High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects–Campaign Management System Platform for Women |
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 7.3 | CVE-2025-0533 |
| 1000 Projects–Campaign Management System Platform for Women |
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 7.3 | CVE-2025-0534 |
| adobe — illustrator |
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21134 |
| adobe — substance_3d_stager |
Substance3D – Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21128 |
| adobe — substance_3d_stager |
Substance3D – Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21129 |
| adobe — substance_3d_stager |
Substance3D – Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21130 |
| adobe — substance_3d_stager |
Substance3D – Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21131 |
| adobe — substance_3d_stager |
Substance3D – Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21132 |
| Adobe–Animate |
Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21135 |
| Adobe–Illustrator on iPad |
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21133 |
| Adobe–Photoshop Desktop |
Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21122 |
| Adobe–Photoshop Desktop |
Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application. | 2025-01-14 | 7.8 | CVE-2025-21127 |
| Adobe–Substance3D – Designer |
Substance3D – Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21136 |
| Adobe–Substance3D – Designer |
Substance3D – Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21137 |
| Adobe–Substance3D – Designer |
Substance3D – Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21138 |
| Adobe–Substance3D – Designer |
Substance3D – Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21139 |
| Adrian Moreno–WP Lyrics |
Cross-Site Request Forgery (CSRF) vulnerability in Adrian Moreno WP Lyrics allows Stored XSS.This issue affects WP Lyrics: from n/a through 0.4.1. | 2025-01-16 | 7.1 | CVE-2025-23533 |
| Albdesign–Simple Project Manager |
Cross-Site Request Forgery (CSRF) vulnerability in Albdesign Simple Project Manager allows Stored XSS.This issue affects Simple Project Manager: from n/a through 1.2.2. | 2025-01-16 | 7.1 | CVE-2025-23497 |
| Aleapp–WP Cookies Alert |
Cross-Site Request Forgery (CSRF) vulnerability in Aleapp WP Cookies Alert allows Cross Site Request Forgery.This issue affects WP Cookies Alert: from n/a through 1.1.1. | 2025-01-16 | 7.1 | CVE-2025-23821 |
| Alex Volkov–Chatter |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1. | 2025-01-16 | 7.1 | CVE-2025-23760 |
| Alexey Trofimov–Captchelfie Captcha by Selfie |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alexey Trofimov Captchelfie – Captcha by Selfie allows Reflected XSS.This issue affects Captchelfie – Captcha by Selfie: from n/a through 1.0.7. | 2025-01-16 | 7.1 | CVE-2025-23620 |
| AlphaBPO–Easy Code Snippets |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AlphaBPO Easy Code Snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through 1.0.2. | 2025-01-16 | 7.6 | CVE-2025-23780 |
| AlTi5–AlT Report |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AlTi5 AlT Report allows Reflected XSS.This issue affects AlT Report: from n/a through 1.12.0. | 2025-01-16 | 7.1 | CVE-2025-23432 |
| altimawebsystems.com–Altima Lookbook Free for WooCommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in altimawebsystems.com Altima Lookbook Free for WooCommerce allows Reflected XSS.This issue affects Altima Lookbook Free for WooCommerce: from n/a through 1.1.0. | 2025-01-16 | 7.1 | CVE-2025-23429 |
| Amazon–WorkSpaces Client |
An issue in the native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle. | 2025-01-15 | 7.5 | CVE-2025-0500 |
| Amazon–WorkSpaces Client |
An issue in the native clients for Amazon WorkSpaces Clients when running PCoIP protocol may allow an attacker to access remote sessions via man-in-the-middle. | 2025-01-15 | 7.5 | CVE-2025-0501 |
| AMI–AptioV |
APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device. | 2025-01-14 | 7.5 | CVE-2024-42444 |
| Andrea Brandi–Twitter Shortcode |
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Brandi Twitter Shortcode allows Stored XSS.This issue affects Twitter Shortcode: from n/a through 0.9. | 2025-01-16 | 7.1 | CVE-2025-23618 |
| Andy Chapman–ECT Add to Cart Button |
Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Add to Cart Button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through 1.4. | 2025-01-16 | 7.1 | CVE-2025-23471 |
| anmari–amr personalise |
Cross-Site Request Forgery (CSRF) vulnerability in anmari amr personalise allows Cross Site Request Forgery.This issue affects amr personalise: from n/a through 2.10. | 2025-01-16 | 7.1 | CVE-2025-23880 |
| Anshul Sojatia–Scan External Links |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Anshul Sojatia Scan External Links allows Reflected XSS.This issue affects Scan External Links: from n/a through 1.0. | 2025-01-13 | 7.1 | CVE-2025-22583 |
| Apple–iOS and iPadOS |
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection. | 2025-01-15 | 9.1 | CVE-2024-44136 |
| Apple–macOS |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges. | 2025-01-15 | 8.4 | CVE-2024-40771 |
| Apple–tvOS |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution. | 2025-01-15 | 7.8 | CVE-2024-27856 |
| Arm–SCP-Firmware |
Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP | 2025-01-14 | 7.5 | CVE-2024-11864 |
| Artem Anikeev–Hack me if you can |
Cross-Site Request Forgery (CSRF) vulnerability in Artem Anikeev Hack me if you can allows Stored XSS.This issue affects Hack me if you can: from n/a through 1.2. | 2025-01-16 | 7.1 | CVE-2025-23713 |
| Artem Anikeev–Slider for Writers |
Cross-Site Request Forgery (CSRF) vulnerability in Artem Anikeev Slider for Writers allows Stored XSS.This issue affects Slider for Writers: from n/a through 1.3. | 2025-01-16 | 7.1 | CVE-2025-23692 |
| ArtkanMedia–Book a Place |
Cross-Site Request Forgery (CSRF) vulnerability in ArtkanMedia Book a Place allows Stored XSS.This issue affects Book a Place: from n/a through 0.7.1. | 2025-01-16 | 7.1 | CVE-2025-23690 |
| B&R Industrial Automation–Automation Runtime |
A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices. | 2025-01-15 | 7.5 | CVE-2024-8603 |
| Bas Matthee–LSD Google Maps Embedder |
Cross-Site Request Forgery (CSRF) vulnerability in Bas Matthee LSD Google Maps Embedder allows Cross Site Request Forgery.This issue affects LSD Google Maps Embedder: from n/a through 1.1. | 2025-01-16 | 7.1 | CVE-2025-23871 |
| Belledonne Communications–Linphone-Desktop |
Belledonne Communications Linphone-Desktop is vulnerable to a NULL Dereference vulnerability, which could allow a remote attacker to create a denial-of-service condition. | 2025-01-17 | 7.5 | CVE-2025-0430 |
| Benjamin Guy–Style Admin |
Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Guy Style Admin allows Stored XSS.This issue affects Style Admin: from n/a through 1.4.3. | 2025-01-16 | 7.1 | CVE-2025-23801 |
| Berkman Center for Internet & Society–Amber |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Berkman Center for Internet & Society Amber allows Reflected XSS.This issue affects Amber: from n/a through 1.4.4. | 2025-01-15 | 7.1 | CVE-2025-22754 |
| BlackBerry–QNX Software Development Platform (SDP) |
Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec. | 2025-01-14 | 9.8 | CVE-2024-48856 |
| BlackBerry–QNX Software Development Platform (SDP) |
NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec. | 2025-01-14 | 7.5 | CVE-2024-48857 |
