Poster - CVE CyberSecurity Database News (Page 265)

Feb 1, 2025 WordPress API Exploit Apache

CVE-2024-12041 - Unauthenticated User Data Exposure in The Directorist WordPress Plugin (<= 8..12) – Full Breakdown, Code Demo, and Remediation

In February 2024, a serious vulnerability was discovered in the popular WordPress plugin Directorist: AI-Powered Business Directory with Classified Ads Listings. The flaw, tagged CVE-2024-12041,

Jan 31, 2025 API Exploit PHP

CVE-2024-53355 - EasyVirt DCScope & CO2Scope Multiple Unauthorized Access Control Flaws — Full Exploit Analysis

In June 2024, the vulnerabilities tracked as CVE-2024-53355 were disclosed, affecting EasyVirt DCScope up to version 8.6. and CO2Scope up to version 1.3.

Jan 31, 2025

CVE-2025-0938 - Python’s urllib.parse Flaw with Square Brackets in Domain Names (Exclusive Post)

Date: June 2024 Status: Public Affected Python versions: Python 3 (before 3.12.4 & 3.11.9) CWE: CWE-20 (Improper Input Validation) Summary A

Jan 31, 2025 Exploit SQL PHP

CVE-2025-22957 - Exploiting a Critical SQL Injection in ZZCMS <= 2023 (Unauthenticated)

ZZCMS is a widely used, open-source content management system popular among small businesses and personal blogs in Asia. Recently, a nasty vulnerability has been discovered

Jan 31, 2025

CVE-2025-23001 - Host Header Injection in CTFd 3.7.5 — How This Severe Bug Endangers Your CTF Platform

--- CTFd is one of the most popular platforms for hosting Capture The Flag (CTF) competitions — thousands of schools, companies, and security communities use it.