Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-28 | CVE-2025-23055 | Unspecified vulnerability in Arubanetworks Fabric Composer A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. | 5.4 |
| 2025-01-28 | CVE-2025-23056 | Unspecified vulnerability in Arubanetworks Fabric Composer A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. | 5.4 |
| 2025-01-28 | CVE-2025-23057 | Unspecified vulnerability in Arubanetworks Fabric Composer A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. | 5.4 |
| 2025-01-28 | CVE-2024-11956 | A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. | 4.7 |
| 2025-01-28 | CVE-2025-0752 | A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. | 6.3 |
| 2025-01-28 | CVE-2025-0754 | The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. | 4.3 |
| 2025-01-28 | CVE-2024-13527 | Cross-site Scripting vulnerability in Philantro The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-28 | CVE-2024-13521 | Cross-Site Request Forgery (CSRF) vulnerability in Ilghera Mailup Auto Subscription The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. | 5.4 |
| 2025-01-28 | CVE-2025-0321 | Cross-site Scripting vulnerability in Wpmet Elementskit The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-28 | CVE-2024-13448 | Unrestricted Upload of File with Dangerous Type vulnerability in Themerex Addons The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. | 9.8 |