| BlackBerry–QNX Software Development Platform (SDP) |
Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec. | 2025-01-14 | 7.5 | CVE-2024-48858 |
| Bold–Bold pagos en linea |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bold Bold pagos en linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through 3.1.0. | 2025-01-15 | 7.1 | CVE-2025-22793 |
| boldgrid — w3_total_cache |
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin’s nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications. | 2025-01-14 | 8.5 | CVE-2024-12365 |
| Braulio Aquino Garca–Send to Twitter |
Cross-Site Request Forgery (CSRF) vulnerability in Braulio Aquino GarcÃa Send to Twitter allows Stored XSS.This issue affects Send to Twitter: from n/a through 1.7.2. | 2025-01-16 | 7.1 | CVE-2025-23691 |
| Brian Novotny Creative Software Design Solutions–Marquee Style RSS News Ticker |
Cross-Site Request Forgery (CSRF) vulnerability in Brian Novotny – Creative Software Design Solutions Marquee Style RSS News Ticker allows Cross Site Request Forgery.This issue affects Marquee Style RSS News Ticker: from n/a through 3.2.0. | 2025-01-16 | 7.1 | CVE-2025-23424 |
| C4.yberPower–PowerPanel Business |
A denial-of-service vulnerability exists in CyberPower PowerPanel Business (PPB) 4.11.0. An unauthenticated remote attacker can restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP port 2003. The attacker can repeatedly restart ppbd.exe to render it unavailable. | 2025-01-15 | 7.5 | CVE-2024-11322 |
| Capa–Wp-Scribd-List |
Cross-Site Request Forgery (CSRF) vulnerability in Capa Wp-Scribd-List allows Stored XSS.This issue affects Wp-Scribd-List: from n/a through 1.2. | 2025-01-16 | 7.1 | CVE-2025-23436 |
| Chris Roberts–Annie |
Cross-Site Request Forgery (CSRF) vulnerability in Chris Roberts Annie allows Cross Site Request Forgery.This issue affects Annie: from n/a through 2.1.1. | 2025-01-16 | 7.1 | CVE-2025-23884 |
| code-projects–Admission Management System |
A vulnerability classified as critical was found in code-projects Admission Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /signupconfirm.php. The manipulation of the argument in_eml leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-17 | 7.3 | CVE-2025-0527 |
| code-projects–Fantasy-Cricket |
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-19 | 7.3 | CVE-2025-0564 |
| CodeBard–CodeBard Help Desk |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeBard CodeBard Help Desk allows Reflected XSS.This issue affects CodeBard Help Desk: from n/a through 1.1.2. | 2025-01-15 | 7.1 | CVE-2025-22760 |
| ComMotion–Course Booking System |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5. | 2025-01-15 | 9.3 | CVE-2025-22785 |
| Convoy–Media Category Library |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Convoy Media Category Library allows Reflected XSS.This issue affects Media Category Library: from n/a through 2.7. | 2025-01-13 | 7.1 | CVE-2025-22344 |
| Cornea Alexandru–Category Custom Fields |
Cross-Site Request Forgery (CSRF) vulnerability in Cornea Alexandru Category Custom Fields allows Cross Site Request Forgery.This issue affects Category Custom Fields: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23822 |
| craftcms–cms |
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue. | 2025-01-18 | 8 | CVE-2025-23209 |
| CS : ABS-Hosting.nl / Walchum.net–Free MailClient FMC |
Cross-Site Request Forgery (CSRF) vulnerability in CS : ABS-Hosting.nl / Walchum.net Free MailClient FMC allows Stored XSS.This issue affects Free MailClient FMC: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23703 |
| D-Link–DIR-823X |
A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 7.5 | CVE-2025-0492 |
| Dan Cameron–Add RSS |
Cross-Site Request Forgery (CSRF) vulnerability in Dan Cameron Add RSS allows Stored XSS.This issue affects Add RSS: from n/a through 1.5. | 2025-01-16 | 7.1 | CVE-2025-23895 |
| Daniel Powney–Hotspots Analytics |
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Hotspots Analytics allows Stored XSS.This issue affects Hotspots Analytics: from n/a through 4.0.12. | 2025-01-16 | 7.1 | CVE-2025-23848 |
| Dave Konopka, Martin Scharm–UpDownUpDown |
Cross-Site Request Forgery (CSRF) vulnerability in Dave Konopka, Martin Scharm UpDownUpDown allows Stored XSS.This issue affects UpDownUpDown: from n/a through 1.1. | 2025-01-16 | 7.1 | CVE-2025-23572 |
| David Hamilton–OrangeBox |
Cross-Site Request Forgery (CSRF) vulnerability in David Hamilton OrangeBox allows Cross Site Request Forgery.This issue affects OrangeBox: from n/a through 3.0.0. | 2025-01-16 | 7.1 | CVE-2025-23800 |
| David Marcucci–Password Protect Plugin for WordPress |
Cross-Site Request Forgery (CSRF) vulnerability in David Marcucci Password Protect Plugin for WordPress allows Stored XSS.This issue affects Password Protect Plugin for WordPress: from n/a through 0.8.1.0. | 2025-01-16 | 7.1 | CVE-2025-23435 |
| Detlef Stver–WPEX Replace DB Urls |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Detlef Stöver WPEX Replace DB Urls allows Reflected XSS.This issue affects WPEX Replace DB Urls: from n/a through 0.4.0. | 2025-01-13 | 7.1 | CVE-2025-22586 |
| digfish–Geotagged Media |
Cross-Site Request Forgery (CSRF) vulnerability in digfish Geotagged Media allows Stored XSS.This issue affects Geotagged Media: from n/a through 0.3.0. | 2025-01-16 | 7.1 | CVE-2025-23558 |
| discourse–discourse-ai |
Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has been addressed in commit `92f122c`. Users are advised to update. Users unable to update may remove all groups from `ai bot public sharing allowed groups` site setting. | 2025-01-14 | 9 | CVE-2024-54142 |
| Dominic Fallows–DF Draggable |
Cross-Site Request Forgery (CSRF) vulnerability in Dominic Fallows DF Draggable allows Stored XSS.This issue affects DF Draggable: from n/a through 1.13.2. | 2025-01-16 | 7.1 | CVE-2025-23708 |
| Don Kukral–Email on Publish |
Cross-Site Request Forgery (CSRF) vulnerability in Don Kukral Email on Publish allows Stored XSS.This issue affects Email on Publish: from n/a through 1.5. | 2025-01-16 | 7.1 | CVE-2025-23673 |
| DSmidgy–HTTP to HTTPS link changer by Eyga.net |
Cross-Site Request Forgery (CSRF) vulnerability in DSmidgy HTTP to HTTPS link changer by Eyga.net allows Stored XSS.This issue affects HTTP to HTTPS link changer by Eyga.net: from n/a through 0.2.4. | 2025-01-16 | 7.1 | CVE-2025-23677 |
| dueclic–turboSMTP |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in dueclic turboSMTP allows Reflected XSS.This issue affects turboSMTP: from n/a through 4.6. | 2025-01-15 | 7.1 | CVE-2025-22753 |
| EdesaC–Extra Options Favicons |
Cross-Site Request Forgery (CSRF) vulnerability in EdesaC Extra Options – Favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through 1.1.0. | 2025-01-16 | 7.1 | CVE-2025-23508 |
| EditionGuard Dev Team–EditionGuard for WooCommerce eBook Sales with DRM |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in EditionGuard Dev Team EditionGuard for WooCommerce – eBook Sales with DRM allows Reflected XSS.This issue affects EditionGuard for WooCommerce – eBook Sales with DRM: from n/a through 3.4.2. | 2025-01-16 | 7.1 | CVE-2025-23452 |
| ElementInvader–ElementInvader Addons for Elementor |
Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6. | 2025-01-15 | 7.5 | CVE-2025-22786 |
| Elke Hinze, Plumeria Web Design–Web Testimonials |
Cross-Site Request Forgery (CSRF) vulnerability in Elke Hinze, Plumeria Web Design Web Testimonials allows Stored XSS.This issue affects Web Testimonials: from n/a through 1.2. | 2025-01-16 | 7.1 | CVE-2025-23560 |
