Alireza Gharib Blog

CVE ID : CVE-2025-21380 Published : Jan. 9, 2025, 11:15 p.m. | 14 hours, 37 minutes ago Description : Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to…

CVE ID : CVE-2025-21385 Published : Jan. 9, 2025, 10:15 p.m. | 15 hours, 37 minutes ago Description : A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more……

CVE ID : CVE-2024-10215 Published : Jan. 9, 2025, 8:15 p.m. | 17 hours, 37 minutes ago Description : The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system…

CVE ID : CVE-2025-21628 Published : Jan. 9, 2025, 6:15 p.m. | 19 hours, 37 minutes ago Description : Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of query_operator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector…

CVE ID : CVE-2025-22542 Published : Jan. 9, 2025, 4:16 p.m. | 21 hours, 36 minutes ago Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ofek Nakar Virtual Bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through 1.0.0. Severity: 9.3 | CRITICAL Visit the link for…

CVE ID : CVE-2025-22540 Published : Jan. 9, 2025, 4:16 p.m. | 21 hours, 36 minutes ago Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sebastian Orellana Emailing Subscription allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through 1.4.1. Severity: 9.3 | CRITICAL Visit the link for…

CVE ID : CVE-2025-22537 Published : Jan. 9, 2025, 4:16 p.m. | 21 hours, 36 minutes ago Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in traveller11 Google Maps Travel Route allows SQL Injection.This issue affects Google Maps Travel Route: from n/a through 1.3.1. Severity: 8.5 | HIGH Visit the…

CVE ID : CVE-2025-22535 Published : Jan. 9, 2025, 4:16 p.m. | 21 hours, 36 minutes ago Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jonathan Kern WPListCal allows SQL Injection.This issue affects WPListCal: from n/a through 1.3.5. Severity: 8.5 | HIGH Visit the link for more details, such…

CVE ID : CVE-2025-22508 Published : Jan. 9, 2025, 4:16 p.m. | 21 hours, 36 minutes ago Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through 1.1. Severity: 8.1 | HIGH…