Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-11 CVE-2024-12627 The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the capture_email AJAX action.
network
high complexity
CWE-502
7.5
2025-01-10 CVE-2025-23110 Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6
An issue was discovered in REDCap 14.9.6.
network
low complexity
vanderbilt CWE-79
6.1
2025-01-10 CVE-2025-23111 Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6
An issue was discovered in REDCap 14.9.6.
network
low complexity
vanderbilt CWE-79
6.1
2025-01-10 CVE-2025-23112 Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6
An issue was discovered in REDCap 14.9.6.
network
low complexity
vanderbilt CWE-79
6.1
2025-01-10 CVE-2025-23113 Cross-Site Request Forgery (CSRF) vulnerability in Vanderbilt Redcap 14.9.6
An issue was discovered in REDCap 14.9.6.
network
low complexity
vanderbilt CWE-352
8.8
2025-01-10 CVE-2024-56511 Unspecified vulnerability in Dataease
DataEase is an open source data visualization analysis tool.
network
low complexity
dataease
critical
9.8
2025-01-10 CVE-2025-23022 Integer Overflow or Wraparound vulnerability in Freetype 2.8.1
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.
local
low complexity
freetype CWE-190
6.2
2025-01-10 CVE-2024-41787 IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition.
network
low complexity
CWE-367
critical
9.8
2025-01-10 CVE-2024-13318 Unspecified vulnerability in Smartdatasoft Essential WP Real Estate
The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3.
network
low complexity
smartdatasoft
5.3
2025-01-10 CVE-2024-13183 Cross-site Scripting vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping.
network
low complexity
themeisle CWE-79
5.4