| Eniture Technology–Distance Based Shipping Calculator |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Eniture Technology Distance Based Shipping Calculator allows Reflected XSS.This issue affects Distance Based Shipping Calculator: from n/a through 2.0.21. | 2025-01-13 | 7.1 | CVE-2024-56301 |
| ETIC Telecom–Remote Access Server (RAS) |
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request forgery (CSRF). An external attacker with no access to the device can force the end user into submitting a “setconf” method request, not requiring any CSRF token, which can lead into denial of service on the device. | 2025-01-17 | 7.4 | CVE-2024-26153 |
| EveHome–Eve Play |
An attacker could exploit the ‘Use of Password Hash With Insufficient Computational Effort’ vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42. | 2025-01-13 | 9.8 | CVE-2024-5743 |
| FAKTOR VIER–F4 Post Tree |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FAKTOR VIER F4 Post Tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through 1.1.18. | 2025-01-13 | 7.1 | CVE-2025-22499 |
| Fanli2012–native-php-cms |
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 7.3 | CVE-2025-0482 |
| Fanli2012–native-php-cms |
A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfig_doedit.php of the component Backend. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 7.3 | CVE-2025-0484 |
| Fanli2012–native-php-cms |
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fladmin/login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 7.3 | CVE-2025-0486 |
| fortinet — fortiproxy |
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. | 2025-01-14 | 9.8 | CVE-2024-55591 |
| Fortinet–FortiAnalyzer |
A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. | 2025-01-14 | 7.2 | CVE-2024-35273 |
| Fortinet–FortiAnalyzer |
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands | 2025-01-16 | 7.3 | CVE-2024-45331 |
| Fortinet–FortiAnalyzer |
A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. | 2025-01-16 | 7.3 | CVE-2024-50563 |
| Fortinet–FortiClientEMS |
An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests. | 2025-01-14 | 8.1 | CVE-2024-23106 |
| Fortinet–FortiManager |
A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets | 2025-01-14 | 8.6 | CVE-2024-35277 |
| Fortinet–FortiManager |
An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials. | 2025-01-14 | 8.1 | CVE-2024-47571 |
| Fortinet–FortiManager |
An improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. | 2025-01-14 | 7.2 | CVE-2024-36512 |
| Fortinet–FortiManager |
A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets. | 2025-01-14 | 7.5 | CVE-2024-48884 |
| Fortinet–FortiManager |
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests. | 2025-01-14 | 7.2 | CVE-2024-50566 |
| Fortinet–FortiOS |
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. | 2025-01-14 | 9 | CVE-2024-48886 |
| Fortinet–FortiOS |
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads. | 2025-01-14 | 7.5 | CVE-2024-46668 |
| Fortinet–FortiOS |
An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests. | 2025-01-14 | 7.5 | CVE-2024-46670 |
| Fortinet–FortiSandbox |
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | 2025-01-14 | 8.8 | CVE-2024-27778 |
| Fortinet–FortiSIEM |
A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections. | 2025-01-14 | 7.5 | CVE-2024-46667 |
| Fortinet–FortiSOAR |
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file | 2025-01-14 | 9 | CVE-2024-47572 |
| Fortinet–FortiSwitch |
A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests. | 2025-01-14 | 9.8 | CVE-2023-37936 |
| Fortinet–FortiSwitch |
An improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI. | 2025-01-14 | 7.8 | CVE-2023-37937 |
| Fortinet–FortiVoice |
An improper neutralization of special elements used in an sql command (‘sql injection’) vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests | 2025-01-14 | 8.8 | CVE-2023-37931 |
| Fuji Electric–Alpha5 SMART |
Fuji Electric Alpha5 SMART is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | 2025-01-17 | 7.8 | CVE-2024-34579 |
| galleryape–Photo Gallery Image Gallery by Ape |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in galleryape Photo Gallery – Image Gallery by Ape allows Reflected XSS.This issue affects Photo Gallery – Image Gallery by Ape: from n/a through 2.2.8. | 2025-01-15 | 7.1 | CVE-2025-22317 |
| Genivia–gSOAP |
In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS. | 2025-01-15 | 7.5 | CVE-2024-4227 |
| Genkisan–Genki Announcement |
Cross-Site Request Forgery (CSRF) vulnerability in Genkisan Genki Announcement allows Cross Site Request Forgery.This issue affects Genki Announcement: from n/a through 1.4.1. | 2025-01-16 | 7.1 | CVE-2025-23900 |
| getsentry–sentry |
Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability. | 2025-01-15 | 9.1 | CVE-2025-22146 |
| git-ecosystem–git-credential-manager |
Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git’s documentation restricts the use of the NUL (`�`) character and newlines to form part of the keys or values. When Git reads from standard input, it considers both LF and CRLF as newline characters for the credential protocol by virtue of calling `strbuf_getline` that calls to `strbuf_getdelim_strip_crlf`. Git also validates that a newline is not present in the value by checking for the presence of the line-feed character (LF, `n`), and errors if this is the case. This captures both LF and CRLF-type newlines. Git Credential Manager uses the .NET standard library `StreamReader` class to read the standard input stream line-by-line and parse the `key=value` credential protocol format. The implementation of the `ReadLineAsync` method considers LF, CRLF, and CR as valid line endings. This is means that .NET considers a single CR as a valid newline character, whereas Git does not. This mismatch of newline treatment between Git and GCM means that an attacker can craft a malicious remote URL. When a user clones or otherwise interacts with a malicious repository that requires authentication, the attacker can capture credentials for another Git remote. The attack is also heightened when cloning from repositories with submodules when using the `–recursive` clone option as the user is not able to inspect the submodule remote URLs beforehand. This issue has been patched in version 2.6.1 and all users are advised to upgrade. Users unable to upgrade should only interact with trusted remote repositories, and not clone with `–recursive` to allow inspection of any submodule URLs before cloning those submodules. | 2025-01-14 | 7.4 | CVE-2024-50338 |
| GiveWP–GiveWP |
Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.19.3. | 2025-01-13 | 9.8 | CVE-2025-22777 |
| google — chrome |
Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-01-15 | 8.8 | CVE-2025-0437 |
| Google–Chrome |
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-01-15 | 8.8 | CVE-2025-0434 |
| Google–Chrome |
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-01-15 | 8.8 | CVE-2025-0436 |
| Google–Chrome |
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) | 2025-01-15 | 8.8 | CVE-2025-0438 |
| Google–Chrome |
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | 2025-01-15 | 8.8 | CVE-2025-0443 |
| Google–Chrome |
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | 2025-01-15 | 8.8 | CVE-2025-0447 |
| Gordon French–Comment-Emailer |
