|
1761
|
5.4 |
MEDIUM
Network
|
ayecode
|
ketchup_shortcodes
|
The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13590
|
2025-01-25 03:09 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1762
|
4.3 |
MEDIUM
Network
|
quantumcloud
|
wpot
|
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versio…
|
CWE-862
Missing Authorization
|
CVE-2024-12879
|
2025-01-25 03:07 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1763
|
- |
|
-
|
-
|
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. …
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2025-24355
|
2025-01-25 02:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1764
|
- |
|
-
|
-
|
ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute…
|
CWE-134
CWE-749
Use of Externally-Controlled Format String
Exposed Dangerous Method or Function
|
CVE-2025-24359
|
2025-01-25 02:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1765
|
- |
|
-
|
-
|
An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbit…
|
-
|
CVE-2025-23222
|
2025-01-25 02:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1766
|
- |
|
-
|
-
|
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve…
|
CWE-200
CWE-862
Information Exposure
Missing Authorization
|
CVE-2025-22612
|
2025-01-25 02:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1767
|
- |
|
-
|
-
|
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalat…
|
CWE-862
Missing Authorization
|
CVE-2025-22611
|
2025-01-25 02:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1768
|
- |
|
-
|
-
|
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch t…
|
CWE-862
Missing Authorization
|
CVE-2025-22610
|
2025-01-25 02:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1769
|
- |
|
-
|
-
|
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach …
|
CWE-862
Missing Authorization
|
CVE-2025-22609
|
2025-01-25 02:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1770
|
- |
|
-
|
-
|
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke …
|
CWE-639
CWE-862
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2025-22608
|
2025-01-25 02:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
