Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-17 CVE-2025-0924 The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
2025-02-17 CVE-2025-1376 A vulnerability classified as problematic was found in GNU elfutils 0.192.
local
high complexity
CWE-404
2.5
2.5
2025-02-17 CVE-2025-1377 A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192.
local
low complexity
CWE-404
3.3
3.3
2025-02-17 CVE-2025-1389 Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
network
low complexity
CWE-89
8.8
8.8
2025-02-17 CVE-2025-1373 A vulnerability was found in FFmpeg up to 7.1.
local
low complexity
CWE-404
3.3
3.3
2025-02-17 CVE-2025-1374 A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0.
network
low complexity
CWE-74
6.3
6.3
2025-02-17 CVE-2025-1387 Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user.
network
low complexity
critical
 9.8
9.8
2025-02-17 CVE-2025-1388 Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells
network
low complexity
CWE-434
8.8
8.8
2025-02-17 CVE-2025-1372 A vulnerability was found in GNU elfutils 0.192.
local
low complexity
CWE-120
5.3
5.3
2025-02-17 CVE-2025-1366 A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical.
local
low complexity
CWE-121
5.3
5.3