A privilege escalation vulnerability has been discovered in WordPress Media Manager for UserPro plugin. The affected versions are Media Manager for UserPro plugin, all versions up to and including 3.11.0.
CVE ID: CVE-2024-12822 (Critical)
A PHP object injection vulnerability has been discovered in the WordPress iControlWP plugin. The affected versions are iControlWP plugin, all versions up to and including 4.4.5.
CVE ID: CVE-2024-13742 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Jinja2 and VLC packages. The affected products are Ubuntu 24.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, and Ubuntu 16.04 ESM.
CVE ID: CVE-2024-56201 (Medium), CVE-2024-56326 (Medium), CVE-2024-46461(High)
Drupal has released a security update to address the Cross Site Request Forgery (CSRF) vulnerability in Matomo Analytics, a third-party library used in it.
Moxa has released security updates to address an out-of-bounds write vulnerability in multiple PT switches that can result in a Denial of Service (DoS) condition.
CVE ID: CVE-2024-7695 (High)
Google has released Chrome 133 133.0.6943.39 for Android, Chrome Stable 133 133.0.6943.33 for iOS, Stable channel 133.0.6943.35 for Windows & Mac, Beta channel 133.0.6943.35 for Windows, Mac & Linux, Chrome Beta 133 133.0.6943.39 for Android and Chrome Beta 133 133.0.6943.34 for iOS.
An elevation of privilege vulnerability has been discovered in Microsoft Account. This vulnerability has been fully mitigated by Microsoft.
CVE ID: CVE-2025-21396 (High)
An elevation of privilege vulnerability has been discovered in Microsoft Azure AI Face Service. This vulnerability has been fully mitigated by Microsoft.
CVE ID: CVE-2025-21415 (Critical)
A segmentation violation vulnerability has been discovered in OpenImageIO. The affected version is OpenImageIO v3.1.0.0dev.
CVE ID: CVE-2024-55193 (Critical)
An out of bounds memory access vulnerability has been discovered in Eclipse Mosquitto. The affected versions are Eclipse Mosquitto from version 1.3.2 through 2.0.18.
CVE ID: CVE-2024-10525 (Critical)
An use of a broken or risky cryptographic algorithm vulnerability has been discovered in B&R's Equipment- Automation Runtime. The affected versions are B&R Automation Runtime: versions prior to 6.1 and B&R mapp View: versions prior to 6.1. The mitigations are available.
CVE ID: CVE-2024-8603 (High)
Multiple vulnerabilities have been discovered in Schneider Electric's Equipment- Power Logic. The affected versions are Schneider Electric Power Logic: v0.62.7 and Schneider Electric Power Logic: v0.62.7 and prior. The mitigations are available.
CVE ID: CVE-2024-10497 (High), CVE-2024-10498 (Medium)
A deserialization of untrusted data vulnerability has been discovered in Schneider Electric's Equipment- Electric RemoteConnect and SCADAPack x70 Utilities. All versions of RemoteConnect and all versions of SCADAPackTM x70 Utilities are affected. The mitigations are available.
CVE ID: CVE-2024-12703 (High)
An arbitrary user password change vulnerability has been discovered in Miniorange OTP Verification with Firebase plugin for WordPress. The affected versions are Miniorange OTP Verification with Firebase plugin up to and including, 3.6.0.
CVE ID: CVE-2024-9862 (Critical)
A CSV injection vulnerability has been discovered in Relevanssi – A Better Search plugin for WordPress. The affected versions are Relevanssi – A Better Search plugin up to and including, 4.22.1.
CVE ID: CVE-2024-3214 (Critical)
Rockwell Automation has released security updates to address multiple vulnerabilities in ICE2 Controller, FactoryTalk View Site Edition, PowerFlex 755, KEPServer, FactoryTalk View Machine Edition, and DataMosaix Private Cloud. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-24478 (Medium), CVE-2025-24481 (High), CVE-2025-24482 (High), CVE-2025-0631 (High), CVE-2023-3825 (High), CVE-2025-24479 (High), CVE-2025-24480 (Critical), CVE-2025-0659 (Medium), CVE-2020-11656 (Critical)
WordPress has released security updates to resolve an arbitrary file upload vulnerability in the ThemeREX Addons plugin. The affected versions are ThemeREX Addons plugin, all versions up to and including 2.32.3.
