Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read th…
|
CWE-200
Information Exposure
|
CVE-2025-24360
|
2025-01-25 10:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1378
|
- |
|
-
|
-
|
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.
|
-
|
CVE-2024-50698
|
2025-01-25 08:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1379
|
- |
|
-
|
-
|
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks.
|
-
|
CVE-2024-50695
|
2025-01-25 08:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1380
|
- |
|
-
|
-
|
In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the me…
|
-
|
CVE-2024-50694
|
2025-01-25 08:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
