A SQL injection vulnerability has been discovered in the PHPGurukul Student Record System. The affected version is PHPGurukul Student Record System 3.2.
CVE ID: CVE-2025-1902 (Critical)
An arbitrary shortcode execution vulnerability has been discovered in the WordPress Show Me The Cookies plugin. The affected versions are the Show Me The Cookies plugin, all versions up to and including, 1.0.
CVE ID: CVE-2025-1509 (Critical)
A stack-based buffer overflow vulnerability has been discovered in Tenda. The affected versions are Tenda A18 up to 15.13.07.09.
CVE ID: CVE-2025-0848 (Critical)
Ubuntu has released security updates to address multiple vulnerabilities in the Linux kernel and Firefox. The affected products are Ubuntu 24.10 and Ubuntu 20.04 LTS.
CVE ID: CVE-2024-56672(High), CVE-2024-56658(Medium), CVE-2025-0927, CVE-2025-1933, CVE-2025-1934, CVE-2025-1935, CVE-2025-1936, CVE-2025-1937, CVE-2025-1942, CVE-2025-1931, CVE-2025-1932
Drupal has released security updates to address an access bypass vulnerability in Two-factor Authentication (TFA), a third-party library used in it. The affected versions are Two-factor Authentication prior to 1.10.0.
Drupal has released security updates to address a PHP Object Injection vulnerability in Artificial Intelligence (AI), a third-party library used in it. The affected versions are AI prior to 1.0.5.
Drupal has released security updates to address a Remote Code Execution (RCE) vulnerability in Artificial Intelligence (AI) , a third-party library used in it. The affected versions are AI prior to 1.0.5.
A SQL injection vulnerability has been discovered in Merkur Software B2B Login Panel. The affected versions are Merkur Software B2B Login Panel before 15.01.2025.
CVE ID: CVE-2024-13147 (Critical)
It has been discovered that picklescan only considers standard pickle file extensions and not non-standard file extensions in the scope for its vulnerability scan. The affected version is picklescan before 0.0.22.
CVE ID: CVE-2025-1889 (Critical)
An authentication bypass vulnerability has been discovered in OctoPrint. The affected versions are OctoPrint up until and including 1.10.0.
CVE ID: CVE-2024-32977 (Critical)
An uncontrolled search path element vulnerability has been discovered in Carrier's Equipment-Block Load. The affected versions are Carrier Block Load version 4.00 and version v4.10 to 4.16. Security updates are available.
CVE ID: CVE-2024-10930 (High)
Multiple vulnerabilities have been discovered in Keysight's Equipment- Ixia Vision Product Family. The affected version is Ixia Vision Product Family version 6.3.1. Security updates are available.
CVE ID: CVE-2025-24494 (High), CVE-2025-24521 (Medium), CVE-2025-21095 (Medium), CVE-2025-23416 (Medium)
An uncontrolled search path element vulnerability has been discovered in Hitachi Energy's Equipment-MACH PS700 that allows to escalate privileges and gain control over the software. The affected version is MACH PS700 version v2. The mitigations are available.
CVE ID: CVE-2023-28388 (Medium)
A relative path traversal vulnerability has been discovered in Hitachi Energy's Equipment- XMC20 that allows to access files or directories outside the authorized scope. The affected versions are XMC20 R15A and prior including all subversions, XMC20 R15B, XMC20: R16A, XMC20 R16B Revision C (cent2_r16b04_02, co5ne_r16b04_02) and older including all subversions. The mitigations are available.
CVE ID: CVE-2024-2461 (Medium)
An improper validation of certificate with host mismatch vulnerability has been discovered in Hitachi Energy's Equipment- XMC20, ECST, UNEM that allows to intercept or falsify data exchanges between the client and the server. The mitigations are available.
CVE ID: CVE-2024-2462 (Medium)
A heap-based buffer overflow vulnerability has been discovered in Delta Electronics' Equipment- CNCSoft-G2 that allows to execute code remotely. The affected versions are CNCSoft-G2 versions V2.1.0.10 and prior. The mitigations are available.
CVE ID: CVE-2025-22881 (High)
Multiple vulnerabilities have been discovered in GMOD- Apollo that allow to escalate privileges, bypass authentication, upload malicious files, or disclose sensitive information. All versions of GMOD Apollo prior to 2.8.0 are affected. The mitigation is available.
CVE ID: CVE-2025-21092 (Medium), CVE-2025-23410 (Critical), CVE-2025-24924 (Critical), CVE-2025-20002 (Medium)
An OS command injection vulnerability has been discovered in Edimax's Equipment- IC-7100 IP Camera that allows to send specially crafted requests to achieve Remote Code Execution (RCE) on the device. All versions of Edimax IC-7100 IP Camera are affected.
CVE ID: CVE-2025-1316 (Critical)
A vulnerability has been discovered in the administrative web interface of mySCADA myPRO Manager that allows to retrieve sensitive information and upload files without the associated password.
CVE ID: CVE-2025-24865 (Critical)
An unrestricted upload vulnerability has been discovered in CampCodes Computer Laboratory Management System. The affected system is CampCodes Computer Laboratory Management System 1.0.
CVE ID: CVE-2025-0341 (Critical)
A SQL injection vulnerability has been discovered in IBM. The affected versions are IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1. Security Update is available.
CVE ID: CVE-2024-52360 (Critical)
A Server Side Request Forgery (SSRF) vulnerability has been discovered in the langchain_community. The affected version is langchain_community 0.0.26.
CVE ID: CVE-2024-2057 (Critical)
A privilege escalation vulnerability has been discovered in the WordPress Homey theme. The affected versions are Homey theme, all versions up to and including, 2.4.2.
CVE ID: CVE-2024-12281 (Critical)
A privilege escalation vulnerability has been discovered in WordPress Homey Login Register plugin. The affected versions are Homey Login Register plugin, all versions up to, and including, 2.4.0.
CVE ID: CVE-2024-11951 (Critical)
A PHP object injection vulnerability has been discovered in VEDA - MultiPurpose WordPress Theme. The affected versions are VEDA - MultiPurpose WordPress Theme, all versions up to, and including, 4.2.
CVE ID: CVE-2024-13787 (Critical)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2025-03-05 or later, address all of these issues.
CVE ID: CVE-2025-0074 (Critical), CVE-2025-0075 (Critical), CVE-2025-0084 (Critical), CVE-2025-22403 (Critical), CVE-2025-22408 (Critical), CVE-2025-22410 (Critical), CVE-2025-22411 (Critical), CVE-2025-22412 (Critical), CVE-2025-22409 (Critical), CVE-2025-0081 (Critical)
A SQL injection vulnerability has been discovered in code-projects Simple Task List. The affected version is code-projects Simple Task List 1.0.
CVE ID: CVE-2024-6653 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Progress WhatsUp Gold. The affected versions are WhatsUp Gold versions released before 2023.1.3.
CVE ID: CVE-2024-4885 (Critical)
WordPress has released security updates to resolve an arbitrary file upload vulnerability in the Newscrunch theme. The affected versions are Newscrunch theme, all versions up to and including 1.8.4.1.
CVE ID: CVE-2025-1307 (Critical)
Ubuntu has released security updates to address Denial of Service (DoS) or execute arbitrary code vulnerability in openNDS. The affected products are Ubuntu 24.10 and Ubuntu 20.04 LTS.
CVE ID: CVE-2024-25763 (Medium)
WordPress has released security updates to resolve an authentication bypass vulnerability in SetSail Membership plugin. The affected versions are SetSail Membership plugin, all versions up to, and including, 1.0.3.
CVE ID: CVE-2025-1564 (Critical)
WordPress has released security updates to resolve a privilege escalation vulnerability in Nokri – Job Board WordPress Theme. The affected versions are Nokri – Job Board WordPress Theme, all versions up to, and including, 1.6.2.
CVE ID: CVE-2024-12824 (Critical)
WordPress has released security updates to resolve privilege escalation vulnerability in Academist Membership plugin.The affected versions are Academist Membership plugin for WordPress all versions up to, and including, 1.1.6.
CVE ID: CVE-2025-1671 (Critical)
Authentication bypass vulnerability has been discovered in Alloggio Membership plugin for WordPress. The affected versions are Alloggio Membership plugin for WordPress all versions up to, and including, 1.0.2.
CVE ID: CVE-2025-1638 (Critical)
A SQL injection vulnerability has been discovered in the WeGIA application that allows to access sensitive information.
CVE ID: CVE-2025-27096 (Critical)
Multiple vulnerabilities have been discovered in Dario Health's Equipment- USB-C Blood Glucose Monitoring System Starter Kit Android Application, Application Database and Internet-based Server Infrastructure. The affected versions are USB-C Blood Glucose Monitoring System Starter Kit Android Applications: versions 5.8.7.0.36 and prior, and Dario Application Database and Internet-based Server Infrastructure: All versions. The mitigation is avalable.