CVE ID: CVE-2024-13448 (Critical)
A template injection vulnerability has been discovered in Rejetto HTTP File Server. The affected versions are Rejetto HTTP File Server, up to and including version 2.3m.
CVE ID: CVE-2024-23692 (Critical)
An authentication bypass vulnerability has been discovered in Progress Telerik Report Server. The affected versions are Progress Telerik Report Server version 2024 Q1 (10.0.24.305) or earlier.
CVE ID: CVE-2024-4358 (Critical)
A server side template injection vulnerability has been discovered in CrushFTP. All versions of CrushFTP before 10.7.1 & 11.1.0, on all platforms are affected.
CVE ID: CVE-2024-4040 (Critical)
A stack-based buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC18 15.13.07.09.
CVE ID: CVE-2024-2546 (Critical)
An authentication bypass using an alternate path or channel vulnerability has been discovered in ConnectWise ScreenConnect. The affected versions are ConnectWise ScreenConnect 23.9.7 and prior.
CVE ID: CVE-2024-1709 (Critical)
Apple has released security updates to address multiple vulnerabilities in visionOS 2.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, watchOS 11.3, tvOS 18.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. An attacker can exploit these vulnerabilities to take control of an affected device.
Microsoft has released updated Microsoft Edge Stable Channel (Version 132.0.2957.127) to resolve multiple vulnerabilities.
CVE ID: CVE-2025-21262 (Medium), CVE-2025-0611, CVE-2025-0612
A OS Command injection vulnerability has been discovered in Dell RecoverPoint for Virtual Machines. The affected versions are Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1.
CVE ID: CVE-2024-22426 (Critical)
A privilege escalation vulnerability has been discovered in SimpleHelp remote support software. The affected versions are SimpleHelp remote support software v5.5.7 and before.
CVE ID: CVE-2024-57726 (Critical)
An out of bounds read vulnerability has been discovered in onnx. The affected versions are onnx before and including 1.15.0.
CVE ID: CVE-2024-27319 (Critical)
SonicWall has released security updates to address a pre-authentication deserialization of untrusted data vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) that can enable unauthenticated Remote Command Execution (RCE). The affected versions are SonicWall SMA1000 AMC version 12.4.3-02804 (platform-hotfix) & earlier versions, and CMC version 12.4.3-02804 (platform-hotfix) & earlier versions.
CVE ID: CVE-2025-23006 (Critical)
Cisco has released security updates to address the privilege escalation vulnerability in Cisco Meeting Management REST API.
CVE ID: CVE-2025-20156 (Critical)
GitLab has released updated versions 17.8.1, 17.7.3, and 17.6.4 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
CVE ID: CVE-2025-0314 (High), CVE-2024-11931 (Medium), CVE-2024-6324 (Medium)
Google has released Beta channel OS version 16151.13.0 Browser version 133.0.6943.18 for most ChromeOS devices, Chrome 131 132.0.6834.122 for Android, Dev channel OS version 16151.13.0 Browser version 133.0.6943.18 for most ChromeOS devices, Chrome Beta 133 133.0.6943.23 for Android, Chrome Beta 133 133.0.6943.24 for iOS and Stable channel 132.0.6834.110/111 for Windows & Mac & 132.0.6834.110 for Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2025-0611 (High), CVE-2025-0612 (High)
Multiple vulnerabilities have been discovered in Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2025-24397 (Medium), CVE-2025-24398 (High), CVE-2025-24399 (High), CVE-2025-0142 (Medium), CVE-2025-24400 (Medium), CVE-2025-24401 (Medium), CVE-2025-24402 (Medium), CVE-2025-24403 (Medium)
Multiple vulnerabilities have been discovered in Traffic Alert and Collision Avoidance System (TCAS) II's Equipment-Collision Avoidance Systems. The affected versions are TCAS II versions 7.1 and prior. The mitigations are available.
CVE ID: CVE-2024-9310 (Medium), CVE-2024-11166 (High)
Siemens has released security updates to address a Cross Site Request Forgery (CSRF) vulnerability in its equipment- SIMATIC S7-1200 CPUs.
