Medium
CVSS: 6.4
Yayın: 2025-01-14 09:15:20
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and…
Medium
CVSS: 4.9
Yayın: 2025-01-14 09:15:20
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeho…
Medium
CVSS: 6.5
Yayın: 2025-01-14 09:15:19
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which…
High
CVSS: 8.5
Yayın: 2025-01-14 07:15:26
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers,…
Medium
CVSS: 5.3
Yayın: 2025-01-14 07:15:25
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive…
Medium
CVSS: 5.3
Yayın: 2025-01-14 07:15:25
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to dea…
Medium
CVSS: 6.4
Yayın: 2025-01-14 06:15:15
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied at…
Unknown
CVSS: -
Yayın: 2025-01-14 04:15:09
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-22506 Reason: This candidate is a reservation duplicate of CVE-2025-22506. Notes: All CVE users should reference CVE-2025-22506 instead of this candidate. All refere…
High
CVSS: 7.2
Yayın: 2025-01-14 02:15:08
Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
High
CVSS: 8.8
Yayın: 2025-01-14 02:15:07
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to…
Unknown
CVSS: -
Yayın: 2025-01-14 02:15:07
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Medium
CVSS: 6.4
Yayın: 2025-01-14 01:15:18
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `remuneracao.php` endpoint of the WeGIA application. This vulnerability a…
Medium
CVSS: 6.4
Yayın: 2025-01-14 01:15:18
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application. This vulnerability allow…
Medium
CVSS: 6.4
Yayın: 2025-01-14 01:15:18
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `pre_cadastro_funcionario.php` endpoint of the WeGIA application. This…
Medium
CVSS: 6.4
Yayın: 2025-01-14 01:15:18
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_quadro_horario.php` endpoint of the WeGIA application. Th…
Medium
CVSS: 6.4
Yayın: 2025-01-14 01:15:18
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `tags.php` endpoint of the WeGIA application. This vulnerability allow…
Medium
CVSS: 6.4
Yayın: 2025-01-14 01:15:18
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_situacao.php` endpoint of the WeGIA application. This vulnerab…
Medium
CVSS: 6.4
Yayın: 2025-01-14 01:15:17
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_escala.php` endpoint of the WeGIA application. This vulnerabil…
Medium
CVSS: 6.4
Yayın: 2025-01-14 01:15:17
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_alergia.php` endpoint of the WeGIA application. This vulnerabi…
Medium
CVSS: 6.4
Yayın: 2025-01-14 01:15:17
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `cadastro_funcionario.php` endpoint of the WeGIA application. This vul…