CVE ID: CVE-2025-20060 (High), CVE-2025-23405 (Medium), CVE-2025-24843 (Medium), CVE-2025-24849 (High), CVE-2025-20049 (Medium), CVE-2025-24318 (Medium), CVE-2025-24316 (Medium)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel and Git. The affected products are Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 ESM.
SQL injection vulnerability has been discovered in Yukseloglu Filter B2B Login Platform. The affected versions are B2B Login Platform: before 16.01.2025.
CVE ID: CVE-2024-13148 (Critical)
Out-of-bounds Write vulnerability has been discovered in Schneider Electric's Equipment- Communication modules for Modicon M580 and Quantum controllers that allow a stack overflow attack, which could result in loss of confidentiality, integrity, and denial of service of the device. The mitigations are available.
CVE ID: CVE-2021-29999 (Critical)
Arbitrary file upload vulnerability has been discovered in WooCommerce Ultimate Gift Card plugin for WordPress. The affected versions are WooCommerce Ultimate Gift Card plugin for WordPress all versions up to, and including, 2.6.0.
CVE ID: CVE-2024-8425 (Critical)
WordPress has released security updates to resolve a local file inclusion vulnerability in the WHMpress - WHMCS WordPress Integration Plugin. The affected versions are WHMpress - WHMCS WordPress Integration Plugin, all versions up to and including 6.3-revision-0.
CVE ID: CVE-2024-9193 (Critical)
WordPress has released security updates to resolve a privilege escalation vulnerability in the DHVC Form plugin. The affected versions are DHVC Form plugin, all versions up to and including 2.4.7.
CVE ID: CVE-2024-8420 (Critical)
Drupal has released security updates to address an access bypass vulnerability in OAuth2 Server, a third-party library used in it. The affected versions are OAuth2 Server prior to 2.1.0.
Drupal has released security updates to address a cross site request forgery vulnerability in General Data Protection Regulation, a third-party library used in it.
Ubuntu has released security updates to address several vulnerabilities in Linux kernel, Libxmltok, and GNU binutils. The affected products are Ubuntu 24.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 ESM.
Cisco has released security updates to address the privilege escalation vulnerability in Cisco Application Policy Infrastructure Controller (APIC), and Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches.
CVE ID: CVE-2025-20111 (High), CVE-2025-20161 (Medium), CVE-2025-20116 (Medium), CVE-2025-20117 (Medium), CVE-2025-20118 (Medium), CVE-2025-20119 (Medium)
Google has released Beta channel OS version 16181.24.0 (Browser version 134.0.6998.31) for most ChromeOS devices, Chrome Beta 134 (134.0.6998.34) for iOS, LTS 126.0.6478.265 (Platform Version: 15886.90.0) for most ChromeOS devices, Stable channel 134.0.6998.35 for Windows, Beta channel 134.0.6998.35 for Windows and Linux, Chrome Stable 134 (134.0.6998.33) for iOS, Chrome Beta 134 (134.0.6998.39) for Android.
CVE ID: CVE-2025-0611 (High)
GitLab has released updated versions 17.9.1, 17.8.4, and 17.7.6 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
CVE ID: CVE-2025-0475 (High), CVE-2025-0555 (High), CVE-2024-8186 (Medium), CVE-2024-10925 (Medium), CVE-2025-0307 (Medium)
SQL injection vulnerability has been discovered in Fanli2012 native-php-cms. The affected version is Fanli2012 native-php-cms 1.0.
CVE ID: CVE-2025-0491 (Critical)
SQL injection vulnerability has been discovered in code-projects Admission Management System. The affected version is code-projects Admission Management System 1.0.
CVE ID: CVE-2025-0347 (Critical)
SQL injection vulnerability has been discovered in CodeAstro Ecommerce Site. The affected version is CodeAstro Ecommerce Site 1.0.
CVE ID: CVE-2024-2351 (Critical)
A vulnerability has been discovered in CasaOS-UserService that leads to having full access to the server. The affected versions are CasaOS-UserService version 0.4.4.3 and prior to version 0.4.7.
CVE ID: CVE-2024-24767 (Critical)
Single hardcoded key vulnerability has been discovered in Yealink Configuration Encrypt Tool. The affected versions are Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2.
CVE ID: CVE-2024-24681 (Critical)
SQL injection vulnerability has been discovered in Sitepact. The affected versions are Sitepact: from n/a through 1.0.5.
CVE ID: CVE-2024-25928 (Critical)
An unrestricted upload vulneability has been discovered in needyamin Library Card System. The affected version is needyamin Library Card System 1.0.
CVE ID: CVE-2025-1355 (Critical)
Arbitrary shortcode execution vulnerability has been discovered in Avada | Website Builder For WordPress & WooCommerce theme for WordPress. The affected versions are Avada | Website Builder For WordPress & WooCommerce theme for WordPress all versions up to, and including, 7.11.13.
CVE ID: CVE-2024-13346 (Critical)
Arbitrary shortcode execution vulnerability has been discovered in Avada Builder plugin for WordPress. The affected versions are Avada Builder plugin for WordPress all versions up to, and including, 3.11.13.
CVE ID: CVE-2024-13345 (Critical)
Local File Inclusion vulnerability has been discovered in Campress theme for WordPress. The affected versions are Campress theme for WordPress all versions up to, and including, 1.35.
CVE ID: CVE-2024-10763 (Critical)
Escalate of privilege vulnerability has been discovered in Alex Tselegidis EasyAppointments. The affected version is Alex Tselegidis EasyAppointments v.1.5.0.
CVE ID: CVE-2024-57602 (Critical)
Stack-based buffer overflow vulnerability has been discovered in D-Link. The affected version is D-Link DIR-853 A1 FW1.20B07.
CVE ID: CVE-2025-25746 (Critical)
A vulnerability has been discovered in the postjournal service in Zimbra Collaboration that allows unauthenticated users to execute commands. The affected versions are Zimbra Collaboration before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1.
CVE ID: CVE-2024-45519 (Critical)
Arbitrary shortcode execution vulnerability has been discovered in PressMart - Modern Elementor WooCommerce WordPress Theme. The affected versions are PressMart - Modern Elementor WooCommerce WordPress Theme all versions up to, and including, 1.2.16.
CVE ID: CVE-2024-13797 (Critical)
An improper limitation of a target path vulnerability has been discovered in Progress Telerik. The affected versions are Progress Telerik UI for WinForms, versions prior to 2025 Q1 (2025.1.211).
CVE ID: CVE-2025-0332 (Critical)
Ubuntu has released security updates to address several vulnerabilities in tomcat and Apache Solr. The affected products are Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
CVE ID: CVE-2019-0193 (High), CVE-2017-12616 (High), CVE-2017-12617 (High)
An unauthorized access vulnerability has been discovered in DataEase. The affected versions are DataEase prior to 2.10.4.
CVE ID: CVE-2024-56511 (Critical)
A Server Side Template Injection (SSTI) vulnerability has been discovered in Peering Manager, a BGP session management tool. The affected versions are Peering Manager 1.8.2 and prior.
CVE ID: CVE-2024-28114 (Critical)
The use of hard-coded credentials vulnerability has been discovered in ABB's Equipment- ASPECT-Enterprise, NEXUS and MATRIX series, which allow obtaining access to devices without proper authentication. The affected versions are ABB ASPECT-Enterprise ASP-ENT-x versions 3.08.03 and prior, ABB NEXUS Series NEX-2x versions 3.08.03 and prior, ABB NEXUS Series versions 3.08.03 and prior and ABB MATRIX Series MAT-x versions 3.08.03 and prior. The mitigations are available.
CVE ID: CVE-2024-51547 (Critical)
ABB has released a security update to resolve multiple vulnerabilities in FLXEON Controllers. The affected versions are FLXEON Controllers FBXi version 9.3.4 and prior, FLXEON Controllers FBVi version 9.3.4 and prior, FLXEON Controllers FBTi version 9.3.4 and prior, and FLXEON Controllers CBXi version 9.3.4 and prior. The mitigations are available.
CVE ID: CVE-2024-48841 (Critical), CVE-2024-48849 (Critical), CVE-2024-48852 (Critical)
Elseta has released security updates to resolve an OS command injection vulnerability in Vinci Protocol Analyzer. The affected versions are Elseta Vinci Protocol Analyzer versions prior to 3.2.3.19.
CVE ID: CVE-2025-1265 (Critical)
A deserialization vulnerability has been discovered in dayrui XunRuiCMS. The affected version is dayrui XunRuiCMS 4.6.3.
CVE ID: CVE-2025-1177 (Medium)
An authorization bypass vulnerability has been discovered in Rapid Response Monitoring's Equipment-My Security Account App. The affected versions are My Security Account App API versions prior to 7/29/24.