CVE ID: CVE-2024-47100 (High)
An authentication bypass by primary weakness vulnerability has been discovered in ZF's Equipment- RSSPlus. The affected versions are RSSPlus 2M build dates 01/08 through at least 01/23. The mitigations are available.
CVE ID: CVE-2024-12054 (Medium)
A missing release of memory after effective lifetime vulnerability has been discovered in Arista EOS. The affected versions are EOS versions 4.32.2.1F and below releases in the 4.32.x train, 4.31.5F and below releases in the 4.31.x train, 4.30.8F and below releases in the 4.30.x train, and 4.29.9.1F and below releases in the 4.29.x train.
CVE ID: CVE-2024-9135 (Medium)
Node.js has released security updates to address multiple vulnerabilities in its products.
CVE ID: CVE-2025-23083 (High), CVE-2025-23084 (Medium), CVE-2025-23085 (Medium)
Ubuntu has released security updates to address several vulnerabilities in the Linux kernel (OEM) and Vim. The affected products are Ubuntu 24.04 LTS, Ubuntu 24.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS.
CVE ID: CVE-2024-53238 (Medium), CVE-2024-56757 (Medium), CVE-2025-22134 (Medium)
A Remote Code Execution (RCE) vulnerability was discovered in SolarWinds Security Event Manager (SEM). The impact of vulnerability has been scaled up from high to critical. The affected versions are SolarWinds SEM 2023.4 and prior versions. Security updates are available.
CVE ID: CVE-2024-0692 (Critical)
Oracle has released its critical patch update for January 2025 to address 318 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-37371 (Critical), CVE-2023-46604 (Critical), CVE-2024-45492 (Critical), CVE-2024-56337 (Critical), CVE-2024-3596 (Critical), CVE-2024-53677 (Critical), CVE-2024-45492 (Critical), CVE-2025-21535 (Critical), CVE-2024-38475 (Critical), CVE-2024-5535 (Critical), CVE-2016-1000027 (Critical), CVE-2023-29824 (Critical), CVE-2021-23926 (Critical), CVE-2025-21547 (Critical), CVE-2025-21524 (Critical), CVE-2023-3961 (Critical), CVE-2024-11053 (Critical), CVE-2025-21556 (Critical), CVE-2024-23807 (Critical)
An unrestricted file upload vulnerability has been discovered in Avaya IP Office that allow remote command or code execution via the One-X component. All versions of Avaya IP Office prior to 11.1.3.1 are affected.
CVE ID: CVE-2024-4197 (Critical)
An improper input validation vulnerability has been discovered in Avaya IP Office that allow remote command or code execution via a specially crafted web request to the Web Control component. All versions of Avaya IP Office prior to 11.1.3.1 are affected.
CVE ID: CVE-2024-4196 (Critical)
A XML external entity injection vulnerability has been discovered in OpenText iManager that could lead to Remote Code Execution (RCE). The affected version is OpenText iManager 3.2.6.0200.
CVE ID: CVE-2024-3969 (Critical)
A vulnerability has been discovered in Jeewms that allows to escalate privileges via the AuthInterceptor component. The affected versions are Jeewms v.3.7 and before.
CVE ID: CVE-2024-27764 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in RenderTune. The affected version is RenderTune v1.1.4.
CVE ID: CVE-2024-25292 (Critical)
WordPress has released security updates to resolve an authentication bypass vulnerability in the AdForest plugin. The affected versions are AdForest plugin, all versions up to and including 5.1.8.
CVE ID: CVE-2024-12857 (Critical)
WordPress has released security updates to resolve an authenticated arbitrary file upload vulnerability in the WPBot Pro Wordpress Chatbot plugin. The affected versions are WPBot Pro Wordpress Chatbot plugin, all versions up to and including 13.5.4.
CVE ID: CVE-2024-13091 (Critical)
An improper input validation vulnerability has been discovered in IBM Sterling Secure Proxy. The affected versions are IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0 and 6.2.0.0.
CVE ID: CVE-2024-41783 (Critical)
A stored Cross Site Scripting (XSS) vulnerability has been discovered in WP All Import Pro plugin. The affected versions are WP All Import Pro all versions up to and including 4.9.7.
