2025-09-30 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2024-5200 | Unknown - Postie | The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | CNA n/a CVSS3.1: 6.1 - MEDIUM | 0 | Exploitation: pocAutomatable: noTechnical Impact: partial | Postie < 1.9.71 - Admin+ Stored XSS | github |
| CVE-2021-21311 | vrana - adminer | Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9. | CVSS3.1: 7.2 - HIGH | 0 1 2 3 4 | Exploitation: activeAutomatable: yesTechnical Impact: partial | SSRF in adminer | github |
| CVE-2025-10341 | Perfex CRM - Perfex CRM | HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter ‘company’ at the endpoint ‘/clients/client/x. | CVSS4.0: 5.3 - MEDIUM | 0 | Exploitation: noneAutomatable: yesTechnical Impact: partial | HTML injection in Perfex CRM | github |
This post is licensed under CC BY 4.0 by the author.