CVE ID: CVE-2025-0352 (High)
An improper certificate validation vulnerability has been discovered in Medixant's Equipment- RadiAnt DICOM Viewer. The affected versions are Medixant RadiAnt DICOM Viewer version 2024.02. The mitigations are available.
CVE ID: CVE-2025-1001 (Medium)
Microsoft has released updated Microsoft Edge Extended Stable Channel version 132.0.2957.171 to resolve multiple vulnerabilities.
CVE ID: CVE-2025-21279 (Medium), CVE-2025-21283 (Medium), CVE-2025-21408 (High), CVE-2025-21342 (High)
Moxa has released security updates to address Denial of Service (DoS) vulnerability in its multiple PT switches. The affected versions are PT-7728 Series Firmware version 3.9 and earlier, PT-7828 Series Firmware version 4.0 and earlier, PT-G503 Series Firmware version 5.3 and earlier and PT-G510 Series Firmware version 6.5 and earlier.
CVE ID: CVE-2024-9404 (High)
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint advisory to disseminate known Ghost (Cring) ransomware IOCs and TTPs.
Cisco has released security updates to address a multiple vulnerabilities in Cisco Secure Email Gateway, Cisco BroadWorks Application Delivery Platform, and Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series.
CVE ID: CVE-2025-20158 (Medium), CVE-2025-20153 (Medium), CVE-2025-20211 (Medium)
Remote code execution vulnerability has been discovered in Microsoft Bing. This vulnerability has been fully mitigated by Microsoft.
CVE ID: CVE-2025-21355 (High)
Elevation of privilege vulnerability has been discovered in Microsoft Power Pages. This vulnerability has been fully mitigated by Microsoft.
CVE ID: CVE-2025-24989 (High)
Google has released Chrome Beta 134 (134.0.6998.24) for Android, Beta channel 134.0.6998.23 for Windows, Mac and Linux, Beta channel OS version 16181.17.0 (Browser version 134.0.6998.21) for most ChromeOS devices, and Chrome Beta 134 (134.0.6998.22) for iOS.
PHP Object Injection vulnerability has been discovered in ravpage plugin for WordPress. The affected versions are ravpage plugin all versions up to and including 2.31.
CVE ID: CVE-2024-13789 (Critical)
Stack-based buffer overflow vulnerability has been discovered in D-Link. The affected version is D-Link DIR-853 A1 FW1.20B07.
CVE ID: CVE-2025-25744 (Critical)
Stack-based buffer overflow vulnerability has been discovered in D-Link. The affected version is D-Link DIR-853 A1 FW1.20B07.
CVE ID: CVE-2025-25742 (Critical)
Mozilla has released security update to address a memory safety bugs vulnerability in Firefox 135.0.1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-1414 (High)
Google has released Chrome 133 133.0.6943.121 for Android, Extended Stable channel 132.0.6834.209 for Windows & Mac, Chrome Stable 133 133.0.6943.120 for iOS, Stable Channel for ChromeOS / ChromeOS Flex - M132 version 16093.92.0 with Chrome Browser version 132.0.6834.208 and Stable channel 133.0.6943.126/.127 for Windows& Mac & 133.0.6943.126 for Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2025-0999 (High), CVE-2025-1426 (High), CVE-2025-1006 (Medium)
A Cross Site Scripting (XSS) vulnerability has been discovered in the Teamwire Windows desktop client. The affected versions are Teamwire Windows desktop client v.2.0.1 through v.2.4.0.
CVE ID: CVE-2024-24276 (Critical)
WordPress has released security updates to resolve a privilege escalation vulnerability in the CarSpot Dealership Wordpress Classified Theme. The affected versions are CarSpot Dealership Wordpress Classified Theme, all versions up to and including 2.4.3.
CVE ID: CVE-2024-12860 (Critical)
A local file inclusion vulnerability has been discovered in Keap Official Opt-in Forms plugin for WordPress. The affected versions are Keap Official Opt-in Forms plugin all versions up to and including 2.0.1.
CVE ID: CVE-2024-13725 (Critical)
Siemens has released security updates to address a directory traversal vulnerability in the third-party component DotNetZip, used in SiPass integrated. The affected products are SiPass integrated V2.90 & SiPass integrated V2.95.
CVE ID: CVE-2024-48510 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Intel Microcode. The affected products are Ubuntu 24.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM and Ubuntu 16.04 ESM.
CVE ID: CVE-2024-31068 (Medium), CVE-2024-36293 (Medium), CVE-2024-39279 (Medium)
An improper authentication vulnerability has been discovered in Orca HCM by LEARNING DIGITAL. The affected products are Orca HCM before version 11.0.
CVE ID: CVE-2025-1387 (Critical)
A sensitiveiInformation exposure vulnerability has been discovered in Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress The affected versions are all versions of Oliver POS Plugin up to and including, 2.4.2.3. Security updates are available.
CVE ID: CVE-2024-13513 (Critical)
WordPress has released security updates to resolve a PHP Object injection vulnerability in the s2Member Pro Plugin for WordPress. The affected versions are all versions of s2Member Pro Plugin up to, and including, 241216.
CVE ID: CVE-2024-12562 (Critical)
WordPress has released security updates to resolve a PHP object injection vulnerability in the s2Member Pro Plugin. The affected versions are s2Member Pro Plugin, all versions up to and including 241216.
CVE ID: CVE-2024-12562 (Critical)
Microsoft has released updated Microsoft Edge Stable Channel version 133.0.3065.69 to resolve a security feature bypass vulnerability.
CVE ID: CVE-2025-21401 (Medium)
WordPress has released security updates to resolve a sensitive information exposure vulnerability in the Oliver POS – A WooCommerce Point of Sale (POS) Plugin. The affected versions are Oliver POS – A WooCommerce Point of Sale Plugin, all versions up to and including 2.4.2.3.
CVE ID: CVE-2024-13513 (Critical)
IBM has released a security update to resolve an incomplete fix for Denial of Service (DoS) vulnerability (CVE-2024-45296) in IBM Support for Hyperledger Fabric. All versions up to and including 1.0.9-20241210 are affected.
CVE ID: CVE-2024-52798 (High)
An authentication bypass vulnerability has been discovered in the WP Directorybox Manager plugin for WordPress. The affected versions are all versions of WP Directorybox Manager plugin up to, and including, 2.5.
CVE ID: CVE-2024-13182 (Critical)
PostgreSQL has released security updates to resolve SQL injection vulnerability in PostgreSQL libpq functions. The affected versions are PostgreSQL versions before 17.3, 16.7, 15.11, 14.16, and 13.19.
CVE ID: CVE-2025-1094 (High)
The arbitrary file execution vulnerability has been discovered in the Campress theme for WordPress. The affected versions are the Campress theme, all versions up to, and including, 1.35.
CVE ID: CVE-2024-10763 (Critical)
A path traversal vulnerability has been discovered in Apache OFBiz. The affected versions are Apache OFBiz: before 18.12.13. Security updates are available.
CVE ID: CVE-2024-32113 (Critical)
A deserialization of untrusted data vulnerability has been discovered in Apache InLong. The affected versions are Apache InLong from 1.7.0 through 1.11.0. Security updates are available.
CVE ID: CVE-2024-26579 (Critical)
A Remote Command Execution (RCE) vulnerability has been discovered in Apache HugeGraph-Server. The affected versions are Apache HugeGraph-Server from 1.0.0 before 1.3.0 in Java8 & Java11. Security updates are available.
CVE ID: CVE-2024-27348 (Critical)
A SQL injection vulnerability has been discovered in Apache Fineract. The affected versions are Apache Fineract prior to 1.8.5. Security updates are available.
CVE ID: CVE-2024-23539 (Critical)
A heap buffer overflow vulnerability has been discovered in Eclipse ThreadX NetX Duo. The affected versions are Eclipse ThreadX NetX Duo before 6.4.0.
CVE ID: CVE-2024-2452 (Critical)
Multiple vulnerabilities have been discovered in ORing's Equipment- IAP-20. The affected versions are ORing IAP-420: versions 2.01e and prior.
CVE ID: CVE-2024-5410 (Critical), CVE-2024-5411 (Critical)
Multiple vulnerabilities have been discovered in mySCADA's equipment- myPRO Manager. The affected versions are myPRO Manager versions prior to 1.4. Security update and mitigation are available.
CVE ID: CVE-2025-25067 (Critical), CVE-2025-24865 (Critical), CVE-2025-22896 (High), CVE-2025-23411 (Medium)
An authentication bypass vulnerability has been discovered in Dingtian's Equipment- DT-R0 Series. The affected versions are Dingtian DT-R002 version V3.1.3044A, DT-R008 version V3.1.1759A, DT-R016 version V3.1.2776A and DT-R032 version V3.1.3826A.
