51
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: sched: Disallow replacing of child qdisc from one parent to another
Lion Ackermann was able to create a UAF which can be abu…
Update
|
-
|
CVE-2025-21700
|
2025-02-21 23:15 |
2025-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
52
|
- |
|
-
|
-
|
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
New
|
-
|
CVE-2025-26794
|
2025-02-21 22:15 |
2025-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
53
|
- |
|
-
|
-
|
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' para…
Update
|
-
|
CVE-2025-22209
|
2025-02-21 22:15 |
2025-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
54
|
- |
|
-
|
-
|
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter i…
Update
|
-
|
CVE-2025-22208
|
2025-02-21 22:15 |
2025-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
55
|
4.3 |
MEDIUM
Network
|
ncrafts
|
formcraft
|
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it pos…
New
|
CWE-862
Missing Authorization
|
CVE-2024-13783
|
2025-02-21 21:19 |
2025-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
56
|
9.8 |
CRITICAL
Network
|
presslayouts
|
pressmart
|
The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the softwa…
New
|
CWE-94
Code Injection
|
CVE-2024-13797
|
2025-02-21 21:17 |
2025-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
57
|
6.1 |
MEDIUM
Network
|
wpexperts
|
post_smtp
|
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization a…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-0521
|
2025-02-21 21:16 |
2025-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
58
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipul…
New
|
CWE-89 CWE-74
SQL Injection Injection
|
CVE-2025-1535
|
2025-02-21 21:15 |
2025-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
59
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization an…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-1489
|
2025-02-21 21:15 |
2025-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
60
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and in…
New
|
CWE-862
Missing Authorization
|
CVE-2025-1402
|
2025-02-21 21:15 |
2025-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|