Cross-Site Request Forgery (CSRF) vulnerability in Gordon French Comment-Emailer allows Stored XSS.This issue affects Comment-Emailer: from n/a through 1.0.5. | 2025-01-16 | 7.1 | CVE-2025-23627 |
| grandslambert–Featured Page Widget |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in grandslambert Featured Page Widget allows Reflected XSS.This issue affects Featured Page Widget: from n/a through 2.2. | 2025-01-13 | 7.1 | CVE-2025-22569 |
| Gravity Forms–Gravity Forms |
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-17 | 7.2 | CVE-2024-13377 |
| GSheetConnector–GSheetConnector for Forminator Forms |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through 1.0.11. | 2025-01-15 | 7.1 | CVE-2025-22752 |
| Harsh–iSpring Embedder |
Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0. | 2025-01-16 | 10 | CVE-2025-23922 |
| Hernan Javier Hegykozi–MercadoLibre Integration |
Cross-Site Request Forgery (CSRF) vulnerability in Hernan Javier Hegykozi MercadoLibre Integration allows Stored XSS.This issue affects MercadoLibre Integration: from n/a through 1.1. | 2025-01-16 | 7.1 | CVE-2025-23659 |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networking AOS |
An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files. | 2025-01-14 | 7.2 | CVE-2025-23051 |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networking AOS |
Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system. | 2025-01-14 | 7.2 | CVE-2025-23052 |
| hirewebxperts — passwords_manager |
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-16 | 7.5 | CVE-2024-12613 |
| hirewebxperts — passwords_manager |
The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘pms_save_setting’ and ‘post_new_pass’ AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and add passwords. | 2025-01-16 | 7.5 | CVE-2024-12614 |
| i3 Verticals–TrueFiling |
TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08. | 2025-01-17 | 7.3 | CVE-2024-11146 |
| IBM–CICS TX Advanced |
IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-16 | 7.2 | CVE-2024-41746 |
| IBM–Safer Payments |
IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources. | 2025-01-18 | 7.5 | CVE-2024-45662 |
| IBM–Sterling Secure Proxy |
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments. | 2025-01-19 | 9.1 | CVE-2024-38337 |
| IBM–Sterling Secure Proxy |
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input. | 2025-01-19 | 9.1 | CVE-2024-41783 |
| IBM–TXSeries for Multiplatforms |
IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. | 2025-01-19 | 7.5 | CVE-2024-41742 |
| IBM–TXSeries for Multiplatforms |
IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connections due to improper allocation of resources. | 2025-01-19 | 7.5 | CVE-2024-41743 |
| IBM–Voice Gateway |
IBM ICP – Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document. | 2025-01-18 | 8.1 | CVE-2024-47113 |
| Igor Sazonov–Len Slider |
Cross-Site Request Forgery (CSRF) vulnerability in Igor Sazonov Len Slider allows Reflected XSS.This issue affects Len Slider: from n/a through 2.0.11. | 2025-01-16 | 7.1 | CVE-2025-23810 |
| Imagination Technologies–Graphics DDK |
Software installed and run as a non-privileged user may conduct improper GPU system calls resulting in platform instability and reboots. | 2025-01-13 | 8.8 | CVE-2024-47897 |
| Imagination Technologies–Graphics DDK |
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest’s virtualised GPU memory. | 2025-01-13 | 7.1 | CVE-2024-47894 |
| Imagination Technologies–Graphics DDK |
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest’s virtualised GPU memory. | 2025-01-13 | 7.1 | CVE-2024-47895 |
| Imagination Technologies–Graphics DDK |
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest’s virtualised GPU memory. | 2025-01-13 | 7.8 | CVE-2024-52938 |
| Infosoft Consultant–Order Audit Log for WooCommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Infosoft Consultant Order Audit Log for WooCommerce allows Reflected XSS.This issue affects Order Audit Log for WooCommerce: from n/a through 2.0. | 2025-01-13 | 7.1 | CVE-2025-22337 |
| Intuitive Design–GDReseller |
Cross-Site Request Forgery (CSRF) vulnerability in Intuitive Design GDReseller allows Stored XSS.This issue affects GDReseller: from n/a through 1.6. | 2025-01-16 | 7.1 | CVE-2025-23567 |
| Invoice Ninja–Invoice Ninja |
Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23. | 2025-01-14 | 7.7 | CVE-2025-0474 |
| isnowfy–my-related-posts |
Cross-Site Request Forgery (CSRF) vulnerability in isnowfy my-related-posts allows Stored XSS.This issue affects my-related-posts: from n/a through 1.1. | 2025-01-16 | 7.1 | CVE-2025-23476 |
| ITMOOTI–Theme My Ontraport Smartform |
Cross-Site Request Forgery (CSRF) vulnerability in ITMOOTI Theme My Ontraport Smartform allows Stored XSS.This issue affects Theme My Ontraport Smartform: from n/a through 1.2.11. | 2025-01-16 | 7.1 | CVE-2025-23717 |
| ivanti — avalanche |
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | 2025-01-14 | 7.3 | CVE-2024-13179 |
| ivanti — avalanche |
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. | 2025-01-14 | 7.5 | CVE-2024-13180 |
| ivanti — avalanche |
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | 2025-01-14 | 7.3 | CVE-2024-13181 |
| Ivanti–Application Control Engine |
A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. | 2025-01-14 | 7.8 | CVE-2024-10630 |
| Ivanti–Endpoint Manager |
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | 2025-01-14 | 9.8 | CVE-2024-10811 |
| Ivanti–Endpoint Manager |
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | 2025-01-14 | 9.8 | CVE-2024-13159 |
| Ivanti–Endpoint Manager |
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | 2025-01-14 | 9.8 | CVE-2024-13160 |
| Ivanti–Endpoint Manager |
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | 2025-01-14 | 9.8 | CVE-2024-13161 |
| Ivanti–Endpoint Manager |
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 2025-01-14 | 7.2 | CVE-2024-13158 |
| Ivanti–Endpoint Manager |
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848. | 2025-01-14 | 7.2 | CVE-2024-13162 |
| Ivanti–Endpoint Manager |
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | 2025-01-14 | 7.8 | CVE-2024-13163 |
| Ivanti–Endpoint Manager |
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | 2025-01-14 | 7.8 | CVE-2024-13164 |
| Ivanti–Endpoint Manager |
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | 2025-01-14 | 7.5 | CVE-2024-13165 |
| Ivanti–Endpoint Manager |
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | 2025-01-14 | 7.5 | CVE-2024-13166 |
| Ivanti–Endpoint Manager |
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | 2025-01-14 | 7.5 | CVE-2024-13167 |
| Ivanti–Endpoint Manager |
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | 2025-01-14 | 7.5 | CVE-2024-13168 |
| Ivanti–Endpoint Manager |
An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | 2025-01-14 | 7.8 | CVE-2024-13169 |
| Ivanti–Endpoint Manager |
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | 2025-01-14 | 7.5 | CVE-2024-13170 |
| Ivanti–Endpoint Manager |
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | 2025-01-14 | 7.8 | CVE-2024-13171 |
| Ivanti–Endpoint Manager |
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | 2025-01-14 | 7.8 | CVE-2024-13172 |
| Ivn R. Delgado Martnez–WP Custom Google Search |
Cross-Site Request Forgery (CSRF) vulnerability in Iván R. Delgado MartÃnez WP Custom Google Search allows Stored XSS.This issue affects WP Custom Google Search: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23698 |
| Ivo Brett ApplyMetrics–Apply with LinkedIn buttons |