CVE ID: CVE-2025-1283 (Critical)
Multiple vulnerabilities have been discovered in Qardio's Equipment-Heart Health IOS application, Heart Health Android Application & QardioARM A100. The affected versions are Qardio Heart Health IOS Mobile Application version 2.7.4, Qardio Heart Health Android Mobile Application version 2.5.1 and all versions of QardioARM A100.
CVE ID: CVE-2025-20615 (Medium), CVE-2025-24836 (High), CVE-2025-23421 (Medium)
Palo Alto Networks has released security updates to resolve a vulnerability in Cortex XDR Broker VM that allows unauthorized access to Docker containers from the host network used by Broker VM. The affected versions are Cortex XDR Broker VM prior to 26.0.116.
CVE ID: CVE-2025-0113 (Medium)
A privilege escalation vulnerability has been discovered in the WP Job Board Pro plugin for WordPress. The affected versions are WP Job Board Pro plugin, all versions up to, and including, 1.2.76.
CVE ID: CVE-2024-12213 (Critical)
A SQL injection vulnerability has been discovered in the LTL Freight Quotes Unishippers Edition plugin for WordPress. The affected versions are LTL Freight Quotes Unishippers Edition plugin, all versions up to and including 2.5.8.
CVE ID: CVE-2024-13477 (Critical)
A privilege escalation vulnerability has been discovered in the WP Job Board Pro plugin for WordPress. The affected versions are WP Job Board Pro plugin, all versions up to and including 1.2.76.
CVE ID: CVE-2024-12213 (Critical)
An arbitrary file upload vulnerability has been discovered in the Brizy – Page Builder plugin for WordPress. The affected versions are Brizy – Page Builder plugin, all versions up to, and including, 2.6.4.
CVE ID: CVE-2024-10960 (Critical)
Google has released Chrome Beta 134 134.0.6998.12 for iOS, Chrome Beta 134 134.0.6998.13 for Android, Chrome 133 133.0.6943.89 for Android, Extended Stable channel to 132.0.6834.207 for Windows & Mac, Beta channel to 134.0.6998.15 for Windows, Mac & Linux and Stable channel to 133.0.6943.98/.99 for Windows & Mac & 133.0.6943.98 for Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2025-0995 (High), CVE-2025-0996 (High), CVE-2025-0997 (High), CVE-2025-0998 (High)
Juniper Networks has released security updates to address an authentication bypass using an alternate path or channel vulnerability in Juniper Networks Session Smart Router.
CVE ID: CVE-2025-21589 (Critical)
NVIDIA has released security updates to address a Time-of-Check Time-of-Use (TOCTOU) vulnerability in NVIDIA Container Toolkit and NVIDIA GPU Operator. The affected versions are NVIDIA Container Toolkit, all versions up to and including 1.17.3, and NVIDIA GPU Operator, all versions up to and including 24.9.1.
CVE ID: CVE-2025-23359 (High)
Microsoft has released security updates to resolve the Remote Code Execution (RCE) vulnerability in the High Performance Compute (HPC) Pack. The affected products are Microsoft HPC Pack 2016 & Microsoft HPC Pack 2019.
CVE ID: CVE-2025-21198 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-24434 (Critical)
WordPress has released security updates to resolve privilege escalation vulnerability in the Real Estate 7 WordPress theme Plugin. The affected versions are Real Estate 7 WordPress theme Plugin, all versions up to and including 3.5.1.
CVE ID: CVE-2024-13421 (Critical)
A privilege escalation vulnerability has been discovered in WP Foodbakery plugin for WordPress. The affected versions are WP Foodbakery plugin all versions up to and including 4.7.
CVE ID: CVE-2025-0181(Critical)
A privilege escalation vulnerability has been discovered in WP Foodbakery plugin for WordPress. The affected versions are WP Foodbakery plugin all versions up to and including 3.3.
CVE ID: CVE-2025-0180(Critical)
Microsoft has released security updates to address critical, high, and medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-21198 (Critical)
A missing authorization vulnerability has been discovered in WC Product Table WooCommerce Product Table Lite. The affected versions are WooCommerce Product Table Lite from n/a through 3.8.7.
CVE ID: CVE-2025-24596 (Critical)
A vulnerability due to a hard-coded RSA private key embedded within the device firmware has been discovered in the TP-Link Tapo C500 Wi-Fi camera. The affected versions are TP-Link Tapo C500 V1 and V2.
CVE ID: CVE-2025-1099 (Critical)
Apple has released security updates to address an authorization vulnerability in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2025-24200
A missing authorization vulnerability has been discovered in the Zaytech Smart Online Order for Clover. The affected versions are Smart Online Order for Clover from n/a through 1.5.6.
CVE ID: CVE-2024-43253 (Critical)
An arbitrary file uploads vulnerability due to insufficient file type validation has been discovered in the WP Foodbakery plugin for WordPress. The affected versions are WP Foodbakery plugin up to and including, 4.7.
CVE ID: CVE-2024-13011 (Critical)
A vulnerability has been discovered in Ruijie that allows to gain privileges via the system/config_menu.htm. The affected version is Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736).
CVE ID: CVE-2024-24116 (Critical)
A SQL injection vulnerability has been discovered in Apache Superset. The affected versions are Apache Superset before 4.0.2. Security updates are available.
CVE ID: CVE-2024-39887 (Critical)
An authentication bypass vulnerability has been discovered in the WP Directorybox Manager plugin for WordPress. The affected versions are WP Directorybox Manager plugin up to and including, 2.5.
CVE ID: CVE-2025-0316 (Critical)
Google has released LTS-126 version 126.0.6478.264 Platform version 15886.89.0 for most ChromeOS devices.
CVE ID: CVE-2025-0437 (High), CVE-2025-0438 (High)
A SQL injection vulnerability has been discovered in Tasklists for GLPI. The affected versions are Tasklists for GLPI prior to 2.0.4.
CVE ID: CVE-2024-56801 (Medium)
A SQL injection vulnerability has been discovered in itsourcecode Tailoring Management System. The affected version is itsourcecode Tailoring Management System 1.0.
CVE ID: CVE-2025-0944 (Critical)
A missing authorization vulnerability has been discovered in Astoundify Jobify - Job Board WordPress Theme for WordPress. The affected versions are Jobify - Job Board WordPress Theme: from n/a through 4.2.3.
CVE ID: CVE-2024-52480 (Critical)
A missing authorization vulnerability has been discovered in CRM Perks Forms. The affected versions are CRM Perks Forms from n/a through 1.1.5.
CVE ID: CVE-2024-37463 (Critical)
A SQL injection vulnerability has been discovered in Easy Digital Downloads. The affected versions are Easy Digital Downloads from n/a through 3.2.12.
CVE ID: CVE-2024-5057 (Critical)
An authentication bypass vulnerability has been discovered in JetBrains TeamCity. The affected versions are JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5.
CVE ID: CVE-2024-36470 (Critical)
An incorrect regular expression vulnerability has been discovered in Bitdefender GravityZone Update Server that causes Server Side Request Forgery (SSRF) and reconfigures the relay. The affected versions are Bitdefender Endpoint Security for Linux version 7.0.5.200089, Bitdefender Endpoint Security for Windows version 7.9.9.380 and GravityZone Control Center (On Premises) version 6.36.1.
CVE ID: CVE-2024-2223 (Critical)
An operating system command injection vulnerability has been discovered in Flowmon. The affected versions are Flowmon versions prior to 11.1.14 and 12.3.5.
CVE ID: CVE-2024-2389 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in the Product module of Dolibarr. The affected version is Dolibarr v21.0.0-beta.
CVE ID: CVE-2024-55228 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in the Events/Agenda module of Dolibarr. The affected version is Dolibarr v21.0.0-beta.
CVE ID: CVE-2024-55227 (Critical)
An arbitrary code execution vulnerability has been discovered in RUGGEDCOM CROSSBOW. All versions of RUGGEDCOM CROSSBOW below V5.5 are affected.
CVE ID: CVE-2024-27939 (Critical)
A SQL injection vulnerability has been discovered in Netentsec NS-ASG Application Security Gateway. The affected version is Netentsec NS-ASG Application Security Gateway 6.3.
CVE ID: CVE-2024-3458 (Critical)
A heap buffer overflow vulnerability has been discovered in Eclipse ThreadX NetX Duo. The affected version is Eclipse ThreadX NetX Duo before 6.4.0.
CVE ID: CVE-2024-2452 (Critical)
A missing authentication for critical function vulnerability has been discovered in Orthanc's Equipment- Orthanc Server that allows to disclose sensitive information, modify records, or cause a Denial of Service (DoS) condition. The affected versions are Orthanc server versions prior to 1.5.8. The mitigations are available.
