Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-09 CVE-2024-12848 The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6.
network
low complexity
CWE-862
8.8
8.8
2025-01-09 CVE-2024-5769 The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2.
network
low complexity
CWE-862
4.3
4.3
2025-01-09 CVE-2024-6155 The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files.
network
low complexity
CWE-862
6.4
6.4
2025-01-09 CVE-2024-13153 The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-09 CVE-2024-56826 A flaw was found in the OpenJPEG project.
local
low complexity
CWE-122
5.6
5.6
2025-01-09 CVE-2024-56827 A flaw was found in the OpenJPEG project.
local
low complexity
CWE-122
5.6
5.6
2025-01-09 CVE-2025-0306 A vulnerability was found in Ruby.
network
high complexity
CWE-385
7.4
7.4
2025-01-08 CVE-2025-0282 Out-of-bounds Write vulnerability in Ivanti products
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
network
high complexity
ivanti CWE-787
critical
 9.0
9.0
2025-01-08 CVE-2025-0283 Out-of-bounds Write vulnerability in Ivanti Connect Secure 7.1/7.4
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
local
high complexity
ivanti CWE-787
7.0
7.0
2025-01-08 CVE-2023-35685 Unspecified vulnerability in Google Android
In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code.
local
low complexity
google
7.8
7.8