WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by theviper17 in WordPress Plugin StoreKeeper for WooCommerce versions = 14.4.4...

WordPress ONLYOFFICE Docs plugin 1.1.0-2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function

Missing Authorization to Unauthenticated Privilege Escalation via callback Function vulnerability discovered by kr0d in WordPress Plugin ONLYOFFICE versions 1.1.0-2.2.0...

Unauthorized Access to AMD Secure Processor’s Crypto-Co-Processor

CVE Details Refer to Glossary for explanation of terms CVE| CVSS Score| CVE Description ---|---|--- CVE-2023-20599| 7.9 High CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N| Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto...

WordPress elfsight Contact Form widget plugin <= 2.3.1 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin elfsight Contact Form widget versions = 2.3.1...

WordPress Majestic Support plugin <= 1.1.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by LVT-tholv2k in WordPress Plugin Majestic Support versions = 1.1.0...

Mozilla Firefox Security Advisory (MFSA2025-28) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2025-28. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

WordPress Flynax Bridge plugin <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update vulnerability

Unauthenticated Privilege Escalation via Password Update vulnerability discovered by kr0d in WordPress Plugin Flynax Bridge versions = 2.2.0...

WordPress FoodBakery plugin <= 3.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin FoodBakery versions = 3.3...

WordPress WpBookingly plugin <= 1.3.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WpBookingly versions = 1.3.0...

📄 YesWiki 4.5.1 Path Traversal

YesWiki version 4.5.1 suffers from an unauthenticated path traversal vulnerability. Exploit Title: YesWiki 4.5.2 - Unauthenticated Path Traversal Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-31131 Vendor Homepage: https://yeswiki.net/ Software Link:...

Chamilo LMS 1.11.24 Shell Upload

Chamilo LMS versions 1.11.24 and below remote shell upload exploit. Exploit Title: Chamilo LMS 1.11.24 - Remote Code Execution RCE Exploit Author: 0x00-null - Mohamed Kamel BOUZEKRIA Exploit Date: September 3, 2024 Vendor Homepage: https://chamilo.org/ Software Link: https://chamilo.org/ Version:...

Chamilo LMS 1.11.24 - Remote Code Execution (RCE)

Exploit Title: Chamilo LMS 1.11.24 - Remote Code Execution RCE Exploit Author: 0x00-null - Mohamed Kamel BOUZEKRIA Exploit Date: September 3, 2024 Vendor Homepage: https://chamilo.org/ Software Link: https://chamilo.org/ Version: 1.11.24 Beersel Tested Versions: 1.11.24 Beersel - August 31, 2023...

openSUSE Security Advisory (SUSE-SU-2024:0817-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LTL Freight Quotes – Estes Edition 3.3.7 SQL Injection Vulnerability

CVE-2024-13488 LTL Freight Quotes – Estes Edition = 5.6 AND error-based - WHERE, HAVING...

LTL Freight Quotes – Old Dominion Edition 4.2.10 SQL Injection

LTL Freight Quotes – Old Dominion Edition versions 4.2.10 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2024-13489 LTL Freight Quotes – Old Dominion Edition = 4.2.10 - Unauthenticated SQL Injection Description The LTL Freight Quotes – Old Dominion Edition plugin...

LTL Freight Quotes – Estes Edition 3.3.7 SQL Injection

LTL Freight Quotes – Estes Edition versions 3.3.7 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2024-13488 LTL Freight Quotes – Estes Edition = 3.3.7 - Unauthenticated SQL Injection Description The LTL Freight Quotes – Estes Edition plugin for WordPress is...

LTL Freight Quotes – SAIA Edition 2.2.10 SQL Injection Vulnerability

CVE-2024-13483 LTL Freight Quotes – SAIA Edition = 5.6 AND error-based - WHERE, HAVING...

NVIDIA nvJPEG2000 cSIZ out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-2080 NVIDIA nvJPEG2000 cSIZ out-of-bounds write vulnerability February 11, 2025 CVE Number CVE-2024-0142 SUMMARY A memory corruption vulnerability exists in the Image Decoding functionality of NVIDIA nvJPEG2000 0.8.0. A specially crafted .jp2 file can lead to...

CVE-2019-3663

Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense ATD prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted i...

WordPress SuperBackup 2.3.3 Missing Authorization Vulnerability

CVE-2024-56067 WP SuperBackup = 2.3.3 - Missing Authorization to Unauthenticated Back-Up File Download Description The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and...