CVE ID: CVE-2025-0896 (Critical)
WordPress has released security updates to resolve an authentication bypass vulnerability in the Nextend Social Login Pro plugin. The affected versions are Nextend Social Login Pro plugin, all versions up to and including 3.1.16.
CVE ID: CVE-2025-1061 (Critical)
A code injection vulnerability has been discovered in InstaWP Team InstaWP Connect. The affected versions are InstaWP Team InstaWP Connect from n/a through 0.1.0.38.
CVE ID: CVE-2024-37228 (Critical)
A deserialization of untrusted data vulnerability has been discovered in Trimble's Equipment- Cityworks that allows to perform a remote code execution. All versions of Cityworks prior to 15.8.9 and all versions of Cityworks with office companion prior to 23.10 are affected. The mitigations are available.
CVE ID: CVE-2025-0994 (High)
An improper certificate validation vulnerability has been discovered in MicroDicom's Equipment- DICOM Viewer that allows to alter network traffic and perform a Machine in the Middle (MITM) attack. The affected version is MicroDicom DICOM Viewer version 2024.03. The mitigations are available.
CVE ID: CVE-2025-1002 (Medium)
Microsoft has released updated Microsoft Edge Stable Channel version 133.0.3065.51 to resolve multiple vulnerabilities.
CVE ID: CVE-2025-21253 (Medium), CVE-2025-21404 (Medium), CVE-2025-21267 (Medium), CVE-2025-21279 (Medium), CVE-2025-21283 (Medium), CVE-2025-21408 (High), CVE-2025-21342 (High)
Juniper Networks has released security updates to address an improper handling of exceptional conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved.
CVE ID: CVE-2024-39549 (High), CVE-2024-39564 (High)
Drupal has released a security update to address the Cross Site Request Forgery (CSRF) vulnerability in OAuth2 Client, a third-party library used in it. The affected versions are OAuth2 Client prior to 4.1.3.
ABB has released a security update to resolve a directory traversal vulnerability in the Drive Composer. The affected versions are ABB Drive Composer entry version 2.9.0.1 and earlier and Drive Composer pro version 2.9.0.1 and earlier.
CVE ID: CVE-2024-48510 (Critical)
Multiple vulnerabilities have been discovered in PTZOptics Cameras, which can potentially lead to complete camera takeover, infection by bots, pivoting to other devices connected on the same network, or disruption of video feeds. The affected versions are PT30X-SDI/NDI-xx firmware before 6.3.40.
CVE ID: CVE-2024-8957 (High), CVE-2024-8956 (High)
Cisco has released security updates to address insecure Java deserialization and authorization bypass vulnerabilities in Cisco Identity Services Engine.
CVE ID: CVE-2025-20124 (Critical), CVE-2025-20125 (Critical)
An arbitrary command execution vulnerability has been discovered in IBM Security Verify Directory. The affected versions are IBM Security Verify Directory 10.0.0 through 10.0.3.
CVE ID: CVE-2024-51450 (Critical)
A PHP remote file inclusion vulnerability has been discovered in Build App Online. The affected versions are Build App Online from n/a through 1.0.23.
CVE ID: CVE-2024-49649 (Critical)
A vulnerability has been discovered in Cleo Harmony, VLTrader and LexiCom that allows to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
CVE ID: CVE-2024-55956 (Critical)
Veeam has released security updates to resolve a vulnerability in Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on the affected appliance server with root-level permissions.
CVE ID: CVE-2025-23114 (Critical)
Google has released Chrome 133 133.0.6943.49 for Android, Extended Stable channel 132.0.6834.194 for Windows and Mac, Chrome 133.0.6943.53 for Linux, Chrome Beta 133 133.0.6943.49 for Android and Chrome 133.0.6943.53/54 for Windows & Mac.
CVE ID: CVE-2025-0444 (High), CVE-2025-0445 (High), CVE-2025-0451 (Medium)
An insecure default credentials vulnerability has been discovered in the Telnet function of legacy DSL CPE Zyxel. The affected version is legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615.
CVE ID: CVE-2025-0890 (Critical)
A use of a broken or risky cryptographic algorithm vulnerability has been discovered in Dell RecoverPoint for VMs that leads to remote execution. The affected version is Dell RecoverPoint for VMs version 6.0.x.
CVE ID: CVE-2024-28980 (Critical)
A Cross-Origin Resource Policy (CORP) vulnerability has been discovered in SCG Policy Manager that leads to the execution of malicious actions on the application in the context of the authenticated user.
CVE ID: CVE-2024-37131 (Critical)
Multiple vulnerabilities in Elber's Equipment- Communications Equipment that allow administrative access to the affected device. The affected versions are Signum DVB-S/S2 IRD versions 1.999 and prior, Cleber/3 Broadcast Multi-Purpose Platform version 1.0, Reble610 M/ODU XPIC IP-ASI-SDH version 0.01, ESE DVB-S/S2 Satellite Receiver versions 1.5.179 and prior and Wayber Analog/Digital Audio STL version 4.
CVE ID: CVE-2025-0674 (Critical), CVE-2025-0675 (High)
A buffer overflow vulnerability has been discovered in AutomationDirect's Equipment- C-more EA9 HMI that allows Denial of Service (DoS) condition or achieve Remote Code Execution (RCE) on the affected device. The mitigations are available.
CVE ID: CVE-2025-0960 (Critical)
An external control of file name or path vulnerability has been discovered in Western Telematic Inc's Equipment- NPS Series, DSM Series & CPM Series. The affected versions are Network Power Switch NPS Series Firmware version 6.62 and prior, Console Server DSM Series Firmware version 6.62 and prior and Console Server + PDU Combo Unit CPM Series Firmware version 6.62 and prior. The updates are available.
CVE ID: CVE-2025-0630 (Medium)
A vulnerability due to missing password field masking in the Zoom Jenkins Marketplace plugin may allow to conduct a disclosure of information via adjacent network access. The affected versions are Zoom Jenkins Marketplace plugin before version 1.6. The mitigations are available.
CVE ID: CVE-2025-0148 (Low)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2025-02-05 or later, address all of these issues.
Ubuntu has released security updates to address several vulnerabilities in Linux kernel, HarfBuzz, and Netdata. The affected products are Ubuntu 16.04 ESM, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 24.10, and Ubuntu 18.04 ESM.
A session hijacking vulnerability has been discovered in IPMI for iDRAC9. The affected versions are iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations.
CVE ID: CVE-2024-25943 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Eclipse Target Management: Terminal and Remote System Explorer (RSE). The affected versions are Eclipse Target Management: Terminal and Remote System Explorer (RSE) version 4.5.400 and below.
CVE ID: CVE-2024-0740 (Critical)
A missing authorization vulnerability has been discovered in Metagauss RegistrationMagic. The affected versions are RegistrationMagic from n/a through 5.2.5.9.
CVE ID: CVE-2024-25935 (Critical)
A stack-buffer overflow vulnerability has been discovered in sngrep. All versions of sngrep since v1.4.1 are affected.
CVE ID: CVE-2024-3120 (Critical)
Google has released LTC version 132.0.6834.98 Platform version: 16093.78.0 for most ChromeOS devices and Dev channel 134.0.6988.2 for Windows, Mac & Linux.
WordPress has released security updates to resolve a limited local file inclusion vulnerability in the MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin. The affected versions are MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin, all versions up to and including 4.2.14.
CVE ID: CVE-2025-0493 (Critical)
A privilege escalation vulnerability has been discovered in SimpleHelp remote support software. The affected versions are SimpleHelp remote support software v5.5.7 and before.
CVE ID: CVE-2024-57726 (Critical)
A path traversal vulnerability has been discovered in JetBrains YouTrack. The affected versions are JetBrains YouTrack before 2024.3.51866.
CVE ID: CVE-2024-54154 (Critical)
SonicWall has released security updates to address a privilege escalation vulnerability in NetExtender. The affected versions are SonicWall NetExtender Windows (32 and 64 bit) 10.3.0 and earlier versions.
CVE ID: CVE-2025-23007 (Medium)
An allocation of resources without limits or throttling vulnerability has been discovered in FortiOS. The affected versions are FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, all versions of 7.0 and 6.4. The mitigations are available.
CVE ID: CVE-2024-46666 (Medium)
An uncontrolled resource consumption vulnerability has been discovered in Rockwell Automation's Equipment- KEPServer that can cause a device to crash. The affected versions are Rockwell Automation's KEPServer version 6.0 - 6.14.263. Security updates are available.
CVE ID: CVE-2023-3825 (High)
Multiple vulnerabilities have been discovered in New Rock Technologies' Equipment- Cloud Connected Devices. All versions of OM500 IP-PBX, MX8G VoIP Gateway and NRP1302/P Desktop IP Phone are affected.