CVE ID: CVE-2024-8722 (Critical)
Microsoft has released updated Microsoft Edge Stable Channel version 132.0.2957.115 to resolve multiple vulnerabilities.
CVE ID: CVE-2025-21399 (High), CVE-2025-21185 (Medium)
An authentication bypass vulnerability has been discovered in the admin web console of Ivanti CSA that allows a remote unauthenticated attacker to gain administrative access. The affected versions are Ivanti CSA before 5.0.3.
CVE ID: CVE-2024-11639 (Critical)
WordPress has released security updates to resolve a privilege escalation vulnerability in the Adifier System plugin. The affected versions are Adifier System plugin, all versions up to and including 3.1.7.
CVE ID: CVE-2024-13375 (Critical)
Moxa has released security updates to address a missing authentication vulnerability in its Ethernet switches that can result in unauthorized access and system compromise.
CVE ID: CVE-2024-9137 (Critical)
An improper authentication vulnerability has been discovered in Progress MOVEit Transfer that can lead to authentication bypass. The affected versions are MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
CVE ID: CVE-2024-5806 (Critical)
A SQL injection vulnerability has been discovered in F-logic DataCube3. The affected versions are F-logic DataCube3 v1.0.
CVE ID: CVE-2024-25833 (Critical)
An use-after-free vulnerability has been discovered in Apache Xerces C++ XML parser. The affected versions are Apache Xerces C++ XML parser versions 3.0.0 before 3.2.5.
CVE ID: CVE-2024-23807 (Critical)
An arbitrary code execution vulnerability has been discovered in WuKongOpenSource WukongCRM. The affected version is WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202.
CVE ID: CVE-2024-23052 (Critical)
A stack based buffer overflow vulnerability has been discovered in Fuji Electric's Equipment- Alpha5 SMART that allows it to execute arbitrary code. The affected versions are Fuji Electric Alpha5 SMART versions 4.5 and prior. The mitigation is available.
CVE ID: CVE-2024-34579 (High)
An improper validation of certificate with host mismatch vulnerability has been discovered in Hitachi Energy's Equipment- FOX61x, FOXCST, FOXMAN-UN that allows to intercept or falsify data exchanges between the client and the server. The affected versions are FOX61x versions prior to R16B, FOXCST versions prior to 16.2.1 and FOXMAN-UN R15A & prior, R15B PC4 & prior, R16A & R16B PC2 & prior. The mitigations are available.
CVE ID: CVE-2024-2462 (Medium)
A relative path traversal vulnerability has been discovered in Hitachi Energy's Equipment- FOX61x Products. The affected versions are Hitachi Energy FOX61x: R15A and prior, Hitachi Energy FOX61x: R15B, Hitachi Energy FOX61x: R16A, and Hitachi Energy FOX61x: R16B Revision E. The mitigations are available.
CVE ID: CVE-2024-2461 (Medium)
Amazon has released security updates to address multiple vulnerabilities in Amazon WorkSpaces, Amazon AppStream, and Amazon DCV.
CVE ID: CVE-2025-0500, CVE-2025-0501
Drupal has released a security update to address a Cross Site Request Forgery (CSRF) vulnerability in the Artificial Intelligence (AI) module, providing a framework for easy integration. The affected versions are AI version above 1.0.0 and below 1.0.2.
Palo Alto Networks has released security updates to resolve a server-side request forgery vulnerability in the Palo Alto Networks PAN-OS.
CVE ID: CVE-2024-5917 (Medium)
Microsoft has released security updates to address critical, high, and medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-21307 (Critical), CVE-2025-21311 (Critical), CVE-2025-21298 (Critical)
Multiple vulnerabilities have been discovered in TIFF and PCX Image Codecs that impact QNX Software Development Platform (SDP) that could cause information disclosure, Denial of Service (DoS) condition or execute code in the context of the process using the image codec. Security updates are available.
CVE ID: CVE-2024-48854 (Medium), CVE-2024-48855 (Medium), CVE-2024-48856 (Critical), CVE-2024-48857 (High), CVE-2024-48858 (High)
A stack based buffer overflow vulnerability has been discovered in Linux Ratfor. The affected versions are Linux Ratfor 1.06 and earlier.
