CVE Alert: CVE-2024-45643
Vulnerability Summary:
IBM Security QRadar 3.12 EDR employs weaker than expected cryptographic algorithms. This vulnerability could allow an attacker to decrypt sensitive credential information, compromising the integrity and confidentiality of the data.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 5.9 (Medium)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2024-40590
Vulnerability Summary:
An improper certificate validation vulnerability (CWE-295) exists in FortiPortal versions 7.4.0, 7.2.4, and below. When connecting to FortiManager or FortiAnalyzer devices, an unauthenticated attacker in a Man-in-the-Middle position may intercept and tamper with encrypted communications.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 4.8 (Medium)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2024-45638
Vulnerability Summary:
The IBM Security QRadar 3.12 EDR has been found to store user credentials in plain text. This vulnerability poses a risk to local privileged users who can read these credentials, leading to unauthorized access.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 4.1 (Medium)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2025-2000
Vulnerability Summary:
A maliciously crafted QPY file can execute arbitrary code without privilege escalation when deserialized by Qiskit versions 0.18.0 through 1.4.1. This vulnerability allows an attacker to embed arbitrary Python code into the QPY file, which could be executed during the loading process.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 9.8 (Critical)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2025-27595
Vulnerability Summary:
This vulnerability affects a device that uses an unencrypted, proprietary protocol for communication. Configuration data and authentication credentials can be intercepted, allowing an attacker to perform a pass-the-hash attack.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 7.5 (High)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2024-13773
Vulnerability Summary:
The Civi – Job Board & Freelance Marketplace WordPress Theme plugin is vulnerable to authentication bypass in all versions up to 2.1.4. This allows unauthenticated attackers to change the passwords of arbitrary users, including administrators, given knowledge of the username.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 9.8 (Critical)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2025-2232
Vulnerability Summary:
The Realteo – Real Estate Plugin by Purethemes for WordPress is vulnerable to authentication bypass in all versions up to 1.2.8. Insufficient role restrictions in the do_register_user function allow unauthenticated attackers to register an account with the Administrator role.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 9.8 (Critical)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2025-27594
Vulnerability Summary:
The device utilizes an unencrypted proprietary protocol for communication. This allows for the interception of authentication hashes, enabling attackers to log into the device through pass-the-hash techniques.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 7.5 (High)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2024-13771
Vulnerability Summary:
The Civi – Job Board & Freelance Marketplace WordPress Theme plugin is vulnerable to authentication bypass in all versions up to 2.1.4. This vulnerability allows unauthenticated attackers to change passwords for arbitrary users, including administrators, by knowing the victim’s username.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 9.8 (Critical)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2024-12810
Vulnerability Summary:
The JobCareer | Job Board Responsive WordPress Theme is vulnerable to unauthorized access, modification, and data loss due to missing capability checks in all versions up to 7.1. Authenticated attackers with Subscriber-level access and above can delete arbitrary files, generate backups, restore backups, update theme options, and reset options to default settings.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 8.8 (High)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2024-13772
Vulnerability Summary:
The Civi – Job Board & Freelance Marketplace WordPress Theme plugin is vulnerable to authentication bypass in all versions up to 2.1.4 due to a lack of randomization in password creation during Single Sign-On. Unauthenticated attackers can change passwords of Candidate-level users if they know the username.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 5.6 (Medium)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2024-8176
Vulnerability Summary:
A stack overflow vulnerability exists in the libexpat library due to improper handling of recursive entity expansion in XML documents. This can lead to denial of service (DoS) or exploitable memory corruption.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 7.5 (High)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2024-26006
Vulnerability Summary:
An improper neutralization of input during web page generation in FortiOS and FortiProxy may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 7.5 (High)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2024-13407
Vulnerability Summary:
The Omnipress plugin for WordPress is vulnerable to information exposure due to insufficient restrictions on which posts can be included. Authenticated attackers can extract data from password-protected, private, or draft posts.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 4.3 (Medium)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2025-1507
Vulnerability Summary:
The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the handle_actions() function. Unauthenticated attackers can disable all features.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 5.3 (Medium)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2025-0952
Vulnerability Summary:
The Eco Nature – Environment & Ecology WordPress Theme is vulnerable to unauthorized modification of data that can lead to denial of service due to a missing capability check on the cmsmasters_hide_admin_notice AJAX action. Authenticated attackers can update option values to ‘hide’, creating errors and denying service to legitimate users.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 8.1 (High)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2024-13913
Vulnerability Summary:
The InstaWP Connect plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation. Unauthenticated attackers can include and execute arbitrary files on the server, leading to code execution or sensitive data exposure.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 8.8 (High)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2024-13824
Vulnerability Summary:
The CiyaShop – Multipurpose WooCommerce Theme is vulnerable to PHP Object Injection via deserialization of untrusted input. This can allow unauthenticated attackers to inject a PHP Object, leading to potential file deletion, data retrieval, or code execution if a suitable POP chain exists.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 9.8 (Critical)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2025-2289
Vulnerability Summary:
The Zegen – Church WordPress Theme is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints. Authenticated attackers can import, export, and update theme options.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 4.3 (Medium)
Exploit Status:
Not Exploited
References:
CVE Alert: CVE-2025-2103
Vulnerability Summary:
The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the theironMusic_ajax() function in all versions up to and including 1.6.11. This vulnerability allows authenticated attackers with Subscriber-level access and above to update arbitrary options on the WordPress site. Attackers can exploit this to change the default role for new registrations to Administrator, enabling them to gain administrative access to the vulnerable site.
Affected Endpoints:
No affected endpoints listed.
CVSS Score:
CVSS v3 Score: 8.8 (High)
Exploit Status:
Not Exploited
