CVE Brief Security Intelligence

The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear' parameter in all versions up to, and including, 1

Azure Monitor Elevation of Privilege Vulnerability

Microsoft Defender Portal Spoofing Vulnerability

The fetch function in file thinkphp\library\think\Template

The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple social media username parameters in all versions up to, and including, 1

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 4

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash

The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests

The ELCA Star Transmitter Remote Control firmware 1

D-Link Router DIR-868L A1 FW106KRb01

A vulnerability was detected in Tenda CH22 1

OpenSTAManager is an open source management software for technical assistance and invoicing

A flaw has been found in Tenda AC21 16

A vulnerability has been found in Tenda AC21 16

Authorization bypass in Revive Adserver 5

IBM webMethods Integration 10

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network

Improper input neutralization in the stats-conversions

esm

Rallly is an open-source scheduling and collaboration tool

Rallly is an open-source scheduling and collaboration tool

Rallly is an open-source scheduling and collaboration tool

Homarr is an open-source dashboard

The ITEL ISO FM SFN Adapter (firmware ISO2 2

An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6

An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5

A path Traversal vulnerability found in FileCodeBox v2

A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2

Milos Paripovic OneCommander 3

An issue in Ilevia EVE X1 Server Firmware Version v4

An issue was discovered in Clerk-js 5

Quark Cloud Drive v3

An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13)

A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8

A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1

Campcodes Online Hospital Management System 1

A weakness has been identified in itsourcecode Human Resource Management System 1

A security vulnerability has been detected in itsourcecode Human Resource Management System 1

A vulnerability was detected in freeprojectscodes Sports Club Management System 1

A security vulnerability has been detected in UTT 进取 750W up to 3

A vulnerability was found in code-projects Online Shop Project 1

A vulnerability was identified in SourceCodester Online Shop Project 1

Lite XL versions 2

Lite XL versions 2

i-Educar is free, fully online school management software

i-Educar is free, fully online school management software

i-Educar is free, fully online school management software

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narkom Communication and Software Technologies Trade Ltd

Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd

Astro is a web framework

Rallly is an open-source scheduling and collaboration tool

Missing authorization check in Revive Adserver 5

A security flaw has been discovered in Muse Group MuseHub 2