In Vaultwarden versions prior to 1.33.0 a high severity vulnerability CVE-2025-24365 was detected. This vulnerability allows attackers to obtain owner rights of another organization if they know the ID of the target organization and are already the owner or admin of another organization. To address this issue, users should upgrade to version 1.33.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24365.
Read more Security
In Dolibarr version 21.0.0-beta a medium severity vulnerability CVE-2024-55228 was detected. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title parameter of the Product module. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55228.
Read more ERP
In WooCommerce PDF Invoices, Packing Slips, Delivery Notes, and Shipping Labels plugin versions 4.7.1 and prior a medium severity vulnerability CVE-2025-24644 was detected. This vulnerability allows attackers to execute a stored cross-site scripting (XSS) attack due to improper neutralization of input during web page generation. To address this issue, users should update the WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin to version 4.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24644.
Read more E-commerce
In WC Product Table WooCommerce Product Table Lite versions 3.8.7 and prior a medium severity vulnerability CVE-2025-24596 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels, leading to unauthorized actions. To address this issue, users should upgrade WordPress WooCommerce Product Table Lite wordpress plugin to a version 3.9.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24596.
Read more E-commerce
In phpMyAdmin versions from 5.0.0 before 5.2.2 a medium severity vulnerability CVE-2025-24529 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) through the Insert tab. To address this issue, users should upgrade phpMyAdmin to version 5.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24529.
Read more Database
In Umbraco versions from 14.0.0 before 14.3.2 and from 15.0.0 before 15.1.2 a medium severity vulnerability CVE-2025-24012 was detected. This vulnerability allows attackers to exploit cross-site scripting (XSS) when viewing certain localized backoffice components. To address this issue, users should upgrade Umbraco to versions 14.3.2 or 15.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24012.
Read more CMS
In Umbraco version 14.3.1 a medium severity vulnerability CVE-2024-55488 was detected. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload, resulting in stored cross-site scripting (XSS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55488.
Read more CMS
In Meta Data and Taxonomies Filter plugin for WordPress versions up to and including 1.3.3.6 a medium severity vulnerability CVE-2024-13340 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts into pages via the ‘mdf_results_by_ajax’ shortcode, due to insufficient input sanitization and output escaping on user-supplied attributes. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13340.
Read more CMS
In phpMyAdmin versions from 5.0.0 before 5.2.2 a medium severity vulnerability CVE-2025-24530 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) by using a crafted table or database name. To address this issue, users should upgrade to version 5.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24530.
Read more Database