|
41
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficie…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10552
|
2025-01-25 16:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
42
|
8.8 |
HIGH
Network
|
-
|
-
|
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-0682
|
2025-01-25 15:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
43
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input…
New
|
CWE-85
|
CVE-2024-13721
|
2025-01-25 15:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
44
|
- |
|
-
|
-
|
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is requi…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2025-0411
|
2025-01-25 14:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
45
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. Th…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-13709
|
2025-01-25 13:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
46
|
9.8 |
CRITICAL
Network
-
|
-
|
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-0357
|
2025-01-25 11:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
47
|
- |
|
-
|
-
|
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific condit…
New
|
-
|
CVE-2025-23006
|
2025-01-25 11:00 |
2025-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
48
|
- |
|
-
|
-
|
Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of th…
New
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2025-24361
|
2025-01-25 10:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
49
|
- |
|
-
|
-
|
Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read th…
New
|
CWE-200
Information Exposure
|
CVE-2025-24360
|
2025-01-25 10:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
50
|
- |
|
-
|
-
|
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.
New
|
-
|
CVE-2024-50698
|
2025-01-25 08:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
