Show filters
675 Total Results
Displaying 21-30 of 675
Sort by:
Attacker Value
Unknown

CVE-2024-11583

Disclosure Date: January 30, 2025 (last updated February 27, 2025)
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete icon fonts that were previously uploaded.
Attacker Value
Unknown

CVE-2025-23792

Disclosure Date: January 27, 2025 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint allows Reflected XSS. This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through 1.1.6.
0
Attacker Value
Unknown

CVE-2025-22144

Disclosure Date: January 13, 2025 (last updated February 27, 2025)
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when the account is manually validated by a user with admincp.core.emails or admincp.users.edit permissions then the reset_code will no longer be NULL but empty. An attacker can request http://localhost/nameless/index.php?route=/forgot_password/&c= and reset the password. As a result an attacker may compromise another users password and take over their account. This issue has been addressed in release version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
0
Attacker Value
Unknown

CVE-2025-22142

Disclosure Date: January 13, 2025 (last updated February 27, 2025)
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff panel. As a result an attacker can execute javascript code on the staffer's computer. This issue has been addressed in version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
0
Attacker Value
Unknown

CVE-2024-54007

Disclosure Date: January 07, 2025 (last updated February 27, 2025)
Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system.
0
Attacker Value
Unknown

CVE-2024-54006

Disclosure Date: January 07, 2025 (last updated February 27, 2025)
Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system.
0
Attacker Value
Unknown

CVE-2024-56284

Disclosure Date: January 07, 2025 (last updated February 27, 2025)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SSL Wireless SSL Wireless SMS Notification allows SQL Injection.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0.
0
Attacker Value
Unknown

CVE-2023-47241

Disclosure Date: January 02, 2025 (last updated February 27, 2025)
Missing Authorization vulnerability in CoCart Headless, LLC CoCart – Headless ecommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoCart – Headless ecommerce: from n/a through 3.11.2.
0
Attacker Value
Unknown

CVE-2024-56220

Disclosure Date: December 31, 2024 (last updated February 27, 2025)
Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wireless SMS Notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0.
0
Attacker Value
Unknown

CVE-2023-31280

Disclosure Date: December 21, 2024 (last updated February 27, 2025)
An AirVantage online Warranty Checker tool vulnerability could allow an attacker to perform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial Number in addition to the warranty status when the Serial Number or IMEI is used to look up warranty status.
0