Latest CVE Feed
-
9.4
CVSS31CVE-2025-25182
Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with A... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2024-57000
An issue in Anyscale Inc Ray between v.2.9.3 and v.2.40.0 allows a remote attacker to execute arbitrary code via a crafted script.... Read more
Affected Products :- Published: Feb. 11, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2025-26345
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests.... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2025-26344
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests.... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2024-13365
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive() function in all versions up t... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2022-3180
The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.... Read more
Affected Products :- Published: Feb. 11, 2025
- Modified: Feb. 12, 2025
-
9.1
CVSS31CVE-2025-26361
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2025-26359
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests.... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2025-26347
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests.... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2025-26342
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HT... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2025-26341
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests.... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2025-26339
A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multip... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2025-1100
A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH.... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.9
CVSS31CVE-2024-10960
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with ... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2024-12213
The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS31CVE-2024-13421
The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possi... Read more
Affected Products : real_estate_7- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
-
9.8
CVSS30CVE-2025-1044
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerabi... Read more
Affected Products : unified_secops_platform- Published: Feb. 11, 2025
- Modified: Feb. 11, 2025
-
9.8
CVSS31CVE-2024-12366
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM.... Read more
Affected Products :- Published: Feb. 11, 2025
- Modified: Feb. 11, 2025
-
9.1
CVSS31CVE-2025-24434
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security m... Read more
Affected Products : commerce- Published: Feb. 11, 2025
- Modified: Feb. 11, 2025
-
9.0
CVSS31CVE-2025-21198
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability... Read more
Affected Products :- Published: Feb. 11, 2025
- Modified: Feb. 11, 2025