|
621
|
8.8 |
HIGH
Network
|
-
|
-
|
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace'…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-10936
|
2025-01-21 18:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
622
|
5.3 |
MEDIUM
Network
-
|
-
|
The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly acce…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-13536
|
2025-01-21 14:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
623
|
- |
|
-
|
-
|
NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network.
|
-
|
CVE-2025-0356
|
2025-01-21 13:15 |
2025-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
624
|
- |
|
-
|
-
|
Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.…
|
-
|
CVE-2025-0355
|
2025-01-21 13:15 |
2025-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
625
|
- |
|
-
|
-
|
Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP…
|
-
|
CVE-2025-0354
|
2025-01-21 13:15 |
2025-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
626
|
- |
|
-
|
-
|
Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in ba…
|
-
|
CVE-2025-24014
|
2025-01-21 12:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
627
|
6.2 |
MEDIUM
Local
|
-
|
-
|
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-45091
|
2025-01-21 10:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
628
|
- |
|
-
|
-
|
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is pos…
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2025-23214
|
2025-01-21 03:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
629
|
4.0 |
MEDIUM
Local
|
-
|
-
|
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.
|
CWE-525
Use of Web Browser Cache Containing Sensitive Information
|
CVE-2024-22349
|
2025-01-21 03:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
630
|
5.3 |
MEDIUM
Network
-
|
-
|
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensiti…
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2024-22348
|
2025-01-21 03:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