Cross-Site Request Forgery (CSRF) vulnerability in Ivo Brett – ApplyMetrics Apply with LinkedIn buttons allows Stored XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3. | 2025-01-16 | 7.1 | CVE-2025-23898 |
| James Bavington–WP Headmaster |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in James Bavington WP Headmaster allows Reflected XSS.This issue affects WP Headmaster: from n/a through 0.3. | 2025-01-15 | 7.1 | CVE-2025-22755 |
| Jay Carter–WP Bulletin Board |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jay Carter WP Bulletin Board allows Reflected XSS.This issue affects WP Bulletin Board: from n/a through 1.1.4. | 2025-01-15 | 7.1 | CVE-2025-22776 |
| Johan Strm–Background Control |
Cross-Site Request Forgery (CSRF) vulnerability in Johan Ström Background Control allows Path Traversal.This issue affects Background Control: from n/a through 1.0.5. | 2025-01-15 | 8.6 | CVE-2025-22784 |
| Joshua Wieczorek–Bible Embed |
Cross-Site Request Forgery (CSRF) vulnerability in Joshua Wieczorek Bible Embed allows Stored XSS.This issue affects Bible Embed: from n/a through 0.0.4. | 2025-01-16 | 7.1 | CVE-2025-23513 |
| jprintf–CNZZ&51LA for WordPress |
Cross-Site Request Forgery (CSRF) vulnerability in jprintf CNZZ&51LA for WordPress allows Cross Site Request Forgery.This issue affects CNZZ&51LA for WordPress: from n/a through 1.0.1. | 2025-01-16 | 7.1 | CVE-2025-23823 |
| Kapost–Kapost |
Cross-Site Request Forgery (CSRF) vulnerability in Kapost Kapost allows Stored XSS.This issue affects Kapost: from n/a through 2.2.9. | 2025-01-16 | 7.1 | CVE-2025-23712 |
| Kathleen Malone–Find Your Reps |
Cross-Site Request Forgery (CSRF) vulnerability in Kathleen Malone Find Your Reps allows Stored XSS.This issue affects Find Your Reps: from n/a through 1.2. | 2025-01-16 | 7.1 | CVE-2025-23557 |
| Katz Web Services, Inc.–Debt Calculator |
Cross-Site Request Forgery (CSRF) vulnerability in Katz Web Services, Inc. Debt Calculator allows Cross Site Request Forgery.This issue affects Debt Calculator: from n/a through 1.0.1. | 2025-01-16 | 7.1 | CVE-2025-23861 |
| Kelvin Ng–Shortcode in Comment |
Cross-Site Request Forgery (CSRF) vulnerability in Kelvin Ng Shortcode in Comment allows Stored XSS.This issue affects Shortcode in Comment: from n/a through 1.1.1. | 2025-01-16 | 7.1 | CVE-2025-23569 |
| Kreg Steppe–Auphonic Importer |
Cross-Site Request Forgery (CSRF) vulnerability in Kreg Steppe Auphonic Importer allows Stored XSS.This issue affects Auphonic Importer: from n/a through 1.5.1. | 2025-01-16 | 7.1 | CVE-2025-23649 |
| Laxman Thapa–Content Security Policy Pro |
Cross-Site Request Forgery (CSRF) vulnerability in Laxman Thapa Content Security Policy Pro allows Cross Site Request Forgery.This issue affects Content Security Policy Pro: from n/a through 1.3.5. | 2025-01-16 | 7.1 | CVE-2025-23820 |
| Lexmark–Printer Firmware |
A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | 2025-01-18 | 8.8 | CVE-2023-50739 |
| Lijit Networks Inc. and Crowd Favorite–Lijit Search |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lijit Networks Inc. and Crowd Favorite Lijit Search allows Reflected XSS.This issue affects Lijit Search: from n/a through 1.1. | 2025-01-15 | 7.1 | CVE-2025-22778 |
| linickx–root Cookie |
Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie allows Cross Site Request Forgery. This issue affects root Cookie: from n/a through 1.6. | 2025-01-16 | 7.1 | CVE-2025-23815 |
| madalinungureanu–Paid Membership Subscriptions Effortless Memberships, Recurring Payments & Content Restriction |
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the ‘pms_payment_id’ parameter to authenticate users without any further identity validation. This makes it possible for unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site. | 2025-01-14 | 9.8 | CVE-2024-12919 |
| Mahadir Ahmad–MHR-Custom-Anti-Copy |
Cross-Site Request Forgery (CSRF) vulnerability in Mahadir Ahmad MHR-Custom-Anti-Copy allows Stored XSS.This issue affects MHR-Custom-Anti-Copy: from n/a through 2.0. | 2025-01-16 | 7.1 | CVE-2025-23817 |
| Mahdi Khaksar–mybb Last Topics |
Cross-Site Request Forgery (CSRF) vulnerability in Mahdi Khaksar mybb Last Topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23749 |
| Mahesh Bisen–Contact Form 7 CCAvenue Add-on |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mahesh Bisen Contact Form 7 – CCAvenue Add-on allows Reflected XSS.This issue affects Contact Form 7 – CCAvenue Add-on: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23623 |
| Marcus Downing–Site PIN |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Marcus Downing Site PIN allows Reflected XSS.This issue affects Site PIN: from n/a through 1.3. | 2025-01-13 | 7.1 | CVE-2025-22576 |
| Martijn Scheybeler–Social Analytics |
Cross-Site Request Forgery (CSRF) vulnerability in Martijn Scheybeler Social Analytics allows Stored XSS.This issue affects Social Analytics: from n/a through 0.2. | 2025-01-16 | 7.1 | CVE-2025-23743 |
| MarvinLabs–WP PT-Viewer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MarvinLabs WP PT-Viewer allows Reflected XSS.This issue affects WP PT-Viewer: from n/a through 2.0.2. | 2025-01-16 | 7.1 | CVE-2025-23438 |
| Masoud Amini–Zarinpal Paid Download |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Masoud Amini Zarinpal Paid Download allows Reflected XSS.This issue affects Zarinpal Paid Download: from n/a through 2.3. | 2025-01-15 | 7.1 | CVE-2025-22766 |
| mastersoftwaresolutions–WP VTiger Synchronization |
Cross-Site Request Forgery (CSRF) vulnerability in mastersoftwaresolutions WP VTiger Synchronization allows Stored XSS.This issue affects WP VTiger Synchronization: from n/a through 1.1.1. | 2025-01-16 | 7.1 | CVE-2025-23455 |
| matias s–Shockingly Big IE6 Warning |
Cross-Site Request Forgery (CSRF) vulnerability in matias s Shockingly Big IE6 Warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through 1.6.3. | 2025-01-16 | 7.1 | CVE-2025-23442 |
| Matt Gibbs–Admin Cleanup |
Cross-Site Request Forgery (CSRF) vulnerability in Matt Gibbs Admin Cleanup allows Stored XSS.This issue affects Admin Cleanup: from n/a through 1.0.2. | 2025-01-16 | 7.1 | CVE-2025-23832 |
| Matt van Andel–Custom List Table Example |
Cross-Site Request Forgery (CSRF) vulnerability in Matt van Andel Custom List Table Example allows Reflected XSS.This issue affects Custom List Table Example: from n/a through 1.4.1. | 2025-01-16 | 7.1 | CVE-2025-23808 |
| Mayur Sojitra–Flying Twitter Birds |
Cross-Site Request Forgery (CSRF) vulnerability in Mayur Sojitra Flying Twitter Birds allows Stored XSS.This issue affects Flying Twitter Birds: from n/a through 1.8. | 2025-01-16 | 7.1 | CVE-2025-23710 |
| microsoft — 365_apps |
Microsoft Excel Remote Code Execution Vulnerability | 2025-01-14 | 8.4 | CVE-2025-21362 |
| microsoft — 365_apps |
Microsoft Word Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21363 |
| microsoft — 365_apps |
Microsoft Excel Security Feature Bypass Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21364 |
| microsoft — 365_apps |
Microsoft Office Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21365 |
| microsoft — 365_apps |
Microsoft Access Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21366 |
| microsoft — 365_apps |
Microsoft Access Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21395 |
| microsoft — autoupdate |
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21360 |
| microsoft — office |
Microsoft Outlook Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21361 |
| microsoft — visual_studio_2022 |
