551
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthias Wagner - FALKEmedia Caching Compatible Cookie Opt-In and JavaScript allows Stored XSS. T…
|
CWE-79
Cross-site Scripting
|
CVE-2025-24547
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
552
|
- |
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a throug…
|
CWE-352
Origin Validation Error
|
CVE-2025-24546
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
553
|
- |
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a throug…
|
CWE-352
Origin Validation Error
|
CVE-2025-24543
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
554
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icegram Icegram allows Stored XSS. This issue affects Icegram: from n/a through 3.1.31.
|
CWE-79
Cross-site Scripting
|
CVE-2025-24542
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
555
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/cont…
|
CWE-284 CWE-434
Improper Access Control Unrestricted Upload of File with Dangerous Type
|
CVE-2025-0702
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
556
|
- |
|
-
|
-
|
In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.
|
-
|
CVE-2024-56404
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
557
|
- |
|
-
|
-
|
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2025-24362
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
558
|
2.8 |
LOW
Local
|
-
|
-
|
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint …
|
CWE-284
Improper Access Control
|
CVE-2024-35122
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
559
|
- |
|
-
|
-
|
LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially cr…
|
-
|
CVE-2019-15690
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
560
|
5.4 |
MEDIUM
Network
|
ayecode
|
ketchup_shortcodes
|
The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13590
|
2025-01-25 03:09 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|