Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2024-56938 | Cross-site Scripting vulnerability in Learndash 6.7.1 LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the materials-content class. | 5.4 |
| 2025-02-12 | CVE-2024-56939 | Cross-site Scripting vulnerability in Learndash 6.7.1 LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ld-comment-body class. | 5.4 |
| 2025-02-12 | CVE-2024-56940 | Unspecified vulnerability in Learndash 6.7.1 An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service (DoS) via excessive file uploads. | 7.5 |
| 2025-02-12 | CVE-2024-57602 | Unspecified vulnerability in Easyappointments 1.5.0 An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file. | 9.8 |
| 2025-02-12 | CVE-2025-1228 | A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. | 4.3 |
| 2025-02-12 | CVE-2025-1229 | A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. | 6.3 |
| 2025-02-12 | CVE-2024-12673 | An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1) local low complexity | 7.8 |
| 2025-02-12 | CVE-2025-0108 | Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. | 9.1 |
| 2025-02-12 | CVE-2025-0111 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software. | 6.5 |
| 2025-02-12 | CVE-2025-1226 | A vulnerability was found in ywoa up to 2024.07.03. | 5.3 |