CVE ID: CVE-2024-55577 (High)
Multiple vulnerabilities have been discovered in several Zoom products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-0147 (High), CVE-2025-0146 (Low), CVE-2025-0145 (Medium), CVE-2025-0144 (Low), CVE-2025-0143 (Medium), CVE-2025-0142 (Medium)
Adobe has released security updates to address multiple vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.
WordPress has released security updates to resolve an unauthentication privilege escalation vulnerability in Post Grid and Gutenberg Blocks plugin. The affected versions are Post Grid and Gutenberg Blocks plugin versions 2.2.85 to 2.3.3.
CVE ID: CVE-2024-9636 (Critical)
Microsoft has released security updates to address an elevation of privilege vulnerability in Windows NTLM V1 affecting multiple Windows products .
CVE ID: CVE-2025-21311 (Critical)
Microsoft has released security updates to address a Remote Code Execution (RCE) vulnerability in Windows Reliable Multicast Transport Driver affecting multiple Windows products.
CVE ID: CVE-2025-21307 (Critical)
Microsoft has released security updates to address a Remote Code Execution (RCE) vulnerability in Windows OLE affecting multiple Windows products.
CVE ID: CVE-2025-21298 (Critical)
An authentication bypass vulnerability has been discovered in the Node.js websocket module affecting FortiOS and FortiProxy. The affected versions are FortiOS 7.0.0 through 7.0.16, and FortiProxy 7.2.0 through 7.2.12. The updates are available.
CVE ID: CVE-2024-55591 (Critical)
SAP has released security notes to address several critical, high, medium & low vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2024-3596 (Critical), CVE-2024-45490 (Critical), CVE-2024-33698 (Critical)
NVIDIA has released security updates to address multiple vulnerabilities in NVIDIA Container Toolkit and NVIDIA GPU Operator. The affected versions are NVIDIA Container Toolkit versions up to & including v1.17.0, and NVIDIA GPU Operator versions up to & including 24.9.0.
CVE ID: CVE-2024-0135 (High), CVE-2024-0136 (High), CVE-2024-0137 (Medium)
WordPress has released security updates to resolve an authentication bypass vulnerability in Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin. The affected versions are Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin, all versions up to, and including, 2.13.7.
CVE ID: CVE-2024-12919 (Critical)
WordPress has released security updates to resolve the PHP Object Injection vulnerability in GiveWP – Donation Plugin and Fundraising Platform plugin. The affected versions are GiveWP – Donation Plugin and Fundraising Platform plugin, all versions up to, and including, 3.19.2.
CVE ID: CVE-2024-12877 (Critical)
WordPress has released security updates to resolve the PHP object injection vulnerability in GiveWP – Donation Plugin and Fundraising Platform plugin. The affected versions are GiveWP – Donation Plugin and Fundraising Platform plugin, all versions up to, and including, 3.19.3.
CVE ID: CVE-2025-22777 (Critical)
Multiple vulnerabilities have been discovered in Delta Electronics' Equipment- DRASimuCAD. The affected version is DRASimuCAD 1.02.
CVE ID: CVE-2024-12834 (High), CVE-2024-12835 (High), CVE-2024-12836 (High)
An improper authentication vulnerability has been discovered in Schneider Electric's Equipment- PowerChute Serial Shutdown. The affected versions are PowerChute Serial Shutdown: 1.2.0.301 and prior. The mitigations are available.
CVE ID: CVE-2024-10511 (Medium)
A vulnerability due to use of unmaintained third-party components has been discovered in Schneider Electric's Equipment-Harmony HMI and Pro-face HMI Products. All versions of Harmony HMIST6, Harmony HMISTM6, Harmony HMIG3U, Harmony HMIG3X, Harmony HMISTO7 series with Ecostruxure Operator Terminal Expert runtime, PFXST6000, PFXSTM6000, PFXSP5000, and PFXGP4100 series with Pro-face BLUE runtime are affected. The mitigations are available.