CVE ID: CVE-2025-0680 (Critical), CVE-2025-0681 (Medium)
VMware has released security updates to address multiple vulnerabilities in VMware Aria Operations for Logs, VMware Aria Operations and VMware Cloud Foundation. The affected versions are VMware Aria Operations for logs 8.x, VMware Aria Operations 8.x, and VMware Cloud Foundation 5.x and 4.x.
CVE ID: CVE-2025-22218 (High), CVE-2025-22219 (Medium), CVE-2025-22220 (Medium), CVE-2025-22221 (Medium), CVE-2025-22222 (High)
Apple has released a security update to address an arbitrary code execution vulnerability in GarageBand 10.4.12. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2024-44142 (Medium)
Multiple vulnerabilities have been discovered in Schneider Electric's Equipment- Harmony Industrial PC, Pro-face Industrial PC. All versions of System Monitor application in Harmony Industrial PC and System Monitor application in Pro-face Industrial PC are affected.
CVE ID: CVE-2024-8884 (Critical)
Multiple vulnerabilities have been disovered in Contec Health's Equipment- CMS8000 Patient Monitor. The mitigations are available.
CVE ID: CVE-2024-12248 (Critical), CVE-2025-0626 (High), CVE-2025-0683 (Medium)
Rockwell Automation has released security updates to address multiple vulnerabilities in FactoryTalk AssetCentre. All versions of FactoryTalk AssetCentre prior to V15.00.001 are affected.
CVE ID: CVE-2025-0477 (Critical), CVE-2025-0497 (High), CVE-2025-0498 (High)
A privilege escalation vulnerability has been discovered in WordPress Media Manager for UserPro plugin. The affected versions are Media Manager for UserPro plugin, all versions up to and including 3.11.0.
CVE ID: CVE-2024-12822 (Critical)
A PHP object injection vulnerability has been discovered in the WordPress iControlWP plugin. The affected versions are iControlWP plugin, all versions up to and including 4.4.5.
CVE ID: CVE-2024-13742 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Jinja2 and VLC packages. The affected products are Ubuntu 24.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, and Ubuntu 16.04 ESM.
CVE ID: CVE-2024-56201 (Medium), CVE-2024-56326 (Medium), CVE-2024-46461(High)
Drupal has released a security update to address the Cross Site Request Forgery (CSRF) vulnerability in Matomo Analytics, a third-party library used in it.
Moxa has released security updates to address an out-of-bounds write vulnerability in multiple PT switches that can result in a Denial of Service (DoS) condition.
CVE ID: CVE-2024-7695 (High)
Google has released Chrome 133 133.0.6943.39 for Android, Chrome Stable 133 133.0.6943.33 for iOS, Stable channel 133.0.6943.35 for Windows & Mac, Beta channel 133.0.6943.35 for Windows, Mac & Linux, Chrome Beta 133 133.0.6943.39 for Android and Chrome Beta 133 133.0.6943.34 for iOS.
An elevation of privilege vulnerability has been discovered in Microsoft Account. This vulnerability has been fully mitigated by Microsoft.
CVE ID: CVE-2025-21396 (High)
An elevation of privilege vulnerability has been discovered in Microsoft Azure AI Face Service. This vulnerability has been fully mitigated by Microsoft.
CVE ID: CVE-2025-21415 (Critical)
A segmentation violation vulnerability has been discovered in OpenImageIO. The affected version is OpenImageIO v3.1.0.0dev.
CVE ID: CVE-2024-55193 (Critical)
An out of bounds memory access vulnerability has been discovered in Eclipse Mosquitto. The affected versions are Eclipse Mosquitto from version 1.3.2 through 2.0.18.
CVE ID: CVE-2024-10525 (Critical)
An use of a broken or risky cryptographic algorithm vulnerability has been discovered in B&R's Equipment- Automation Runtime. The affected versions are B&R Automation Runtime: versions prior to 6.1 and B&R mapp View: versions prior to 6.1. The mitigations are available.
CVE ID: CVE-2024-8603 (High)
Multiple vulnerabilities have been discovered in Schneider Electric's Equipment- Power Logic. The affected versions are Schneider Electric Power Logic: v0.62.7 and Schneider Electric Power Logic: v0.62.7 and prior. The mitigations are available.
CVE ID: CVE-2024-10497 (High), CVE-2024-10498 (Medium)
A deserialization of untrusted data vulnerability has been discovered in Schneider Electric's Equipment- Electric RemoteConnect and SCADAPack x70 Utilities. All versions of RemoteConnect and all versions of SCADAPackTM x70 Utilities are affected. The mitigations are available.
CVE ID: CVE-2024-12703 (High)
An arbitrary user password change vulnerability has been discovered in Miniorange OTP Verification with Firebase plugin for WordPress. The affected versions are Miniorange OTP Verification with Firebase plugin up to and including, 3.6.0.
CVE ID: CVE-2024-9862 (Critical)
A CSV injection vulnerability has been discovered in Relevanssi – A Better Search plugin for WordPress. The affected versions are Relevanssi – A Better Search plugin up to and including, 4.22.1.
CVE ID: CVE-2024-3214 (Critical)
Rockwell Automation has released security updates to address multiple vulnerabilities in ICE2 Controller, FactoryTalk View Site Edition, PowerFlex 755, KEPServer, FactoryTalk View Machine Edition, and DataMosaix Private Cloud. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-24478 (Medium), CVE-2025-24481 (High), CVE-2025-24482 (High), CVE-2025-0631 (High), CVE-2023-3825 (High), CVE-2025-24479 (High), CVE-2025-24480 (Critical), CVE-2025-0659 (Medium), CVE-2020-11656 (Critical)
WordPress has released security updates to resolve an arbitrary file upload vulnerability in the ThemeREX Addons plugin. The affected versions are ThemeREX Addons plugin, all versions up to and including 2.32.3.
CVE ID: CVE-2024-13448 (Critical)
A template injection vulnerability has been discovered in Rejetto HTTP File Server. The affected versions are Rejetto HTTP File Server, up to and including version 2.3m.
CVE ID: CVE-2024-23692 (Critical)
An authentication bypass vulnerability has been discovered in Progress Telerik Report Server. The affected versions are Progress Telerik Report Server version 2024 Q1 (10.0.24.305) or earlier.
CVE ID: CVE-2024-4358 (Critical)
A server side template injection vulnerability has been discovered in CrushFTP. All versions of CrushFTP before 10.7.1 & 11.1.0, on all platforms are affected.
CVE ID: CVE-2024-4040 (Critical)
A stack-based buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC18 15.13.07.09.
CVE ID: CVE-2024-2546 (Critical)
An authentication bypass using an alternate path or channel vulnerability has been discovered in ConnectWise ScreenConnect. The affected versions are ConnectWise ScreenConnect 23.9.7 and prior.
CVE ID: CVE-2024-1709 (Critical)
Apple has released security updates to address multiple vulnerabilities in visionOS 2.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, watchOS 11.3, tvOS 18.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. An attacker can exploit these vulnerabilities to take control of an affected device.
Microsoft has released updated Microsoft Edge Stable Channel (Version 132.0.2957.127) to resolve multiple vulnerabilities.
CVE ID: CVE-2025-21262 (Medium), CVE-2025-0611, CVE-2025-0612
A OS Command injection vulnerability has been discovered in Dell RecoverPoint for Virtual Machines. The affected versions are Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1.
CVE ID: CVE-2024-22426 (Critical)
A privilege escalation vulnerability has been discovered in SimpleHelp remote support software. The affected versions are SimpleHelp remote support software v5.5.7 and before.
CVE ID: CVE-2024-57726 (Critical)
An out of bounds read vulnerability has been discovered in onnx. The affected versions are onnx before and including 1.15.0.
CVE ID: CVE-2024-27319 (Critical)
SonicWall has released security updates to address a pre-authentication deserialization of untrusted data vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) that can enable unauthenticated Remote Command Execution (RCE). The affected versions are SonicWall SMA1000 AMC version 12.4.3-02804 (platform-hotfix) & earlier versions, and CMC version 12.4.3-02804 (platform-hotfix) & earlier versions.
CVE ID: CVE-2025-23006 (Critical)
Cisco has released security updates to address the privilege escalation vulnerability in Cisco Meeting Management REST API.
