|
841
|
- |
|
-
|
-
|
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does …
|
-
|
CVE-2025-24025
|
2025-01-25 06:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
842
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component
|
-
|
CVE-2024-57556
|
2025-01-25 06:15 |
2025-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
843
|
6.1 |
MEDIUM
Network
|
themify
|
themify_builder
|
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-13319
|
2025-01-25 06:06 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
844
|
7.2 |
HIGH
Network
|
aipower
|
aipower
|
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_conten…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-0428
|
2025-01-25 05:56 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
845
|
4.3 |
MEDIUM
Network
|
thimpress
|
wp_hotel_booking
|
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and in…
|
CWE-862
Missing Authorization
|
CVE-2024-13447
|
2025-01-25 05:53 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
846
|
7.2 |
HIGH
Network
|
aipower
|
aipower
|
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_conten…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-0429
|
2025-01-25 05:51 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
847
|
7.3 |
HIGH
Network
gamipress
|
gamipress
|
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs…
|
CWE-94
Code Injection
|
CVE-2024-13495
|
2025-01-25 05:46 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
848
|
7.5 |
HIGH
Network
gamipress
|
gamipress
|
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versi…
|
CWE-89
SQL Injection
|
CVE-2024-13496
|
2025-01-25 05:45 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
849
|
7.3 |
HIGH
Network
gamipress
|
gamipress
|
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() fu…
|
CWE-94
Code Injection
|
CVE-2024-13499
|
2025-01-25 05:37 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
850
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Managemen…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2025-0708
|
2025-01-25 05:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
