CVE ID : CVE-2024-12313 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the ‘woo_compare_list’ cookie. This makes it possible for unauthenticated attackers…

CVE ID : CVE-2024-12322 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the ‘update_option’ function. This makes it possible for…

CVE ID : CVE-2024-12252 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated…

CVE ID : CVE-2024-12264 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user’s identity prior to…

CVE ID : CVE-2025-22395 Published : Jan. 7, 2025, 3:15 a.m. | 6 hours, 11 minutes ago Description : Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead…

CVE ID : CVE-2024-12402 Published : Jan. 7, 2025, 4:15 a.m. | 5 hours, 11 minutes ago Description : The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin…

CVE ID : CVE-2024-55076 Published : Jan. 6, 2025, 9:15 p.m. | 12 hours, 11 minutes ago Description : Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator’s password. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE-2024-20154: Critical RCE Flaw in MediaTek Chipsets Impacts Millions MediaTek has released its January 2025 Product Security Bulletin, addressing a range of security vulnerabilities affecting its various chipsets. The bulletin details flaws found in products ranging fr … Read more Published Date: Jan 07, 2025 (7 hours, 30 minutes ago) Vulnerabilities has been mentioned in this article.…

CVE-2024-43096 and More: Critical RCE Flaws Patched in Android Security Update The Android Security Bulletin for January 2025 highlights critical security vulnerabilities affecting millions of Android devices globally. With the 2025-01-05 security patch level, Google has address … Read more Published Date: Jan 07, 2025 (7 hours, 24 minutes ago) Vulnerabilities has been mentioned in this article.…

CVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to DoS and RCE Risks Two vulnerabilities have been discovered in Redis, the popular in-memory database, leaving millions of users at risk. CVE-2024-51741 allows attackers to trigger a denial-of-service (DoS) attack, while … Read more Published Date: Jan 07, 2025 (7 hours, 17 minutes ago) Vulnerabilities has been mentioned in…