|
1651
|
8.8 |
HIGH
Network
|
apple
|
macos
ipados
iphone_os
safari
|
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command i…
|
CWE-77
Command Injection
|
CVE-2025-24150
|
2025-01-31 03:10 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1652
|
3.3 |
LOW
Local
|
apple
|
macos
ipados
iphone_os
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone n…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2025-24145
|
2025-01-31 03:04 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1653
|
7.5 |
HIGH
Network
jyothisjoy
|
eventer
|
The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventer_get_attendees' function in all versions up to, and including, 3.9.8 due to insufficient escap…
|
CWE-89
SQL Injection
|
CVE-2024-11135
|
2025-01-31 03:03 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1654
|
6.5 |
MEDIUM
Network
|
apple
|
macos
ipados
safari
visionos
|
The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted web…
|
NVD-CWE-noinfo
|
CVE-2025-24143
|
2025-01-31 03:03 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1655
|
3.3 |
LOW
Local
|
apple
|
ipados
iphone_os
|
An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Pho…
|
NVD-CWE-noinfo
|
CVE-2025-24141
|
2025-01-31 03:03 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1656
|
9.8 |
CRITICAL
Network
themerex
|
addons
|
The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and includin…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-13448
|
2025-01-31 03:01 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1657
|
4.4 |
MEDIUM
Local
|
apple
|
macos
|
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious app may be able to create symlinks to …
|
CWE-59
Link Following
|
CVE-2025-24136
|
2025-01-31 03:00 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1658
|
6.5 |
MEDIUM
Network
|
apple
|
macos
ipados
iphone_os
visionos
watchos
tvos
|
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position…
|
NVD-CWE-noinfo
|
CVE-2025-24131
|
2025-01-31 02:58 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1659
|
6.1 |
MEDIUM
Network
|
westguardsolutions
|
ws_form
|
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13509
|
2025-01-31 02:56 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1660
|
5.4 |
MEDIUM
Network
|
ilghera
|
mailup_auto_subscription
|
The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the …
|
CWE-352
Origin Validation Error
|
CVE-2024-13521
|
2025-01-31 02:41 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
