Critical Vulnerablities
@vulnalerts.bsky.social
Created by @hammslam.bsky.social
This was created to send CVEs (9.0 or higher) from the NVD and upload them here every day using the Bluesky API and NVD API
This was created to send CVEs (9.0 or higher) from the NVD and upload them here every day using the Bluesky API and NVD API
Vulnerability ID: CVE-2025-29814
Published: 2025-03-21T01:15:17.253
Last Modified: 2025-03-21T01:15:17.253
Description: Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Base Score: 9.3
Severity: CRITICAL
Published: 2025-03-21T01:15:17.253
Last Modified: 2025-03-21T01:15:17.253
Description: Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Base Score: 9.3
Severity: CRITICAL
March 21, 2025 at 11:00 AM
Vulnerability ID: CVE-2025-29814
Published: 2025-03-21T01:15:17.253
Last Modified: 2025-03-21T01:15:17.253
Description: Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Base Score: 9.3
Severity: CRITICAL
Published: 2025-03-21T01:15:17.253
Last Modified: 2025-03-21T01:15:17.253
Description: Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Base Score: 9.3
Severity: CRITICAL
Vulnerability ID: CVE-2025-2538
Published: 2025-03-20T21:15:23.730
Last Modified: 2025-03-20T21:15:23.730
Description: A specific type of ArcGIS Enterprise deployment, is vulnerable to a Password Recovery Exploitation vulnerability in Portal, that could allow an attacker to reset the password on the
Published: 2025-03-20T21:15:23.730
Last Modified: 2025-03-20T21:15:23.730
Description: A specific type of ArcGIS Enterprise deployment, is vulnerable to a Password Recovery Exploitation vulnerability in Portal, that could allow an attacker to reset the password on the
March 21, 2025 at 11:00 AM
Vulnerability ID: CVE-2025-2538
Published: 2025-03-20T21:15:23.730
Last Modified: 2025-03-20T21:15:23.730
Description: A specific type of ArcGIS Enterprise deployment, is vulnerable to a Password Recovery Exploitation vulnerability in Portal, that could allow an attacker to reset the password on the
Published: 2025-03-20T21:15:23.730
Last Modified: 2025-03-20T21:15:23.730
Description: A specific type of ArcGIS Enterprise deployment, is vulnerable to a Password Recovery Exploitation vulnerability in Portal, that could allow an attacker to reset the password on the
Vulnerability ID: CVE-2025-29980
Published: 2025-03-20T19:15:38.080
Last Modified: 2025-03-20T20:15:33.233
Description: A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the cur
Published: 2025-03-20T19:15:38.080
Last Modified: 2025-03-20T20:15:33.233
Description: A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the cur
March 21, 2025 at 11:00 AM
Vulnerability ID: CVE-2025-29980
Published: 2025-03-20T19:15:38.080
Last Modified: 2025-03-20T20:15:33.233
Description: A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the cur
Published: 2025-03-20T19:15:38.080
Last Modified: 2025-03-20T20:15:33.233
Description: A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the cur
Vulnerability ID: CVE-2025-29922
Published: 2025-03-20T18:15:19.063
Last Modified: 2025-03-20T18:15:19.063
Description: kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or de
Published: 2025-03-20T18:15:19.063
Last Modified: 2025-03-20T18:15:19.063
Description: kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or de
March 21, 2025 at 11:00 AM
Vulnerability ID: CVE-2025-29922
Published: 2025-03-20T18:15:19.063
Last Modified: 2025-03-20T18:15:19.063
Description: kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or de
Published: 2025-03-20T18:15:19.063
Last Modified: 2025-03-20T18:15:19.063
Description: kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or de
Vulnerability ID: CVE-2025-2311
Published: 2025-03-20T12:15:14.750
Last Modified: 2025-03-21T07:15:36.820
Description: Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard all
Published: 2025-03-20T12:15:14.750
Last Modified: 2025-03-21T07:15:36.820
Description: Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard all
March 21, 2025 at 11:00 AM
Vulnerability ID: CVE-2025-2311
Published: 2025-03-20T12:15:14.750
Last Modified: 2025-03-21T07:15:36.820
Description: Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard all
Published: 2025-03-20T12:15:14.750
Last Modified: 2025-03-21T07:15:36.820
Description: Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard all
Vulnerability ID: CVE-2025-2505
Published: 2025-03-20T08:15:11.873
Last Modified: 2025-03-20T08:15:11.873
Description: The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthen
Published: 2025-03-20T08:15:11.873
Last Modified: 2025-03-20T08:15:11.873
Description: The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthen
March 21, 2025 at 11:00 AM
Vulnerability ID: CVE-2025-2505
Published: 2025-03-20T08:15:11.873
Last Modified: 2025-03-20T08:15:11.873
Description: The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthen
Published: 2025-03-20T08:15:11.873
Last Modified: 2025-03-20T08:15:11.873
Description: The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthen
Vulnerability ID: CVE-2024-12016
Published: 2025-03-20T08:15:11.547
Last Modified: 2025-03-20T08:15:11.547
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: throug
Published: 2025-03-20T08:15:11.547
Last Modified: 2025-03-20T08:15:11.547
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: throug
March 21, 2025 at 11:00 AM
Vulnerability ID: CVE-2024-12016
Published: 2025-03-20T08:15:11.547
Last Modified: 2025-03-20T08:15:11.547
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: throug
Published: 2025-03-20T08:15:11.547
Last Modified: 2025-03-20T08:15:11.547
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: throug
Vulnerability ID: CVE-2025-2311
Published: 2025-03-20T12:15:14.750
Last Modified: 2025-03-20T12:15:14.750
Description: Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Nebula Informatics SecHard allows Authentica
Published: 2025-03-20T12:15:14.750
Last Modified: 2025-03-20T12:15:14.750
Description: Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Nebula Informatics SecHard allows Authentica
March 20, 2025 at 11:00 PM
Vulnerability ID: CVE-2025-2311
Published: 2025-03-20T12:15:14.750
Last Modified: 2025-03-20T12:15:14.750
Description: Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Nebula Informatics SecHard allows Authentica
Published: 2025-03-20T12:15:14.750
Last Modified: 2025-03-20T12:15:14.750
Description: Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Nebula Informatics SecHard allows Authentica
Vulnerability ID: CVE-2025-2505
Published: 2025-03-20T08:15:11.873
Last Modified: 2025-03-20T08:15:11.873
Description: The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthen
Published: 2025-03-20T08:15:11.873
Last Modified: 2025-03-20T08:15:11.873
Description: The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthen
March 20, 2025 at 11:00 PM
Vulnerability ID: CVE-2025-2505
Published: 2025-03-20T08:15:11.873
Last Modified: 2025-03-20T08:15:11.873
Description: The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthen
Published: 2025-03-20T08:15:11.873
Last Modified: 2025-03-20T08:15:11.873
Description: The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthen
Vulnerability ID: CVE-2024-12016
Published: 2025-03-20T08:15:11.547
Last Modified: 2025-03-20T08:15:11.547
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: throug
Published: 2025-03-20T08:15:11.547
Last Modified: 2025-03-20T08:15:11.547
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: throug
March 20, 2025 at 11:00 PM
Vulnerability ID: CVE-2024-12016
Published: 2025-03-20T08:15:11.547
Last Modified: 2025-03-20T08:15:11.547
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: throug
Published: 2025-03-20T08:15:11.547
Last Modified: 2025-03-20T08:15:11.547
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: throug
Vulnerability ID: CVE-2025-29783
Published: 2025-03-19T16:15:32.477
Last Modified: 2025-03-19T16:15:32.477
Description: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP
Published: 2025-03-19T16:15:32.477
Last Modified: 2025-03-19T16:15:32.477
Description: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP
March 20, 2025 at 11:00 AM
Vulnerability ID: CVE-2025-29783
Published: 2025-03-19T16:15:32.477
Last Modified: 2025-03-19T16:15:32.477
Description: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP
Published: 2025-03-19T16:15:32.477
Last Modified: 2025-03-19T16:15:32.477
Description: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP
Vulnerability ID: CVE-2025-29137
Published: 2025-03-19T16:15:31.677
Last Modified: 2025-03-19T21:15:41.063
Description: Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.
Base Score: 9.8
Severity: CRIT
Published: 2025-03-19T16:15:31.677
Last Modified: 2025-03-19T21:15:41.063
Description: Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.
Base Score: 9.8
Severity: CRIT
March 20, 2025 at 11:00 AM
Vulnerability ID: CVE-2025-29137
Published: 2025-03-19T16:15:31.677
Last Modified: 2025-03-19T21:15:41.063
Description: Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.