Visual Studio Elevation of Privilege Vulnerability | 2025-01-14 | 7.3 | CVE-2025-21405 |
| microsoft — windows_10_1507 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21409 |
| microsoft — windows_10_1507 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21411 |
| microsoft — windows_10_1507 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21413 |
| microsoft — windows_10_1507 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21417 |
| microsoft — windows_10_1507 |
Windows CSC Service Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21378 |
| microsoft — windows_10_1507 |
Windows upnphost.dll Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21389 |
| microsoft — windows_10_1809 |
Windows Graphics Component Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21382 |
| microsoft — windows_10_21h2 |
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21333 |
| microsoft — windows_10_21h2 |
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21334 |
| microsoft — windows_10_21h2 |
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21335 |
| microsoft — windows_11_22h2 |
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21370 |
| microsoft — windows_11_24h2 |
Microsoft Brokering File System Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21372 |
| Microsoft–.NET 8.0 |
.NET Elevation of Privilege Vulnerability | 2025-01-14 | 7.3 | CVE-2025-21173 |
| Microsoft–.NET 9.0 |
.NET Remote Code Execution Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21171 |
| Microsoft–Microsoft Edge Update Setup |
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | 2025-01-17 | 7.4 | CVE-2025-21399 |
| Microsoft–Microsoft Office 2019 |
Microsoft Access Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21186 |
| Microsoft–Microsoft Office 2019 |
Microsoft Office Visio Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21345 |
| Microsoft–Microsoft Office 2019 |
Microsoft Office Security Feature Bypass Vulnerability | 2025-01-14 | 7.1 | CVE-2025-21346 |
| Microsoft–Microsoft Office 2019 |
Microsoft Office Visio Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21356 |
| Microsoft–Microsoft Office LTSC for Mac 2021 |
Microsoft Office OneNote Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21402 |
| Microsoft–Microsoft SharePoint Enterprise Server 2016 |
Microsoft SharePoint Server Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21344 |
| Microsoft–Microsoft SharePoint Enterprise Server 2016 |
Microsoft SharePoint Server Remote Code Execution Vulnerability | 2025-01-14 | 7.2 | CVE-2025-21348 |
| Microsoft–Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) |
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21176 |
| Microsoft–Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) |
Visual Studio Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21178 |
| Microsoft–Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) |
.NET and Visual Studio Remote Code Execution Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21172 |
| Microsoft–Office Online Server |
Microsoft Excel Remote Code Execution Vulnerability | 2025-01-14 | 8.4 | CVE-2025-21354 |
| Microsoft–Power Automate for Desktop |
Microsoft Power Automate Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21187 |
| Microsoft–Windows 10 Version 1809 |
Windows OLE Remote Code Execution Vulnerability | 2025-01-14 | 9.8 | CVE-2025-21298 |
| Microsoft–Windows 10 Version 1809 |
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | 2025-01-14 | 9.8 | CVE-2025-21307 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21223 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21233 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21236 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21237 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21238 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21239 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21240 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21241 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21243 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21244 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21245 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21246 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21248 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21250 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21252 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21266 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21273 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21282 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21286 |
| Microsoft–Windows 10 Version 1809 |
Windows Direct Show Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21291 |
| Microsoft–Windows 10 Version 1809 |
Windows Search Service Elevation of Privilege Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21292 |
| Microsoft–Windows 10 Version 1809 |
Active Directory Domain Services Elevation of Privilege Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21293 |
| Microsoft–Windows 10 Version 1809 |
Microsoft Digest Authentication Remote Code Execution Vulnerability | 2025-01-14 | 8.1 | CVE-2025-21294 |
| Microsoft–Windows 10 Version 1809 |
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | 2025-01-14 | 8.1 | CVE-2025-21295 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21302 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21303 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21305 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21306 |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21339 |
| Microsoft–Windows 10 Version 1809 |
Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21207 |
| Microsoft–Windows 10 Version 1809 |
Microsoft Message Queuing Information Disclosure Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21220 |
| Microsoft–Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21230 |
| Microsoft–Windows 10 Version 1809 |
IP Helper Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21231 |
| Microsoft–Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21251 |
| Microsoft–Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21270 |
| Microsoft–Windows 10 Version 1809 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21271 |
| Microsoft–Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21277 |
| Microsoft–Windows 10 Version 1809 |
Microsoft COM for Windows Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21281 |
| Microsoft–Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21285 |
| Microsoft–Windows 10 Version 1809 |
Windows Installer Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21287 |
| Microsoft–Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21289 |
| Microsoft–Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21290 |
| Microsoft–Windows 10 Version 1809 |
BranchCache Remote Code Execution Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21296 |
| Microsoft–Windows 10 Version 1809 |
Windows Kerberos Security Feature Bypass Vulnerability | 2025-01-14 | 7.1 | CVE-2025-21299 |
| Microsoft–Windows 10 Version 1809 |
Windows upnphost.dll Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21300 |
| Microsoft–Windows 10 Version 1809 |
Microsoft DWM Core Library Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21304 |
| Microsoft–Windows 10 Version 1809 |
Windows Remote Desktop Services Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21330 |
| Microsoft–Windows 10 Version 1809 |
Windows Installer Elevation of Privilege Vulnerability | 2025-01-14 | 7.3 | CVE-2025-21331 |
| Microsoft–Windows 10 Version 1809 |