CVE ID: CVE-2025-20156 (Critical)
GitLab has released updated versions 17.8.1, 17.7.3, and 17.6.4 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
CVE ID: CVE-2025-0314 (High), CVE-2024-11931 (Medium), CVE-2024-6324 (Medium)
Google has released Beta channel OS version 16151.13.0 Browser version 133.0.6943.18 for most ChromeOS devices, Chrome 131 132.0.6834.122 for Android, Dev channel OS version 16151.13.0 Browser version 133.0.6943.18 for most ChromeOS devices, Chrome Beta 133 133.0.6943.23 for Android, Chrome Beta 133 133.0.6943.24 for iOS and Stable channel 132.0.6834.110/111 for Windows & Mac & 132.0.6834.110 for Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2025-0611 (High), CVE-2025-0612 (High)
Multiple vulnerabilities have been discovered in Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2025-24397 (Medium), CVE-2025-24398 (High), CVE-2025-24399 (High), CVE-2025-0142 (Medium), CVE-2025-24400 (Medium), CVE-2025-24401 (Medium), CVE-2025-24402 (Medium), CVE-2025-24403 (Medium)
Multiple vulnerabilities have been discovered in Traffic Alert and Collision Avoidance System (TCAS) II's Equipment-Collision Avoidance Systems. The affected versions are TCAS II versions 7.1 and prior. The mitigations are available.
CVE ID: CVE-2024-9310 (Medium), CVE-2024-11166 (High)
Siemens has released security updates to address a Cross Site Request Forgery (CSRF) vulnerability in its equipment- SIMATIC S7-1200 CPUs.
CVE ID: CVE-2024-47100 (High)
An authentication bypass by primary weakness vulnerability has been discovered in ZF's Equipment- RSSPlus. The affected versions are RSSPlus 2M build dates 01/08 through at least 01/23. The mitigations are available.
CVE ID: CVE-2024-12054 (Medium)
A missing release of memory after effective lifetime vulnerability has been discovered in Arista EOS. The affected versions are EOS versions 4.32.2.1F and below releases in the 4.32.x train, 4.31.5F and below releases in the 4.31.x train, 4.30.8F and below releases in the 4.30.x train, and 4.29.9.1F and below releases in the 4.29.x train.
CVE ID: CVE-2024-9135 (Medium)
Node.js has released security updates to address multiple vulnerabilities in its products.
CVE ID: CVE-2025-23083 (High), CVE-2025-23084 (Medium), CVE-2025-23085 (Medium)
Ubuntu has released security updates to address several vulnerabilities in the Linux kernel (OEM) and Vim. The affected products are Ubuntu 24.04 LTS, Ubuntu 24.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS.
CVE ID: CVE-2024-53238 (Medium), CVE-2024-56757 (Medium), CVE-2025-22134 (Medium)
A Remote Code Execution (RCE) vulnerability was discovered in SolarWinds Security Event Manager (SEM). The impact of vulnerability has been scaled up from high to critical. The affected versions are SolarWinds SEM 2023.4 and prior versions. Security updates are available.
CVE ID: CVE-2024-0692 (Critical)
Oracle has released its critical patch update for January 2025 to address 318 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-37371 (Critical), CVE-2023-46604 (Critical), CVE-2024-45492 (Critical), CVE-2024-56337 (Critical), CVE-2024-3596 (Critical), CVE-2024-53677 (Critical), CVE-2024-45492 (Critical), CVE-2025-21535 (Critical), CVE-2024-38475 (Critical), CVE-2024-5535 (Critical), CVE-2016-1000027 (Critical), CVE-2023-29824 (Critical), CVE-2021-23926 (Critical), CVE-2025-21547 (Critical), CVE-2025-21524 (Critical), CVE-2023-3961 (Critical), CVE-2024-11053 (Critical), CVE-2025-21556 (Critical), CVE-2024-23807 (Critical)
An unrestricted file upload vulnerability has been discovered in Avaya IP Office that allow remote command or code execution via the One-X component. All versions of Avaya IP Office prior to 11.1.3.1 are affected.
CVE ID: CVE-2024-4197 (Critical)
An improper input validation vulnerability has been discovered in Avaya IP Office that allow remote command or code execution via a specially crafted web request to the Web Control component. All versions of Avaya IP Office prior to 11.1.3.1 are affected.
CVE ID: CVE-2024-4196 (Critical)
A XML external entity injection vulnerability has been discovered in OpenText iManager that could lead to Remote Code Execution (RCE). The affected version is OpenText iManager 3.2.6.0200.
CVE ID: CVE-2024-3969 (Critical)
A vulnerability has been discovered in Jeewms that allows to escalate privileges via the AuthInterceptor component. The affected versions are Jeewms v.3.7 and before.
CVE ID: CVE-2024-27764 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in RenderTune. The affected version is RenderTune v1.1.4.
CVE ID: CVE-2024-25292 (Critical)
WordPress has released security updates to resolve an authentication bypass vulnerability in the AdForest plugin. The affected versions are AdForest plugin, all versions up to and including 5.1.8.
CVE ID: CVE-2024-12857 (Critical)
WordPress has released security updates to resolve an authenticated arbitrary file upload vulnerability in the WPBot Pro Wordpress Chatbot plugin. The affected versions are WPBot Pro Wordpress Chatbot plugin, all versions up to and including 13.5.4.
CVE ID: CVE-2024-13091 (Critical)
An improper input validation vulnerability has been discovered in IBM Sterling Secure Proxy. The affected versions are IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0 and 6.2.0.0.
CVE ID: CVE-2024-41783 (Critical)
A stored Cross Site Scripting (XSS) vulnerability has been discovered in WP All Import Pro plugin. The affected versions are WP All Import Pro all versions up to and including 4.9.7.
CVE ID: CVE-2024-8722 (Critical)
Microsoft has released updated Microsoft Edge Stable Channel version 132.0.2957.115 to resolve multiple vulnerabilities.
CVE ID: CVE-2025-21399 (High), CVE-2025-21185 (Medium)
An authentication bypass vulnerability has been discovered in the admin web console of Ivanti CSA that allows a remote unauthenticated attacker to gain administrative access. The affected versions are Ivanti CSA before 5.0.3.
CVE ID: CVE-2024-11639 (Critical)
WordPress has released security updates to resolve a privilege escalation vulnerability in the Adifier System plugin. The affected versions are Adifier System plugin, all versions up to and including 3.1.7.
CVE ID: CVE-2024-13375 (Critical)
Moxa has released security updates to address a missing authentication vulnerability in its Ethernet switches that can result in unauthorized access and system compromise.
CVE ID: CVE-2024-9137 (Critical)
An improper authentication vulnerability has been discovered in Progress MOVEit Transfer that can lead to authentication bypass. The affected versions are MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
CVE ID: CVE-2024-5806 (Critical)
A SQL injection vulnerability has been discovered in F-logic DataCube3. The affected versions are F-logic DataCube3 v1.0.
CVE ID: CVE-2024-25833 (Critical)
An use-after-free vulnerability has been discovered in Apache Xerces C++ XML parser. The affected versions are Apache Xerces C++ XML parser versions 3.0.0 before 3.2.5.
CVE ID: CVE-2024-23807 (Critical)
An arbitrary code execution vulnerability has been discovered in WuKongOpenSource WukongCRM. The affected version is WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202.
CVE ID: CVE-2024-23052 (Critical)
A stack based buffer overflow vulnerability has been discovered in Fuji Electric's Equipment- Alpha5 SMART that allows it to execute arbitrary code. The affected versions are Fuji Electric Alpha5 SMART versions 4.5 and prior. The mitigation is available.
CVE ID: CVE-2024-34579 (High)
An improper validation of certificate with host mismatch vulnerability has been discovered in Hitachi Energy's Equipment- FOX61x, FOXCST, FOXMAN-UN that allows to intercept or falsify data exchanges between the client and the server. The affected versions are FOX61x versions prior to R16B, FOXCST versions prior to 16.2.1 and FOXMAN-UN R15A & prior, R15B PC4 & prior, R16A & R16B PC2 & prior. The mitigations are available.
CVE ID: CVE-2024-2462 (Medium)
A relative path traversal vulnerability has been discovered in Hitachi Energy's Equipment- FOX61x Products. The affected versions are Hitachi Energy FOX61x: R15A and prior, Hitachi Energy FOX61x: R15B, Hitachi Energy FOX61x: R16A, and Hitachi Energy FOX61x: R16B Revision E. The mitigations are available.
CVE ID: CVE-2024-2461 (Medium)
Amazon has released security updates to address multiple vulnerabilities in Amazon WorkSpaces, Amazon AppStream, and Amazon DCV.
CVE ID: CVE-2025-0500, CVE-2025-0501
Drupal has released a security update to address a Cross Site Request Forgery (CSRF) vulnerability in the Artificial Intelligence (AI) module, providing a framework for easy integration. The affected versions are AI version above 1.0.0 and below 1.0.2.
Palo Alto Networks has released security updates to resolve a server-side request forgery vulnerability in the Palo Alto Networks PAN-OS.
