CVE ID : CVE-2025-22621 Published : Jan. 7, 2025, 5:15 p.m. | 2 hours, 30 minutes ago Description : In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user…

CVE ID : CVE-2025-22500 Published : Jan. 7, 2025, 5:15 p.m. | 2 hours, 30 minutes ago Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ali Ali Alpha Price Table For Elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through 1.0.8. Severity: 6.5 | MEDIUM Visit…

CVE ID : CVE-2025-22519 Published : Jan. 7, 2025, 4:15 p.m. | 3 hours, 29 minutes ago Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29. Severity: 8.5 | HIGH Visit the…

CVE ID : CVE-2024-53800 Published : Jan. 7, 2025, 4:15 p.m. | 3 hours, 30 minutes ago Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through 4.15. Severity: 8.1 | HIGH Visit the link for…

CVE ID : CVE-2025-21624 Published : Jan. 7, 2025, 4:15 p.m. | 3 hours, 29 minutes ago Description : ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 – 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks,…

CVE ID : CVE-2025-22348 Published : Jan. 7, 2025, 11:15 a.m. | 8 hours, 30 minutes ago Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in RTO GmbH DynamicTags allows Blind SQL Injection.This issue affects DynamicTags: from n/a through 1.4.0. Severity: 8.5 | HIGH Visit the link for more details,…

CVE ID : CVE-2024-40702 Published : Jan. 7, 2025, 4:15 p.m. | 3 hours, 30 minutes ago Description : IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation. Severity: 8.2 | HIGH Visit the link for…

CVE ID : CVE-2024-56291 Published : Jan. 7, 2025, 11:15 a.m. | 8 hours, 30 minutes ago Description : Deserialization of Untrusted Data vulnerability in plainware.com PlainInventory allows Object Injection.This issue affects PlainInventory: from n/a through 3.1.6. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go…

CVE ID : CVE-2025-22347 Published : Jan. 7, 2025, 11:15 a.m. | 8 hours, 30 minutes ago Description : Cross-Site Request Forgery (CSRF) vulnerability in BannerSky.com BSK Forms Blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through 3.9. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected…