431
|
- |
|
-
|
-
|
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.…
New
|
CWE-22
Path Traversal
|
CVE-2024-48885
|
2025-01-16 18:15 |
2025-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
432
|
- |
|
-
|
-
|
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2024-45331
|
2025-01-16 18:15 |
2025-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
433
|
- |
|
-
|
-
|
In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was de…
New
|
-
|
CVE-2024-12226
|
2025-01-16 16:15 |
2025-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
434
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'business_categories' shortcode in all versions up to, and including, 3.3.8…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11452
|
2025-01-16 13:15 |
2025-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
435
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wp…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-10789
|
2025-01-16 13:15 |
2025-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
436
|
- |
|
-
|
-
|
RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.
New
|
-
|
CVE-2025-22904
|
2025-01-16 12:15 |
2025-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
437
|
8.8 |
HIGH
Network
|
-
|
-
|
The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.
New
|
CWE-78
OS Command
|
CVE-2025-0457
|
2025-01-16 11:15 |
2025-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
438
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all acco…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-0456
|
2025-01-16 11:15 |
2025-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
439
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
New
|
CWE-89
SQL Injection
|
CVE-2025-0455
|
2025-01-16 11:15 |
2025-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
440
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-0170
|
2025-01-16 11:15 |
2025-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|