| 2025-01-16 | CVE-2025-0170 | The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. | 6.1 |
| 2025-01-16 | CVE-2025-0455 | The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. network low complexity CWE-89 critical | 9.8 |
| 2025-01-16 | CVE-2025-0456 | The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords. network low complexity CWE-306 critical | 9.8 |
| 2025-01-16 | CVE-2025-0457 | The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | 8.8 |
| 2025-01-15 | CVE-2024-53407 | Untrusted Search Path vulnerability in Phiewer 4.1.0
In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data. | 3.3 |
| 2025-01-15 | CVE-2024-55503 | Untrusted Search Path vulnerability in Termius
An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component. | 3.3 |
| 2025-01-15 | CVE-2024-57726 | Unspecified vulnerability in Simple-Help Simplehelp
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. | 9.9 |
| 2025-01-15 | CVE-2024-57727 | Path Traversal vulnerability in Simple-Help Simplehelp
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. | 7.5 |
| 2025-01-15 | CVE-2024-57728 | Link Following vulnerability in Simple-Help Simplehelp
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. | 7.2 |
| 2025-01-15 | CVE-2025-0215 | The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. | 6.1 |