Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-25 CVE-2025-26599 Access of Uninitialized Pointer vulnerability in multiple products
An access to an uninitialized pointer flaw was found in X.Org and Xwayland.
local
low complexity
tigervnc x-org redhat CWE-824
7.8
2025-02-25 CVE-2025-26600 Use After Free vulnerability in multiple products
A use-after-free flaw was found in X.Org and Xwayland.
local
low complexity
tigervnc x-org redhat CWE-416
7.8
2025-02-25 CVE-2025-26601 Use After Free vulnerability in multiple products
A use-after-free flaw was found in X.Org and Xwayland.
local
low complexity
tigervnc x-org redhat CWE-416
7.8
2025-02-25 CVE-2024-54444 Cross-site Scripting vulnerability in Elementor Website Builder
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder allows Stored XSS.
network
low complexity
elementor CWE-79
5.4
2025-02-25 CVE-2025-26871 Missing Authorization vulnerability in Wpdeveloper Essential Blocks
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
wpdeveloper CWE-862
8.8
2025-02-25 CVE-2025-26935 Path Traversal: '.../...//' vulnerability in Wpjobportal WP JOB Portal
Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion.
network
low complexity
wpjobportal CWE-35
8.8
2025-02-25 CVE-2025-26977 Authorization Bypass Through User-Controlled Key vulnerability in Ninjateam Filebird
Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
ninjateam CWE-639
7.2
2025-02-25 CVE-2025-1262 Guessable CAPTCHA vulnerability in Webfactoryltd Advanced Google Recaptcha
The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 .
network
low complexity
webfactoryltd CWE-804
5.3
2025-02-25 CVE-2024-13693 Improper Access Control vulnerability in Kriesi Enfold
The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9.
network
low complexity
kriesi CWE-284
5.3
2025-02-25 CVE-2024-13695 Server-Side Request Forgery (SSRF) vulnerability in Kriesi Enfold
The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter.
network
low complexity
kriesi CWE-918
5.4