Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-0843 A vulnerability was found in needyamin Library Card System 1.0. It has been classified as critical. Affected is an unknown function of the file admindashboard.php of the component Admin Panel. The man... | 7.3 | HIGH | — | 0 |
| CVE-2025-0844 A vulnerability was found in needyamin Library Card System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file signup.php of the component ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-0846 A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/AdminLogin.php. The manipulation of ... | 7.3 | HIGH | — | 0 |
| CVE-2025-0847 A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /index.php of the component Login.... | 7.3 | HIGH | — | 0 |
| CVE-2025-0849 A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipula... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-0373 On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow. A NFS server that exports a... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-0374 When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-0662 In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied,... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-23374 Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with... | 8.0 | HIGH | — | 0 |
| CVE-2024-12921 The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13457 The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing vali... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-13642 The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13470 The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2658 A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authe... | N/A | NONE | — | 0 |
| CVE-2024-13694 The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and inclu... | 7.5 | HIGH | — | 0 |
| CVE-2024-13732 The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘section_tag’ parameter in all versions up to, and including, 1.9.9 due to ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13758 The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on t... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-0834 Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wond... | 7.8 | HIGH | — | 0 |
| CVE-2025-0860 The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all versions up to, and including, 3.0.1 due to insufficient input... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-21107 Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could pot... | 7.8 | HIGH | — | 0 |
| CVE-2024-12524 The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including, 1.9 due to insuffici... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13453 The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.6.0. This is due to the soft... | 7.3 | HIGH | — | 0 |
| CVE-2024-13706 The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization a... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-13380 The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rr_form' shortcode in all versions up to, and including, 2.0.5 due t... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13466 The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode in all versions up to, and including, 2.... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-0869 A vulnerability was found in Cianet ONU GW24AC up to 20250127. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Login. The manipulation ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-12102 The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.6 via the 'elementor-template' shortcode due to insufficient restrictions on which p... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-12129 The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function in... | 8.8 | HIGH | — | 0 |
| CVE-2025-0367 In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Serv... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-10847 The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 18 due to insufficient input sanitization and output esc... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12444 The WP Dispensary plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpd_menu' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12861 The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2s_view_log' AJAX action. This makes it possi... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-24506 A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types. | N/A | NONE | — | 0 |
| CVE-2024-13400 The Kona Gallery Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Kona: Instagram for Gutenberg" Block, specifically in the "align" attribute, in all versions up to, an... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13460 The WE – Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Testimonial Author Names in all versions up to, and including, 1.5 due to insufficient input sanitizat... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13512 The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on one of its fu... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-13549 The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Accordion" widget in all versions up to, and including, 1.3.26 due to insufficient input sanitizatio... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13596 The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'survey' shortcode in all versions up to, and... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-24507 This vulnerability allows appliance compromise at boot time. | N/A | NONE | — | 0 |
| CVE-2024-13646 The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'single_user_chat_update_login' ... | 8.1 | HIGH | — | 0 |
| CVE-2024-13661 The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditor_vtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient inpu... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13664 The WP Post List Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpb_post_list_table' shortcode in all versions up to, and including, 1.0.3 due to insufficien... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13670 The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pn_msv' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitiz... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-0142 Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-13700 The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitiz... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13707 The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the gky_imag... | 8.8 | HIGH | — | 0 |
| CVE-2024-13715 The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3.... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-13720 The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to, a... | 8.8 | HIGH | — | 0 |
| CVE-2024-8494 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-53615 A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video fi... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.