Base Score: 9.8
Severity: CRIT
Published: 2025-03-19T16:15:31.677
Last Modified: 2025-03-19T21:15:41.063
Description: Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.
Base Score: 9.8
Severity: CRIT
Vulnerability ID: CVE-2025-2512
Published: 2025-03-19T12:15:14.463
Last Modified: 2025-03-19T12:15:14.463
Description: The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all version
Published: 2025-03-19T12:15:14.463
Last Modified: 2025-03-19T12:15:14.463
Description: The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all version
March 20, 2025 at 11:00 AM
Vulnerability ID: CVE-2025-2512
Published: 2025-03-19T12:15:14.463
Last Modified: 2025-03-19T12:15:14.463
Description: The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all version
Published: 2025-03-19T12:15:14.463
Last Modified: 2025-03-19T12:15:14.463
Description: The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all version
Vulnerability ID: CVE-2024-13442
Published: 2025-03-19T12:15:13.857
Last Modified: 2025-03-19T12:15:13.857
Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not
Published: 2025-03-19T12:15:13.857
Last Modified: 2025-03-19T12:15:13.857
Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not
March 20, 2025 at 11:00 AM
Vulnerability ID: CVE-2024-13442
Published: 2025-03-19T12:15:13.857
Last Modified: 2025-03-19T12:15:13.857
Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not
Published: 2025-03-19T12:15:13.857
Last Modified: 2025-03-19T12:15:13.857
Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not
Vulnerability ID: CVE-2024-13790
Published: 2025-03-19T09:15:14.250
Last Modified: 2025-03-19T09:15:14.250
Description: The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'templat
Published: 2025-03-19T09:15:14.250
Last Modified: 2025-03-19T09:15:14.250
Description: The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'templat
March 20, 2025 at 11:00 AM
Vulnerability ID: CVE-2024-13790
Published: 2025-03-19T09:15:14.250
Last Modified: 2025-03-19T09:15:14.250
Description: The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'templat
Published: 2025-03-19T09:15:14.250
Last Modified: 2025-03-19T09:15:14.250
Description: The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'templat
Vulnerability ID: CVE-2024-13410
Published: 2025-03-19T07:15:33.233
Last Modified: 2025-03-19T07:15:33.233
Description: The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0,
Published: 2025-03-19T07:15:33.233
Last Modified: 2025-03-19T07:15:33.233
Description: The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0,
March 20, 2025 at 11:00 AM
Vulnerability ID: CVE-2024-13410
Published: 2025-03-19T07:15:33.233
Last Modified: 2025-03-19T07:15:33.233
Description: The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0,
Published: 2025-03-19T07:15:33.233
Last Modified: 2025-03-19T07:15:33.233
Description: The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0,
Vulnerability ID: CVE-2024-12922
Published: 2025-03-19T06:15:15.120
Last Modified: 2025-03-19T06:15:15.120
Description: The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in al
Published: 2025-03-19T06:15:15.120
Last Modified: 2025-03-19T06:15:15.120
Description: The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in al
March 20, 2025 at 11:00 AM
Vulnerability ID: CVE-2024-12922
Published: 2025-03-19T06:15:15.120
Last Modified: 2025-03-19T06:15:15.120
Description: The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in al
Published: 2025-03-19T06:15:15.120
Last Modified: 2025-03-19T06:15:15.120
Description: The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in al
Vulnerability ID: CVE-2025-29783
Published: 2025-03-19T16:15:32.477
Last Modified: 2025-03-19T16:15:32.477
Description: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP
Published: 2025-03-19T16:15:32.477
Last Modified: 2025-03-19T16:15:32.477
Description: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP
March 19, 2025 at 11:00 PM
Vulnerability ID: CVE-2025-29783
Published: 2025-03-19T16:15:32.477
Last Modified: 2025-03-19T16:15:32.477
Description: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP
Published: 2025-03-19T16:15:32.477
Last Modified: 2025-03-19T16:15:32.477
Description: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP
Vulnerability ID: CVE-2025-29137
Published: 2025-03-19T16:15:31.677
Last Modified: 2025-03-19T21:15:41.063
Description: Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.
Base Score: 9.8
Severity: CRIT
Published: 2025-03-19T16:15:31.677
Last Modified: 2025-03-19T21:15:41.063
Description: Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.
