| 2025-01-18 | CVE-2024-13184 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-18 | CVE-2025-0308 | SQL Injection vulnerability in Ultimatemember Ultimate Member
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-18 | CVE-2025-23209 | Code Injection vulnerability in Craftcms Craft CMS
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. | 8.1 |
| 2025-01-18 | CVE-2018-9389 | Out-of-bounds Write vulnerability in Google Android
In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. | 7.8 |
| 2025-01-17 | CVE-2025-0530 | Cross-site Scripting vulnerability in Anisha JOB Recruitment 1.0
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. | 8.2 |
| 2025-01-17 | CVE-2025-0531 | SQL Injection vulnerability in Fabianros Chat System 1.0
A vulnerability was found in code-projects Chat System 1.0 and classified as critical. | 7.5 |
| 2025-01-17 | CVE-2025-0528 | Injection vulnerability in Tenda Ac10 Firmware, Ac18 Firmware and AC8 Firmware
A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. | 7.2 |
| 2025-01-17 | CVE-2025-0529 | Out-of-bounds Write vulnerability in Fabianros Train Ticket Reservation System 1.0
A vulnerability, which was classified as critical, was found in code-projects Train Ticket Reservation System 1.0. | 7.8 |
| 2025-01-17 | CVE-2024-13377 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. | 7.2 |
| 2025-01-17 | CVE-2024-13333 | The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. | 7.5 |