High
CVSS: 7.1
Yayın: 2025-01-23 16:15:38
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Navnish Bhardwaj WP Social Broadcast wp-social-broadcast allows Reflected XSS.This issue affects WP Social Broadcast: from n/a through
High
CVSS: 7.1
Yayın: 2025-01-23 16:15:37
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in heart5 StatPressCN statpresscn allows Reflected XSS.This issue affects StatPressCN: from n/a through
High
CVSS: 7.1
Yayın: 2025-01-23 16:15:37
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in edmon.parker Download, Downloads ydn-download allows Reflected XSS.This issue affects Download, Downloads : from n/a through
High
CVSS: 7.1
Yayın: 2025-01-23 16:15:37
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin Khan WP Front-end login and register wp-front-end-login-and-register allows Reflected XSS.This issue affects WP Front-end login and register:…
High
CVSS: 7.1
Yayın: 2025-01-23 16:15:37
Cross-Site Request Forgery (CSRF) vulnerability in JinHan Park Rocket Media Library Mime Type rocket-media-library-mime-type allows Stored XSS.This issue affects Rocket Media Library Mime Type: from n/a through
High
CVSS: 7.1
Yayın: 2025-01-23 16:15:37
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patel WP Query Creator wp-query-creator allows Reflected XSS.This issue affects WP Query Creator: from n/a through
Critical
CVSS: 9.8
Yayın: 2025-01-23 16:15:36
It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended fo…
Critical
CVSS: 10.0
Yayın: 2025-01-23 16:15:36
SQL Injection vulnerability in the default configuration of the Logitime WebClock application
Medium
CVSS: 5.8
Yayın: 2025-01-23 16:15:35
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
Medium
CVSS: 5.9
Yayın: 2025-01-23 16:15:33
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from…
Medium
CVSS: 5.5
Yayın: 2025-01-23 14:15:25
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_set_pipapo: fix initial map fill
The initial buffer has to be inited to all-ones, but it must restrict
it to the size of the first field, not the total field size.
A…
Medium
CVSS: 5.5
Yayın: 2025-01-23 14:15:25
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS.This issue affects Uyumsoft ERP: before Erp4.2109…
Critical
KEV CVSS: 9.8
Yayın: 2025-01-23 12:15:28
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthentica…
Medium
CVSS: 6.1
Yayın: 2025-01-23 12:15:28
The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output es…
Medium
CVSS: 6.4
Yayın: 2025-01-23 12:15:28
The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakes_input_email' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied…
Medium
CVSS: 6.4
Yayın: 2025-01-23 12:15:27
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and out…
Medium
CVSS: 6.5
Yayın: 2025-01-23 12:15:27
The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exi…
Medium
CVSS: 6.4
Yayın: 2025-01-23 12:15:27
The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient…
Medium
CVSS: 6.4
Yayın: 2025-01-23 12:15:26
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output…
Medium
CVSS: 5.9
Yayın: 2025-01-23 11:15:11
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change.