Base Score: 9.8
Severity: CRIT
March 19, 2025 at 11:00 PM
Vulnerability ID: CVE-2025-29137
Published: 2025-03-19T16:15:31.677
Last Modified: 2025-03-19T21:15:41.063
Description: Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.
Base Score: 9.8
Severity: CRIT
Published: 2025-03-19T16:15:31.677
Last Modified: 2025-03-19T21:15:41.063
Description: Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.
Base Score: 9.8
Severity: CRIT
Vulnerability ID: CVE-2025-2512
Published: 2025-03-19T12:15:14.463
Last Modified: 2025-03-19T12:15:14.463
Description: The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all version
Published: 2025-03-19T12:15:14.463
Last Modified: 2025-03-19T12:15:14.463
Description: The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all version
March 19, 2025 at 11:00 PM
Vulnerability ID: CVE-2025-2512
Published: 2025-03-19T12:15:14.463
Last Modified: 2025-03-19T12:15:14.463
Description: The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all version
Published: 2025-03-19T12:15:14.463
Last Modified: 2025-03-19T12:15:14.463
Description: The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all version
Vulnerability ID: CVE-2024-13442
Published: 2025-03-19T12:15:13.857
Last Modified: 2025-03-19T12:15:13.857
Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not
Published: 2025-03-19T12:15:13.857
Last Modified: 2025-03-19T12:15:13.857
Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not
March 19, 2025 at 11:00 PM
Vulnerability ID: CVE-2024-13442
Published: 2025-03-19T12:15:13.857
Last Modified: 2025-03-19T12:15:13.857
Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not
Published: 2025-03-19T12:15:13.857
Last Modified: 2025-03-19T12:15:13.857
Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not
Vulnerability ID: CVE-2024-13790
Published: 2025-03-19T09:15:14.250
Last Modified: 2025-03-19T09:15:14.250
Description: The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'templat
Published: 2025-03-19T09:15:14.250
Last Modified: 2025-03-19T09:15:14.250
Description: The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'templat
March 19, 2025 at 11:00 PM
Vulnerability ID: CVE-2024-13790
Published: 2025-03-19T09:15:14.250
Last Modified: 2025-03-19T09:15:14.250
Description: The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'templat
Published: 2025-03-19T09:15:14.250
Last Modified: 2025-03-19T09:15:14.250
Description: The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'templat
Vulnerability ID: CVE-2024-13410
Published: 2025-03-19T07:15:33.233
Last Modified: 2025-03-19T07:15:33.233
Description: The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0,
Published: 2025-03-19T07:15:33.233
Last Modified: 2025-03-19T07:15:33.233
Description: The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0,
March 19, 2025 at 11:00 PM
Vulnerability ID: CVE-2024-13410
Published: 2025-03-19T07:15:33.233
Last Modified: 2025-03-19T07:15:33.233
Description: The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0,
Published: 2025-03-19T07:15:33.233
Last Modified: 2025-03-19T07:15:33.233
Description: The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0,
Vulnerability ID: CVE-2024-12922
Published: 2025-03-19T06:15:15.120
Last Modified: 2025-03-19T06:15:15.120
Description: The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in al
Published: 2025-03-19T06:15:15.120
Last Modified: 2025-03-19T06:15:15.120
Description: The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in al
March 19, 2025 at 11:00 PM
Vulnerability ID: CVE-2024-12922
Published: 2025-03-19T06:15:15.120
Last Modified: 2025-03-19T06:15:15.120
Description: The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in al
Published: 2025-03-19T06:15:15.120
Last Modified: 2025-03-19T06:15:15.120
Description: The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in al
Vulnerability ID: CVE-2024-11131
Published: 2025-03-19T03:15:12.850
Last Modified: 2025-03-19T03:15:12.850
Description: A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models w
Published: 2025-03-19T03:15:12.850
Last Modified: 2025-03-19T03:15:12.850
Description: A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models w
March 19, 2025 at 11:00 PM
Vulnerability ID: CVE-2024-11131
Published: 2025-03-19T03:15:12.850
Last Modified: 2025-03-19T03:15:12.850
Description: A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models w
Published: 2025-03-19T03:15:12.850
Last Modified: 2025-03-19T03:15:12.850
Description: A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models w