Medium - CVE-2025-0806 - A vulnerability was found in code-projects Job...
A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as problematic. This issue affects some unknown processing of the file _call_job_search_ajax.php. The manipulation...
Medium - CVE-2025-0804 - The ClickWhale – Link Manager, Link Shortener...
The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up...
NA - CVE-2024-12749 - The Competition Form WordPress plugin through...
The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used...
High - CVE-2024-13696 - The Flexible Wishlist for WooCommerce –...
The Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wishlist_name’ parameter in all versions up...
NA - CVE-2024-7695 - Multiple switches are affected by an...
Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds...
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some...
NA - CVE-2021-3978 - When copying files with rsync, octorpki uses...
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root (...
NA - CVE-2025-0617 - An attacker with access to an HX 10.0.0 and...
An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential...
NA - CVE-2025-0762 - Use after free in DevTools in Google Chrome...
Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity:...
Medium - CVE-2024-13561 - The Target Video Easy Publish plugin for...
The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's brid_override_yt shortcode in all versions up to, and including, 3.8.3 due to...