CVE-2025-1507 - ShareThis Dashboard for Google Analytics WordPress Unauthorized Data Modification
CVE ID : CVE-2025-1507
Published : March 14, 2025, 9:15 a.m. | 1 hour, 37 minutes ago
Description : The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1507
Published : March 14, 2025, 9:15 a.m. | 1 hour, 37 minutes ago
Description : The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-26006 - FortiOS FortiProxy Cross-Site Scripting (XSS)
CVE ID : CVE-2024-26006
Published : March 14, 2025, 10:15 a.m. | 37 minutes ago
Description : An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-26006
Published : March 14, 2025, 10:15 a.m. | 37 minutes ago
Description : An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12810 - The JobCareer | Job Board Responsive WordPress Theme Unauthenticated Remote Code Execution and Data Manipulation
CVE ID : CVE-2024-12810
Published : March 14, 2025, 12:15 p.m. | 2 hours, 37 minutes ago
Description : The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate backups, restore backups, update theme options, and reset theme options to default settings.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12810
Published : March 14, 2025, 12:15 p.m. | 2 hours, 37 minutes ago
Description : The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate backups, restore backups, update theme options, and reset theme options to default settings.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13771 - Civi WordPress Theme Unauthenticated Password Change Bypass
CVE ID : CVE-2024-13771
Published : March 14, 2025, 12:15 p.m. | 2 hours, 37 minutes ago
Description : The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13771
Published : March 14, 2025, 12:15 p.m. | 2 hours, 37 minutes ago
Description : The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13772 - Civi Job Board & Freelance Marketplace WordPress Theme Plugin Authentication Bypass
CVE ID : CVE-2024-13772
Published : March 14, 2025, 12:15 p.m. | 2 hours, 37 minutes ago
Description : The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-On via Google or Facebook. This makes it possible for unauthenticated attackers to change the password of arbitrary Candidate-level users if the attacker knows the username assigned to the victim during account creation.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13772
Published : March 14, 2025, 12:15 p.m. | 2 hours, 37 minutes ago
Description : The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-On via Google or Facebook. This makes it possible for unauthenticated attackers to change the password of arbitrary Candidate-level users if the attacker knows the username assigned to the victim during account creation.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13773 - Civi WordPress Theme Exposed Credentials
CVE ID : CVE-2024-13773
Published : March 14, 2025, 12:15 p.m. | 2 hours, 37 minutes ago
Description : The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13773
Published : March 14, 2025, 12:15 p.m. | 2 hours, 37 minutes ago
Description : The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2232 - Realteo - Real Estate Plugin by Purethemes WordPress Authentication Bypass Vulnerability
CVE ID : CVE-2025-2232
Published : March 14, 2025, 12:15 p.m. | 2 hours, 37 minutes ago
Description : The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2232
Published : March 14, 2025, 12:15 p.m. | 2 hours, 37 minutes ago
Description : The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26626 - GLPI Inventory Plugin Cross-Site Scripting
CVE ID : CVE-2025-26626
Published : March 14, 2025, 1:15 p.m. | 1 hour, 36 minutes ago
Description : The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26626
Published : March 14, 2025, 1:15 p.m. | 1 hour, 36 minutes ago
Description : The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27593 - Cisco SDD Device Driver Code Execution Vulnerability
CVE ID : CVE-2025-27593
Published : March 14, 2025, 1:15 p.m. | 1 hour, 36 minutes ago
Description : The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27593
Published : March 14, 2025, 1:15 p.m. | 1 hour, 36 minutes ago
Description : The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27594 - Cisco Device Pass-the-Hash Vulnerability
CVE ID : CVE-2025-27594
Published : March 14, 2025, 1:15 p.m. | 1 hour, 36 minutes ago
Description : The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27594
Published : March 14, 2025, 1:15 p.m. | 1 hour, 36 minutes ago
Description : The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27595 - Cisco Device Weak Password Hash Vulnerability
CVE ID : CVE-2025-27595
Published : March 14, 2025, 1:15 p.m. | 1 hour, 36 minutes ago
Description : The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27595
Published : March 14, 2025, 1:15 p.m. | 1 hour, 36 minutes ago
Description : The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2000 - Qiskit QPY File Deserialization Code Execution Vulnerability
CVE ID : CVE-2025-2000
Published : March 14, 2025, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2000
Published : March 14, 2025, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2304 - Camaleon CMS Privilege Escalation Vulnerability
CVE ID : CVE-2025-2304
Published : March 14, 2025, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2304
Published : March 14, 2025, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29029 - Tenda AC6 Buffer Overflow Vulnerability
CVE ID : CVE-2025-29029
Published : March 14, 2025, 2:15 p.m. | 37 minutes ago
Description : Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29029
Published : March 14, 2025, 2:15 p.m. | 37 minutes ago
Description : Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29030 - Tenda AC6 Buffer Overflow Vulnerability
CVE ID : CVE-2025-29030
Published : March 14, 2025, 2:15 p.m. | 37 minutes ago
Description : Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29030
Published : March 14, 2025, 2:15 p.m. | 37 minutes ago
Description : Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29031 - Tenda AC6 Buffer Overflow
CVE ID : CVE-2025-29031
Published : March 14, 2025, 2:15 p.m. | 37 minutes ago
Description : Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29031
Published : March 14, 2025, 2:15 p.m. | 37 minutes ago
Description : Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29032 - Tenda AC9 Buffer Overflow Vulnerability
CVE ID : CVE-2025-29032
Published : March 14, 2025, 2:15 p.m. | 37 minutes ago
Description : Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29032
Published : March 14, 2025, 2:15 p.m. | 37 minutes ago
Description : Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29776 - Azle WebAssembly Runtime Timer Infinite Loop Vulnerability
CVE ID : CVE-2025-29776
Published : March 14, 2025, 2:15 p.m. | 37 minutes ago
Description : Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Calling `setTimer` in Azle versions `0.27.0`, `0.28.0`, and `0.29.0` causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer. The infinite loop will occur with any valid invocation of `setTimer`. The problem has been fixed as of Azle version `0.30.0`. As a workaround, if a canister is caught in this infinite loop after calling `setTimer`, the canister can be upgraded and the timers will all be cleared, thus ending the loop.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29776
Published : March 14, 2025, 2:15 p.m. | 37 minutes ago
Description : Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Calling `setTimer` in Azle versions `0.27.0`, `0.28.0`, and `0.29.0` causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer. The infinite loop will occur with any valid invocation of `setTimer`. The problem has been fixed as of Azle version `0.30.0`. As a workaround, if a canister is caught in this infinite loop after calling `setTimer`, the canister can be upgraded and the timers will all be cleared, thus ending the loop.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2268 - HP LaserJet MFP M232-M237 Printer Series IPP Denial of Service Vulnerability
CVE ID : CVE-2025-2268
Published : March 14, 2025, 2:15 p.m. | 37 minutes ago
Description : The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2268
Published : March 14, 2025, 2:15 p.m. | 37 minutes ago
Description : The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25872 - Open Panel Privilege Escalation Vulnerability
CVE ID : CVE-2025-25872
Published : March 14, 2025, 4:15 p.m. | 2 hours, 36 minutes ago
Description : An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25872
Published : March 14, 2025, 4:15 p.m. | 2 hours, 36 minutes ago
Description : An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25873 - Open Panel OpenAdmin Cross Site Request Forgery Privilege Escalation
CVE ID : CVE-2025-25873
Published : March 14, 2025, 4:15 p.m. | 2 hours, 36 minutes ago
Description : Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25873
Published : March 14, 2025, 4:15 p.m. | 2 hours, 36 minutes ago
Description : Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...