Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-04 CVE-2025-0203 SQL Injection vulnerability in Code-Projects Student Management System 1.0
A vulnerability was found in code-projects Student Management System 1.0.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8
2025-01-03 CVE-2024-11733 The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0.
network
low complexity
CWE-94
7.3
7.3
2025-01-03 CVE-2024-12237 The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.15 via the rjg_get_youtube_info_justified_gallery_callback function.
network
low complexity
CWE-918
4.3
4.3
2025-01-03 CVE-2024-55896 IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames.
network
low complexity
CWE-451
5.4
5.4
2025-01-03 CVE-2024-55897 IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
 4.3
4.3
2025-01-03 CVE-2024-41780 IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry.
high complexity
CWE-359
4.2
4.2
2025-01-03 CVE-2024-5591 IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
CWE-209
4.3
4.3
2025-01-03 CVE-2024-12132 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
4.3
2025-01-02 CVE-2022-49035 Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case.
local
low complexity
linux CWE-770
5.5
5.5
2025-01-02 CVE-2023-45765 Missing Authorization vulnerability in Wedevs WP ERP
Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6.
network
low complexity
wedevs CWE-862
4.3
4.3