|
2371
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sliderpro' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11899
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2372
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to ins…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11777
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2373
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter a…
|
CWE-89
SQL Injection
|
CVE-2024-11437
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2374
|
- |
|
-
|
-
|
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading…
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2025-22395
|
2025-01-7 12:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2375
|
- |
|
-
|
-
|
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different d…
|
CWE-200
Information Exposure
|
CVE-2025-21620
|
2025-01-7 08:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2376
|
- |
|
-
|
-
|
The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone call…
|
-
|
CVE-2024-53932
|
2025-01-7 07:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2377
|
- |
|
-
|
-
|
The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by s…
|
-
|
CVE-2024-53931
|
2025-01-7 07:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2378
|
- |
|
-
|
-
|
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and su…
|
CWE-20
Improper Input Validation
|
CVE-2024-51741
|
2025-01-7 07:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2379
|
- |
|
-
|
-
|
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code…
|
CWE-416
Use After Free
|
CVE-2024-46981
|
2025-01-7 07:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2380
|
- |
|
-
|
-
|
Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password.
|
-
|
CVE-2024-55076
|
2025-01-7 06:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
