|
341
|
7.8 |
HIGH
Local
|
microsoft
|
windows_server_2025
windows_server_2022_23h2
windows_11_24h2
|
Microsoft Brokering File System Elevation of Privilege Vulnerability
Update
|
NVD-CWE-noinfo
|
CVE-2025-21315
|
2025-01-22 23:40 |
2025-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
342
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New
|
-
|
CVE-2024-57937
|
2025-01-22 22:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
343
|
7.3 |
HIGH
Network
-
|
-
|
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() fu…
New
|
CWE-94
Code Injection
|
CVE-2024-13499
|
2025-01-22 20:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
344
|
7.5 |
HIGH
Network
-
|
-
|
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versi…
New
|
CWE-89
SQL Injection
|
CVE-2024-13496
|
2025-01-22 20:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
345
|
7.3 |
HIGH
Network
-
|
-
|
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs…
New
|
CWE-94
Code Injection
|
CVE-2024-13495
|
2025-01-22 20:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
346
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and in…
New
|
CWE-862
Missing Authorization
|
CVE-2024-13447
|
2025-01-22 20:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347
|
- |
|
-
|
-
|
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version…
New
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2022-23439
|
2025-01-22 19:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348
|
7.2 |
HIGH
Network
|
-
|
-
|
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_conten…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-0429
|
2025-01-22 17:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349
|
7.2 |
HIGH
Network
|
-
|
-
|
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_conten…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-0428
|
2025-01-22 17:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including…
New
|
CWE-862
Missing Authorization
|
CVE-2024-13361
|
2025-01-22 17:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
