2025-07-23 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2012-10020 | WebMovementLLC - FoxyPress | The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to, and including, 0.4.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | CVSS3.1: 9.8 - CRITICAL | 0 1 2 3 4 | Exploitation: noneAutomatable: noTechnical Impact: partial | FoxyPress <= 0.4.2.1 - Arbitrary File Upload | github |
| CVE-2024-38335 | IBM - Security QRadar Network Threat Analytics | IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources. | CVSS3.1: 4.5 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | IBM Security QRadar Network Threat Analytics denial of service | github |
| CVE-2024-55040 | n/a - n/a | Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET requests to /@.xml, placing payloads in the g7200, g7300, g4601, and g1F02 parameters. | CNA n/a CVSS3.1: 6.1 - MEDIUM | 0 1 2 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2015-10140 | Unknown - Ajax Load More | The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files. | CNA n/a CVSS3.1: 8.8 - HIGH | 0 | Exploitation: pocAutomatable: noTechnical Impact: total | Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion | github |
| CVE-2025-30746 | Oracle Corporation - Oracle iStore | Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iStore accessible data as well as unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | CVSS3.1: 6.1 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
This post is licensed under CC BY 4.0 by the author.