-
CVE-2024-12195 – WP Project Manager SQL Injection Vulnerability
CVE ID : CVE-2024-12195 Published : Jan. 4, 2025, 12:15 p.m. | 1 hour, 26 minutes ago Description : The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the ‘project_id’ parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions…
-
CVE-2024-12221 – Turnkey bbPress by WeaverTheme WordPress Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-12221 Published : Jan. 4, 2025, 10:15 a.m. | 28 minutes ago Description : The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for…
-
CVE-2025-0205 – “Code-projects Online Shoe Store SQL Injection Vulnerability”
CVE ID : CVE-2025-0205 Published : Jan. 4, 2025, 9:15 a.m. | 1 hour, 8 minutes ago Description : A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to sql injection. It is possible to launch…
-
CVE-2024-12583 – Dynamics 365 Integration Plugin for WordPress Remote Code Execution and Arbitrary File Read Vulnerability
CVE ID : CVE-2024-12583 Published : Jan. 4, 2025, 9:15 a.m. | 1 hour, 8 minutes ago Description : The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and…
-
CVE-2024-10932 – WordPress Backup Migration PHP Object Injection Vulnerability
CVE ID : CVE-2024-10932 Published : Jan. 4, 2025, 8:15 a.m. | 2 hours, 8 minutes ago Description : The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the ‘recursive_unserialize_replace’ function. This makes it possible for unauthenticated attackers to inject…
-
CVE-2025-22376 – Apache Net::OAuth Client Nonce Generation Vulnerability
CVE ID : CVE-2025-22376 Published : Jan. 3, 2025, 10:15 p.m. | 12 hours, 8 minutes ago Description : In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong. Severity: 9.8 | CRITICAL Visit the link for more details,…
-
CVE-2024-13129 – “Roxy-WI OS Command Injection Vulnerability”
CVE ID : CVE-2024-13129 Published : Jan. 3, 2025, 10:15 p.m. | 12 hours, 8 minutes ago Description : A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection.…
-
CVE-2024-11944: TrueNAS CORE has Severe Directory Traversal Flaw
CVE-2024-11944: TrueNAS CORE has Severe Directory Traversal Flaw CVE-2024-11944 is a vulnerability identified in iXsystems TrueNAS CORE. This vulnerability is classified as a Directory Traversal and Remote Code Execution (RCE) flaw. The exploitation of this vulnera … Read more Published Date: Jan 04, 2025 (4 hours, 59 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-12108…
-
Data Centers Get an AI Upgrade: Microsoft’s $80 Billion Commitment
Data Centers Get an AI Upgrade: Microsoft’s $80 Billion Commitment In a recent blog post, Microsoft outlines a bold vision for the future of American technology and economic competitiveness, placing Artificial Intelligence (AI) at the center of this transformation. T … Read more Published Date: Jan 04, 2025 (6 hours, 58 minutes ago) Vulnerabilities has been mentioned…
-
Next.js Patches Denial-of-Service Vulnerability (CVE-2024-56332) in Server Actions
Next.js Patches Denial-of-Service Vulnerability (CVE-2024-56332) in Server Actions The popular React framework, Next.js, has addressed a security vulnerability that could have allowed attackers to launch denial-of-service (DoS) attacks against applications using Server Actions. The … Read more Published Date: Jan 04, 2025 (7 hours, 9 minutes ago) Vulnerabilities has been mentioned in this article. Go to Source