Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-01-24 | CVE-2024-13680 | SQL Injection vulnerability in Codepeople Form Builder CP The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'CP_EASY_FORM_WILL_APPEAR_HERE' shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
2025-01-24 | CVE-2024-13683 | Cross-Site Request Forgery (CSRF) vulnerability in Sperse Automate HUB The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. | 4.3 |
2025-01-24 | CVE-2024-13659 | Cross-site Scripting vulnerability in Listamester The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2025-01-23 | CVE-2023-46400 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Kwhotel 0.47 KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function. | 9.8 |
2025-01-23 | CVE-2023-46401 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Kwhotel 0.47 KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function. | 9.8 |
2025-01-23 | CVE-2024-50664 | Out-of-bounds Write vulnerability in Gpac 2.4 gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box. | 7.8 |
2025-01-23 | CVE-2024-50665 | NULL Pointer Dereference vulnerability in Gpac 2.4 gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box. | 5.5 |
2025-01-23 | CVE-2024-55192 | Out-of-bounds Write vulnerability in Openimageio 3.1.0.0 OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*). | 9.8 |
2025-01-23 | CVE-2024-55193 | Unspecified vulnerability in Openimageio 3.1.0.0 OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h. | 9.8 |
2025-01-23 | CVE-2024-55194 | Out-of-bounds Write vulnerability in Openimageio 3.1.0.0 OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h. | 9.8 |