CVE-2025-36539 AVEVA PI Data Archive Uncaught Exception

AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service...

CVE-2021-24938

The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue...

CVE-2025-1091

CVE-2025-1091 is tied to Tenable Identity Exposure before version 3.77.9, where a Broken Authorization issue allowed any authenticated user to download IOA scripts and configuration files if the URL is known. Publicly available documents indicate the vulnerability is addressed in Tenable’s adviso...

CVE-2024-31840

An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current...

CVE-2022-4708 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Conditions Modification

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavetemplateconditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions und...