|
781
|
- |
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a throug…
|
CWE-352
Origin Validation Error
|
CVE-2025-24543
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
782
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icegram Icegram allows Stored XSS. This issue affects Icegram: from n/a through 3.1.31.
|
CWE-79
Cross-site Scripting
|
CVE-2025-24542
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
783
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/cont…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-0702
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
784
|
- |
|
-
|
-
|
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2025-24362
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
785
|
- |
|
-
|
-
|
In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.
|
-
|
CVE-2024-56404
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
786
|
2.8 |
LOW
Local
|
-
|
-
|
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint …
|
CWE-284
Improper Access Control
|
CVE-2024-35122
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
787
|
- |
|
-
|
-
|
LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially cr…
|
-
|
CVE-2019-15690
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
788
|
5.4 |
MEDIUM
Network
|
ayecode
|
ketchup_shortcodes
|
The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13590
|
2025-01-25 03:09 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
789
|
4.3 |
MEDIUM
Network
|
quantumcloud
|
wpot
|
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versio…
|
CWE-862
Missing Authorization
|
CVE-2024-12879
|
2025-01-25 03:07 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
790
|
- |
|
-
|
-
|
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. …
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2025-24355
|
2025-01-25 02:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
