2025-12-24 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2021-47720 | Orangescrum - orangescrum | Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, project_id, uuid, and uniqid to potentially extract or modify database information. | CVSS4.0: 8.7 - HIGH CVSS3.1: 7.1 - HIGH | 0 1 2 | Exploitation: pocAutomatable: noTechnical Impact: partial | Orangescrum 1.8.0 Authenticated SQL Injection via Multiple Parameters | github |
| CVE-2025-25364 | n/a - n/a | A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges. | CNA n/a CVSS3.1: 8.4 - HIGH | 0 1 2 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2023-52210 | Tyche softwares - Product Delivery Date for WooCommerce – Lite | Vulnerability in Tyche softwares Product Delivery Date for WooCommerce – Lite.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.0. | CVSS3.1: 5.3 - MEDIUM | 0 | Exploitation: noneAutomatable: yesTechnical Impact: partial | WordPress Product Delivery Date for WooCommerce – Lite plugin <= 2.7.0 - Broken Access Control vulnerability | github |
This post is licensed under CC BY 4.0 by the author.