CVE ID: CVE-2024-5917 (Medium)
Microsoft has released security updates to address critical, high, and medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-21307 (Critical), CVE-2025-21311 (Critical), CVE-2025-21298 (Critical)
Multiple vulnerabilities have been discovered in TIFF and PCX Image Codecs that impact QNX Software Development Platform (SDP) that could cause information disclosure, Denial of Service (DoS) condition or execute code in the context of the process using the image codec. Security updates are available.
CVE ID: CVE-2024-48854 (Medium), CVE-2024-48855 (Medium), CVE-2024-48856 (Critical), CVE-2024-48857 (High), CVE-2024-48858 (High)
A stack based buffer overflow vulnerability has been discovered in Linux Ratfor. The affected versions are Linux Ratfor 1.06 and earlier.
CVE ID: CVE-2024-55577 (High)
Multiple vulnerabilities have been discovered in several Zoom products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-0147 (High), CVE-2025-0146 (Low), CVE-2025-0145 (Medium), CVE-2025-0144 (Low), CVE-2025-0143 (Medium), CVE-2025-0142 (Medium)
Adobe has released security updates to address multiple vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.
WordPress has released security updates to resolve an unauthentication privilege escalation vulnerability in Post Grid and Gutenberg Blocks plugin. The affected versions are Post Grid and Gutenberg Blocks plugin versions 2.2.85 to 2.3.3.
CVE ID: CVE-2024-9636 (Critical)
Microsoft has released security updates to address an elevation of privilege vulnerability in Windows NTLM V1 affecting multiple Windows products .
CVE ID: CVE-2025-21311 (Critical)
Microsoft has released security updates to address a Remote Code Execution (RCE) vulnerability in Windows Reliable Multicast Transport Driver affecting multiple Windows products.
CVE ID: CVE-2025-21307 (Critical)
Microsoft has released security updates to address a Remote Code Execution (RCE) vulnerability in Windows OLE affecting multiple Windows products.
CVE ID: CVE-2025-21298 (Critical)
An authentication bypass vulnerability has been discovered in the Node.js websocket module affecting FortiOS and FortiProxy. The affected versions are FortiOS 7.0.0 through 7.0.16, and FortiProxy 7.2.0 through 7.2.12. The updates are available.
CVE ID: CVE-2024-55591 (Critical)
SAP has released security notes to address several critical, high, medium & low vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2024-3596 (Critical), CVE-2024-45490 (Critical), CVE-2024-33698 (Critical)
NVIDIA has released security updates to address multiple vulnerabilities in NVIDIA Container Toolkit and NVIDIA GPU Operator. The affected versions are NVIDIA Container Toolkit versions up to & including v1.17.0, and NVIDIA GPU Operator versions up to & including 24.9.0.
CVE ID: CVE-2024-0135 (High), CVE-2024-0136 (High), CVE-2024-0137 (Medium)
WordPress has released security updates to resolve an authentication bypass vulnerability in Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin. The affected versions are Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin, all versions up to, and including, 2.13.7.
CVE ID: CVE-2024-12919 (Critical)
WordPress has released security updates to resolve the PHP Object Injection vulnerability in GiveWP – Donation Plugin and Fundraising Platform plugin. The affected versions are GiveWP – Donation Plugin and Fundraising Platform plugin, all versions up to, and including, 3.19.2.
CVE ID: CVE-2024-12877 (Critical)
WordPress has released security updates to resolve the PHP object injection vulnerability in GiveWP – Donation Plugin and Fundraising Platform plugin. The affected versions are GiveWP – Donation Plugin and Fundraising Platform plugin, all versions up to, and including, 3.19.3.
CVE ID: CVE-2025-22777 (Critical)
Multiple vulnerabilities have been discovered in Delta Electronics' Equipment- DRASimuCAD. The affected version is DRASimuCAD 1.02.
CVE ID: CVE-2024-12834 (High), CVE-2024-12835 (High), CVE-2024-12836 (High)
An improper authentication vulnerability has been discovered in Schneider Electric's Equipment- PowerChute Serial Shutdown. The affected versions are PowerChute Serial Shutdown: 1.2.0.301 and prior. The mitigations are available.
CVE ID: CVE-2024-10511 (Medium)
A vulnerability due to use of unmaintained third-party components has been discovered in Schneider Electric's Equipment-Harmony HMI and Pro-face HMI Products. All versions of Harmony HMIST6, Harmony HMISTM6, Harmony HMIG3U, Harmony HMIG3X, Harmony HMISTO7 series with Ecostruxure Operator Terminal Expert runtime, PFXST6000, PFXSTM6000, PFXSP5000, and PFXGP4100 series with Pro-face BLUE runtime are affected. The mitigations are available.
CVE ID: CVE-2024-11999 (High)
Mozilla has released security updates to address multiple vulnerabilities in Firefox for iOS 134. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-23108 (Medium), CVE-2025-23109 (Medium)
WordPress has released security updates to resolve an arbitrary user password change vulnerability in WPBookit plugin. The affected versions are WPBookit plugin, all versions up to, and including, 1.6.4.
CVE ID: CVE-2024-10215 (Critical)
An arbitrary user password change vulnerability has been discovered in WordPress Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin. The affected versions are Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin, all versions up to, and including, 3.4.12.
CVE ID: CVE-2024-11642 (Critical)
Ivanti has released security updates to address multiple vulnerabilities in Ivanti Connect Secure, Policy Secure and ZTA Gateways. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2025-0282 (Critical), CVE-2025-0283 (High)
Palo Alto Networks has released security updates to address multiple vulnerabilities in the Expedition migration tool that enables to read Expedition database contents and arbitrary files, as well as create and delete arbitrary files on the Expedition system. Expedition has reached its End of Life (EoL) date.
CVE ID: CVE-2025-0103 (Critical), CVE-2025-0104 (High), CVE-2025-0105 (Medium), CVE-2025-0106 (Medium), CVE-2025-0107 (Medium)
Cisco has released security updates to address a vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS.
CVE ID: CVE-2025-20126 (Medium)
A Remote Code Execution (RCE) vulnerability has been discovered in Aviatrix Controller. All supported versions of Aviatrix Controller prior to 7.2.4996 or 7.1.4191 are affected. The updates are avaiable.
CVE ID: CVE-2024-50603 (Critical)
Joomla has released security updates to resolve multiple vulnerabilities in Joomla CMS.
CVE ID: CVE-2024-40749 (Medium), CVE-2024-40748 (Medium), CVE-2024-40747 (Medium)
Missing authentication for critical function vulnerability has been discovered in Nedap Librix's Equipment- Ecoreader that can result in Remote Code Execution (RCE). All versions of Ecoreader are affected.
CVE ID: CVE-2024-12757 (High)
WordPress has released security updates to resolve a Remote Code Execution (RCE) vulnerability in File Upload plugin. The affected versions are File Upload plugin, all versions up to, and including, 4.24.12.
CVE ID: CVE-2024-11635 (Critical)
WordPress has released security updates to resolve a Remote Code Execution (RCE) , arbitrary file read, and arbitrary file deletion vulnerabilities in File Upload plugin. The affected versions are File Upload plugin, all versions up to, and including, 4.24.15.
CVE ID: CVE-2024-11613 (Critical)
A local file inclusion vulnerability has been discovered in WordPress FAT Event Lite plugin. The affected versions are FAT Event Lite plugin, all versions up to, and including, 1.1.
CVE ID: CVE-2025-22508 (Critical)
An arbitrary file uploads due to missing file type validation vulnerability has been discovered in WordPress 4ECPS Web Forms plugin. The affected versions are 4ECPS Web Forms plugin, all versions up to, and including, 0.2.18.
CVE ID: CVE-2025-22504 (Critical)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2025-01-05 or later, address all of these issues.
CVE ID: CVE-2024-20154 (Critical), CVE-2024-43096 (Critical), CVE-2024-43770 (Critical), CVE-2024-43771 (Critical), CVE-2024-49747 (Critical), CVE-2024-49748 (Critical)
A privilege escalation vulnerability has been discovered in Wordpress School Management System – SakolaWP plugin. The affected versions are School Management System – SakolaWP plugin, all versions up to, and including, 1.0.8.
CVE ID: CVE-2024-12470 (Critical)
A privilege escalation vulnerability has been discovered in Wordpress PayU CommercePro Plugin. The affected versions are PayU CommercePro Plugin, all versions up to, and including, 3.8.3.
CVE ID: CVE-2024-12264 (Critical)
A file overwrite vulnerability has been discovered in WordPress SEO LAT Auto Post plugin. The affected versions are SEO LAT Auto Post plugin, all versions up to, and including, 2.2.1.
CVE ID: CVE-2024-12252 (Critical)
Moxa has released security updates to address privilege escalation and OS command injection vulnerabilities in its cellular routers, secure routers, and network security appliances.
CVE ID: CVE-2024-9140 (Critical), CVE-2024-9138 (High)
