|
1421
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient inpu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13547
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1422
|
8.8 |
HIGH
Network
|
-
|
-
|
The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and inclu…
|
CWE-269
Improper Privilege Management
|
CVE-2024-13343
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1423
|
5.3 |
MEDIUM
Network
-
|
-
|
The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_…
|
CWE-862
Missing Authorization
|
CVE-2024-12620
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1424
|
5.3 |
MEDIUM
Network
-
|
-
|
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all…
|
CWE-862
Missing Authorization
|
CVE-2024-12184
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1425
|
8.8 |
HIGH
Network
|
-
|
-
|
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all …
|
CWE-862
Missing Authorization
|
CVE-2024-12171
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1426
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Site Search 360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ss360-resultblock' shortcode in all versions up to, and including, 2.1.6 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11780
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1427
|
- |
|
-
|
-
|
Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as…
|
CWE-22
CWE-276
Path Traversal
Incorrect Default Permissions
|
CVE-2025-24891
|
2025-02-1 08:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1428
|
7.5 |
HIGH
Network
apple
|
macos
safari
|
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication.
|
NVD-CWE-Other
|
CVE-2025-24169
|
2025-02-1 07:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1429
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app may be able to cause unexpected system termination or corrupt kernel memory.
|
NVD-CWE-noinfo
|
CVE-2025-24152
|
2025-02-1 07:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1430
|
4.3 |
MEDIUM
Network
|
apple
|
macos
ipados
iphone_os
safari
visionos
|
The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoof…
|
NVD-CWE-noinfo
|
CVE-2025-24113
|
2025-02-1 07:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
