Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-16 CVE-2024-10789 The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5.
network
low complexity
CWE-352
4.3
4.3
2025-01-16 CVE-2024-11452 The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'business_categories' shortcode in all versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-16 CVE-2024-10970 The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43.
network
low complexity
CWE-94
5.4
5.4
2025-01-16 CVE-2025-0170 The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters.
network
low complexity
CWE-79
6.1
6.1
2025-01-16 CVE-2025-0455 The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-01-16 CVE-2025-0456 The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords.
network
low complexity
CWE-306
critical
 9.8
9.8
2025-01-16 CVE-2025-0457 The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.
network
low complexity
CWE-78
8.8
8.8
2025-01-15 CVE-2024-53407 Untrusted Search Path vulnerability in Phiewer 4.1.0
In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data.
local
low complexity
phiewer CWE-426
3.3
3.3
2025-01-15 CVE-2024-55503 Untrusted Search Path vulnerability in Termius
An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component.
local
low complexity
termius CWE-426
3.3
3.3
2025-01-15 CVE-2024-57726 Unspecified vulnerability in Simple-Help Simplehelp
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions.
network
low complexity
simple-help
critical
 9.9
9.9