CVE CyberSecurity Database News (Page 178)

Feb 28, 2025 CSRF WordPress API

CVE-2025-0801 - How a Missing Nonce Let Attackers Hijack RateMyAgent API Keys in WordPress

--- CVE-2025-0801 covers a worrying vulnerability found in the RateMyAgent Official plugin for WordPress — a tool used by real estate professionals to show client reviews

Feb 28, 2025 WordPress API Exploit

CVE-2024-13796 - How a WordPress Plugin Exposed User Emails & Sensitive Info

WordPress powers millions of websites, and plugins make it even more powerful. But even popular plugins can have serious bugs. This is the case with

Feb 28, 2025 API Exploit MITM

CVE-2025-25728 - Bosscomm IF740 Firmware Leak Exposes Sensitive Data in Plaintext API Calls

In early 2025, cybersecurity researchers disclosed a critical vulnerability—CVE-2025-25728—in the Bosscomm IF740 IoT device. This problem affects devices running Firmware versions 11001.7078

Feb 27, 2025

CVE-2024-51139 - Critical Buffer Overflow in DrayTek Vigor Routers’ HTTP CGI Parser

A serious security vulnerability has been publicly disclosed as CVE-2024-51139 affecting a wide range of DrayTek Vigor routers. This flaw is a buffer overflow found

Feb 27, 2025 API Exploit SQL PHP

CVE-2024-55160 - SQL Injection in GFast v2 to v3.2 via the `OrderBy` Parameter

In the ongoing battle for cybersecurity, SQL injection vulnerabilities remain a top threat for web applications. In this blog post, we focus on a newly