Latest CVE Feed
-
8.5
HIGHCVE-2021-39151
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39144
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is a... Read more
- Actively Exploited
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
4.7
MEDIUMCVE-2025-0522
The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more
Affected Products : likebot- Published: Feb. 06, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.5
HIGHCVE-2021-39146
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39148
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39150
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input st... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39152
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input st... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39154
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.8
HIGHCVE-2022-30550
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. ... Read more
- Published: Jul. 17, 2022
- Modified: May. 23, 2025
-
7.1
HIGHCVE-2024-13352
The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more
Affected Products : legull- Published: Feb. 07, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2024-13492
The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more
Affected Products : guten_free_options- Published: Feb. 07, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting
-
3.5
LOWCVE-2024-55416
DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed.... Read more
Affected Products : voyager- Published: Jan. 30, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2024-55417
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.... Read more
Affected Products : voyager- Published: Jan. 30, 2025
- Modified: May. 23, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-5099
An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution.... Read more
Affected Products :- Published: May. 23, 2025
- Modified: May. 23, 2025
- Vuln Type: Memory Corruption
-
9.1
CRITICALCVE-2025-5098
PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization.... Read more
Affected Products :- Published: May. 23, 2025
- Modified: May. 23, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-45472
Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account.... Read more
Affected Products :- Published: May. 22, 2025
- Modified: May. 23, 2025
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-0470
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization and ou... Read more
- Published: Jan. 31, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-0493
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter. This makes it possible for unauthentic... Read more
Affected Products : multivendorx- Published: Jan. 31, 2025
- Modified: May. 23, 2025
- Vuln Type: Path Traversal
-
6.1
MEDIUMCVE-2024-13100
The OPSI Israel Domestic Shipments WordPress plugin through 2.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more
Affected Products : opsi_israel_domestic_shipments- Published: Jan. 31, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2024-12872
The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more
Affected Products : zalomeni- Published: Jan. 31, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting