Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-17 CVE-2024-13879 The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature.
network
low complexity
CWE-918
5.5
2025-02-17 CVE-2025-1392 A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic.
network
low complexity
CWE-94
3.5
2025-02-17 CVE-2025-26772 Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detheme DethemeKit For Elementor allows Stored XSS.
network
low complexity
detheme CWE-79
5.4
2025-02-17 CVE-2025-26775 Cross-site Scripting vulnerability in Pluginus Bear - Woocommerce Bulk Editor and products Manager Professional
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 BEAR allows Stored XSS.
network
low complexity
pluginus CWE-79
4.8
2025-02-17 CVE-2025-1381 SQL Injection vulnerability in Code-Projects Real Estate Property Management System 1.0
A vulnerability was found in code-projects Real Estate Property Management System 1.0.
network
low complexity
code-projects CWE-89
7.5
2025-02-17 CVE-2025-1379 SQL Injection vulnerability in Code-Projects Real Estate Property Management System 1.0
A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical.
network
low complexity
code-projects CWE-89
critical
9.8
2025-02-17 CVE-2025-1380 SQL Injection vulnerability in Codezips GYM Management System 1.0
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical.
network
low complexity
codezips CWE-89
critical
9.8
2025-02-17 CVE-2025-1378 A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286.
local
low complexity
CWE-119
3.3
2025-02-17 CVE-2025-0924 The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
2025-02-17 CVE-2025-1376 A vulnerability classified as problematic was found in GNU elfutils 0.192.
local
high complexity
CWE-404
2.5