GDI+ Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21338 |
| Microsoft–Windows 10 Version 21H2 |
Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 2025-01-17 | 7.8 | CVE-2025-21325 |
| Microsoft–Windows 11 version 22H2 |
Windows Web Threat Defense User Service Information Disclosure Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21343 |
| Microsoft–Windows Server 2019 |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2025-01-14 | 8.1 | CVE-2025-21297 |
| Microsoft–Windows Server 2019 |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2025-01-14 | 8.1 | CVE-2025-21309 |
| Microsoft–Windows Server 2019 |
Windows Kerberos Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21218 |
| Microsoft–Windows Server 2022 |
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | 2025-01-14 | 8.1 | CVE-2025-21224 |
| Microsoft–Windows Server 2022 |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21234 |
| Microsoft–Windows Server 2022 |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21235 |
| Microsoft–Windows Server 2022 |
Windows App Package Installer Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21275 |
| Microsoft–Windows Server 2025 (Server Core installation) |
Windows NTLM V1 Elevation of Privilege Vulnerability | 2025-01-14 | 9.8 | CVE-2025-21311 |
| Microsoft–Windows Server 2025 (Server Core installation) |
Windows MapUrlToZone Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21276 |
| Microsoft–Windows Server 2025 (Server Core installation) |
Microsoft Brokering File System Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21315 |
| Microsoft–Windows Server 2025 |
Internet Explorer Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21326 |
| Mighty Digital–Partners |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mighty Digital Partners allows Reflected XSS.This issue affects Partners: from n/a through 0.2.0. | 2025-01-15 | 7.1 | CVE-2025-22751 |
| Mike Selander–WP Options Editor |
Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through 1.1. | 2025-01-16 | 9.8 | CVE-2025-23797 |
| Milo eki–Inline Tweets |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MiloÅ¡ Äekić Inline Tweets allows Stored XSS.This issue affects Inline Tweets: from n/a through 2.0. | 2025-01-13 | 7.1 | CVE-2025-22570 |
| mongoosejs–Mongoose |
Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900. | 2025-01-15 | 9 | CVE-2025-23061 |
| Mozilla–Web Push |
Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Web Push allows Stored XSS.This issue affects Web Push: from n/a through 1.4.0. | 2025-01-16 | 7.1 | CVE-2025-23720 |
| Mukesh Dak–MD Custom content after or before of post |
Cross-Site Request Forgery (CSRF) vulnerability in Mukesh Dak MD Custom content after or before of post allows Stored XSS.This issue affects MD Custom content after or before of post: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23463 |
| Myriad Solutionz–Stars SMTP Mailer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Myriad Solutionz Stars SMTP Mailer allows Reflected XSS.This issue affects Stars SMTP Mailer: from n/a through 1.7. | 2025-01-16 | 7.1 | CVE-2025-23453 |
| n/a–AquilaCMS |
A vulnerability was found in AquilaCMS 1.412.13. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v2/categories. The manipulation of the argument PostBody.populate leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 7.3 | CVE-2025-0465 |
| n/a–Blog Botz for Journal Theme |
A vulnerability, which was classified as critical, was found in Blog Botz for Journal Theme 1.0 on OpenCart. This affects an unknown part of the file /index.php?route=extension/module/blog_add. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 7.3 | CVE-2025-0460 |
| n/a–n/a |
Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint | 2025-01-13 | 9.1 | CVE-2024-46310 |
| n/a–n/a |
HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access. | 2025-01-15 | 9.8 | CVE-2024-48126 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “minute” parameters in setScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57011 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “week” parameter in setScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57012 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “switch” parameter in setScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57013 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “recHour” parameter in setScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57014 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “hour” parameter in setScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57015 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “user” parameter in setVpnAccountCfg. | 2025-01-15 | 9.8 | CVE-2024-57016 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “pass” parameter in setVpnAccountCfg. | 2025-01-15 | 9.8 | CVE-2024-57017 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “desc” parameter in setVpnAccountCfg. | 2025-01-15 | 9.8 | CVE-2024-57018 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “limit” parameter in setVpnAccountCfg. | 2025-01-15 | 9.8 | CVE-2024-57019 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “sMinute” parameter in setWiFiScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57020 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “eHour” parameter in setWiFiScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57021 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “sHour” parameter in setWiFiScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57022 |
| n/a–n/a |
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | 2025-01-14 | 9.8 | CVE-2024-57473 |
| n/a–n/a |
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | 2025-01-14 | 9.8 | CVE-2024-57479 |
| n/a–n/a |
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | 2025-01-14 | 9.8 | CVE-2024-57480 |
| n/a–n/a |
Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function. | 2025-01-14 | 9.8 | CVE-2024-57483 |
| n/a–n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function. | 2025-01-16 | 9.8 | CVE-2024-57579 |
| n/a–n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | 2025-01-16 | 9.8 | CVE-2024-57580 |
| n/a–n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | 2025-01-16 | 9.8 | CVE-2024-57581 |
| n/a–n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function. | 2025-01-16 | 9.8 | CVE-2024-57582 |
| n/a–n/a |
An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. | 2025-01-16 | 9.8 | CVE-2024-57684 |
| n/a–n/a |
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key. | 2025-01-16 | 9.8 | CVE-2024-57768 |
| n/a–n/a |
In Eaton X303 3.5.16 – X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton. | 2025-01-13 | 9.1 | CVE-2024-57811 |
| n/a–n/a |
RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. | 2025-01-16 | 9.8 | CVE-2025-22904 |
| n/a–n/a |
RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. | 2025-01-16 | 9.8 | CVE-2025-22905 |
| n/a–n/a |
RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. | 2025-01-16 | 9.8 | CVE-2025-22906 |
| n/a–n/a |
RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function. | 2025-01-16 | 9.8 | CVE-2025-22907 |
| n/a–n/a |
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. | 2025-01-16 | 9.8 | CVE-2025-22912 |
| n/a–n/a |
RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function. | 2025-01-16 | 9.8 | CVE-2025-22913 |
| n/a–n/a |
RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function. | 2025-01-16 | 9.8 | CVE-2025-22916 |
| n/a–n/a |
An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions | 2025-01-15 | 9.8 | CVE-2025-22968 |