CVE ID: CVE-2024-11999 (High)
Mozilla has released security updates to address multiple vulnerabilities in Firefox for iOS 134. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-23108 (Medium), CVE-2025-23109 (Medium)
WordPress has released security updates to resolve an arbitrary user password change vulnerability in WPBookit plugin. The affected versions are WPBookit plugin, all versions up to, and including, 1.6.4.
CVE ID: CVE-2024-10215 (Critical)
An arbitrary user password change vulnerability has been discovered in WordPress Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin. The affected versions are Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin, all versions up to, and including, 3.4.12.
CVE ID: CVE-2024-11642 (Critical)
Ivanti has released security updates to address multiple vulnerabilities in Ivanti Connect Secure, Policy Secure and ZTA Gateways. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-0282 (Critical), CVE-2025-0283 (High)
Palo Alto Networks has released security updates to address multiple vulnerabilities in the Expedition migration tool that enables to read Expedition database contents and arbitrary files, as well as create and delete arbitrary files on the Expedition system. Expedition has reached its End of Life (EoL) date.
CVE ID: CVE-2025-0103 (Critical), CVE-2025-0104 (High), CVE-2025-0105 (Medium), CVE-2025-0106 (Medium), CVE-2025-0107 (Medium)
Cisco has released security updates to address a vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS.
CVE ID: CVE-2025-20126 (Medium)
A Remote Code Execution (RCE) vulnerability has been discovered in Aviatrix Controller. All supported versions of Aviatrix Controller prior to 7.2.4996 or 7.1.4191 are affected. The updates are avaiable.
CVE ID: CVE-2024-50603 (Critical)
Joomla has released security updates to resolve multiple vulnerabilities in Joomla CMS.
CVE ID: CVE-2024-40749 (Medium), CVE-2024-40748 (Medium), CVE-2024-40747 (Medium)
Missing authentication for critical function vulnerability has been discovered in Nedap Librix's Equipment- Ecoreader that can result in Remote Code Execution (RCE). All versions of Ecoreader are affected.
CVE ID: CVE-2024-12757 (High)
WordPress has released security updates to resolve a Remote Code Execution (RCE) vulnerability in File Upload plugin. The affected versions are File Upload plugin, all versions up to, and including, 4.24.12.
CVE ID: CVE-2024-11635 (Critical)
WordPress has released security updates to resolve a Remote Code Execution (RCE) , arbitrary file read, and arbitrary file deletion vulnerabilities in File Upload plugin. The affected versions are File Upload plugin, all versions up to, and including, 4.24.15.
CVE ID: CVE-2024-11613 (Critical)
A local file inclusion vulnerability has been discovered in WordPress FAT Event Lite plugin. The affected versions are FAT Event Lite plugin, all versions up to, and including, 1.1.
CVE ID: CVE-2025-22508 (Critical)
An arbitrary file uploads due to missing file type validation vulnerability has been discovered in WordPress 4ECPS Web Forms plugin. The affected versions are 4ECPS Web Forms plugin, all versions up to, and including, 0.2.18.
CVE ID: CVE-2025-22504 (Critical)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2025-01-05 or later, address all of these issues.
CVE ID: CVE-2024-20154 (Critical), CVE-2024-43096 (Critical), CVE-2024-43770 (Critical), CVE-2024-43771 (Critical), CVE-2024-49747 (Critical), CVE-2024-49748 (Critical)
A privilege escalation vulnerability has been discovered in Wordpress School Management System – SakolaWP plugin. The affected versions are School Management System – SakolaWP plugin, all versions up to, and including, 1.0.8.
CVE ID: CVE-2024-12470 (Critical)
A privilege escalation vulnerability has been discovered in Wordpress PayU CommercePro Plugin. The affected versions are PayU CommercePro Plugin, all versions up to, and including, 3.8.3.
CVE ID: CVE-2024-12264 (Critical)
A file overwrite vulnerability has been discovered in WordPress SEO LAT Auto Post plugin. The affected versions are SEO LAT Auto Post plugin, all versions up to, and including, 2.2.1.
CVE ID: CVE-2024-12252 (Critical)
Moxa has released security updates to address privilege escalation and OS command injection vulnerabilities in its cellular routers, secure routers, and network security appliances.
CVE ID: CVE-2024-9140 (Critical), CVE-2024-9138 (High)
