We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
This is a
It contains information on publicly disclosed Cybersecurity vulnerabilities based on data from the CVE® Program, please see the official CVE website and CVE List V5 on GitHub.
Whenever applicable we show information from the Known Exploited Vulnerabilities Catalog provided by CISA as the authoritative source of vulnerabilities that have been exploited in the wild.
CVE-2024-12494
BMLT Meeting Map <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting: The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_meeting_map' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contribut...
CVE-2024-13583
Simple Gallery with Filter <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting: The Simple Gallery with Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'c2tw_sgwf' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with ...
CVE-2024-13545
Bootstrap Ultimate <= 1.4.9 - Unauthenticated Limited Local File Inclusion: The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obta...
CVE-2024-13683
Automate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery to Activation Status Update: The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the 'automate_hub' page. This makes it possible for unauthenticated attackers to update an activation status via a for...
CVE-2024-13680
Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection: The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'CP_EASY_FORM_WILL_APPEAR_HERE' shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authent...
CVE-2024-25994
PHOENIX CONTACT: Unintended script file upload in CHARX Series: An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only.
CVE-2024-25998
PHOENIX CONTACT: Command injection in the OCPP Service: An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation.
CVE-2024-26000
PHOENIX CONTACT: Out of bounds read only memory access: An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.
CVE-2024-26001
PHOENIX CONTACT: Out of bounds write only memory access: An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.
CVE-2024-28135
PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series: A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected.
CVE-2020-11023 JQuery JQuery
JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.
CVE-2024-50603 Aviatrix Controllers
Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
CVE-2025-21334 Microsoft Windows
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
CVE-2025-21333 Microsoft Windows
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges.
CVE-2024-55591 Fortinet FortiOS and FortiProxy
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Support options