Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-08 CVE-2025-20167 A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
CWE-86
5.4
5.4
2025-01-08 CVE-2025-20168 A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
CWE-86
5.4
5.4
2025-01-08 CVE-2025-20123 Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input.
network
low complexity
CWE-79
4.8
4.8
2025-01-08 CVE-2025-21102 Insufficiently Protected Credentials vulnerability in Dell products
Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability.
local
low complexity
dell CWE-522
4.4
4.4
2025-01-08 CVE-2024-11423 The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons.
network
low complexity
CWE-862
7.5
7.5
2025-01-08 CVE-2024-11830 The PDF Flipbook, 3D Flipbook—DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data.
network
low complexity
CWE-79
6.4
6.4
2025-01-08 CVE-2024-12337 The Shipping via Planzer for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘processed-ids’ parameter in all versions up to, and including, 1.0.25 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-08 CVE-2024-12712 The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8.
network
low complexity
CWE-862
5.3
5.3
2025-01-08 CVE-2024-12853 The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10.
network
low complexity
CWE-434
8.8
8.8
2025-01-08 CVE-2024-12854 The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0.
network
low complexity
CWE-434
8.8
8.8