CVE-2025-21524 |
Description: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-51919 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-51888 |
Description: Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-51818 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-49688 |
Description: Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-49655 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-32555 |
Description: Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-13091 |
Description: The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 22nd, 2025 (5 months ago)
|
CVE-2025-23220 |
Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 21st, 2025 (5 months ago)
|
CVE-2025-23219 |
Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 21st, 2025 (5 months ago)
|