Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-21 CVE-2024-57933 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues.
local
low complexity
linux CWE-476
5.5
2025-01-21 CVE-2024-57934 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: fgraph: Add READ_ONCE() when accessing fgraph_array[] In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[] elements, which are fgraph_ops.
local
high complexity
linux CWE-476
4.7
2025-01-21 CVE-2024-57938 Integer Overflow or Wraparound vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one may set net.sctp.max_autoclose to UINT_MAX.
local
low complexity
linux CWE-190
5.5
2025-01-21 CVE-2024-11226 The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2025-01-21 CVE-2024-13230 The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the ‘SuperSocializerKey’ parameter in all versions up to, and including, 7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
5.3
2025-01-21 CVE-2024-13444 The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.
network
low complexity
CWE-352
6.1
2025-01-21 CVE-2024-43709 Allocation of Resources Without Limits or Throttling vulnerability in Elastic Elasticsearch
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
network
low complexity
elastic CWE-770
7.5
2025-01-21 CVE-2025-0450 The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2025-01-21 CVE-2024-12005 Cross-Site Request Forgery (CSRF) vulnerability in Infinitescript Wp-Bibtex
The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1.
network
low complexity
infinitescript CWE-352
6.1
2025-01-21 CVE-2024-12104 Missing Authorization vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and including, 4.0.9.
network
low complexity
atarim CWE-862
7.5