| n/a–n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php. | 2025-01-13 | 8.8 | CVE-2023-42244 |
| n/a–n/a |
Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin’s browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration. | 2025-01-14 | 8.8 | CVE-2024-50858 |
| n/a–n/a |
Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter. | 2025-01-17 | 8.1 | CVE-2024-57030 |
| n/a–n/a |
An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests. | 2025-01-15 | 7.5 | CVE-2024-48125 |
| n/a–n/a |
A Broken Object Level Authorization (BOLA) vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals. | 2025-01-16 | 7.5 | CVE-2024-50633 |
| n/a–n/a |
An issue in XINJE XL5E-16T V3.7.2a allows attackers to cause a Denial of Service (DoS) via a crafted Modbus message. | 2025-01-15 | 7.5 | CVE-2024-50953 |
| n/a–n/a |
The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network (LAN), sending a specific Modbus message to the controller can cause the PLC to crash, interrupting the normal operation of the programs running in the PLC. This results in the ERR indicator light turning on and the RUN indicator light turning off. | 2025-01-15 | 7.5 | CVE-2024-50954 |
| n/a–n/a |
Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality (including Chromium Developer Tools) that can result in a client user accessing arbitrary remote websites. | 2025-01-17 | 7.1 | CVE-2024-52870 |
| n/a–n/a |
Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function. | 2025-01-14 | 7.5 | CVE-2024-54730 |
| n/a–n/a |
Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php. | 2025-01-16 | 7.2 | CVE-2024-57162 |
| n/a–n/a |
An issue in the BATcalcbetween_intern component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57615 |
| n/a–n/a |
An issue in the vscanf component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57616 |
| n/a–n/a |
An issue in the dameraulevenshtein component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57617 |
| n/a–n/a |
An issue in the bind_col_exp component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57618 |
| n/a–n/a |
An issue in the atom_get_int component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57619 |
| n/a–n/a |
An issue in the trimchars component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57620 |
| n/a–n/a |
An issue in the GDKanalytical_correlation component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57621 |
| n/a–n/a |
An issue in the exp_bin component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57622 |
| n/a–n/a |
An issue in the HEAP_malloc component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57623 |
| n/a–n/a |
An issue in the exp_atom component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57624 |
| n/a–n/a |
An issue in the merge_table_prune_and_unionize component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57625 |
| n/a–n/a |
An issue in the mat_join2 component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57626 |
| n/a–n/a |
An issue in the gc_col component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57627 |
| n/a–n/a |
An issue in the exp_values_set_supertype component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57628 |
| n/a–n/a |
An issue in the tail_type component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57629 |
| n/a–n/a |
An issue in the exps_card component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57630 |
| n/a–n/a |
An issue in the exp_ref component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57631 |
| n/a–n/a |
An issue in the is_column_unique component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57632 |
| n/a–n/a |
An issue in the exps_bind_column component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57633 |
| n/a–n/a |
An issue in the exp_copy component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57634 |
| n/a–n/a |
An issue in the chash_array component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57635 |
| n/a–n/a |
An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57636 |
| n/a–n/a |
An issue in the dfe_unit_gb_dependant component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57637 |
| n/a–n/a |
An issue in the dfe_body_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57638 |
| n/a–n/a |
An issue in the dc_elt_size component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57639 |
| n/a–n/a |
An issue in the dc_add_int component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57640 |
| n/a–n/a |
An issue in the sqlexp component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57641 |
| n/a–n/a |
An issue in the dfe_inx_op_col_def_table component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57642 |
| n/a–n/a |
An issue in the box_deserialize_string component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57643 |
| n/a–n/a |
An issue in the itc_hash_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57644 |
| n/a–n/a |
An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57645 |
| n/a–n/a |
An issue in the psiginfo component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57646 |
| n/a–n/a |
An issue in the row_insert_cast component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57647 |
| n/a–n/a |
An issue in the itc_set_param_row component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57648 |
| n/a–n/a |
An issue in the qst_vec_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57649 |
| n/a–n/a |
An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57650 |
| n/a–n/a |
An issue in the jp_add component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57651 |
| n/a–n/a |
An issue in the numeric_to_dv component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57652 |
| n/a–n/a |
An issue in the qst_vec_get_int64 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57654 |
| n/a–n/a |
An issue in the dfe_n_in_order component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57655 |
| n/a–n/a |
An issue in the sqlc_add_distinct_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57656 |
| n/a–n/a |
An issue in the sqlg_vec_upd component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57657 |
| n/a–n/a |
An issue in the sql_tree_hash_1 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57658 |
| n/a–n/a |
An issue in the sqlg_parallel_ts_seq component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57659 |
| n/a–n/a |
An issue in the sqlo_expand_jts component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57660 |
| n/a–n/a |
An issue in the sqlo_df component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57661 |
| n/a–ZZCMS |
A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-19 | 7.3 | CVE-2025-0565 |
| Nazmul Ahsan–MDC YouTube Downloader |
Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC YouTube Downloader allows Stored XSS.This issue affects MDC YouTube Downloader: from n/a through 3.0.0. | 2025-01-16 | 7.1 | CVE-2025-23639 |
| Nazmul Ahsan–Rename Author Slug |
Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan Rename Author Slug allows Stored XSS.This issue affects Rename Author Slug: from n/a through 1.2.0. | 2025-01-16 | 7.1 | CVE-2025-23640 |
| NEC Corporation–WG2600HS |
Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network. | 2025-01-15 | 7.2 | CVE-2025-0354 |
| NEC Corporation–WG2600HS |
Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network. | 2025-01-15 | 7.5 | CVE-2025-0355 |
| Nedap Librix–Ecoreader |
Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code. | 2025-01-17 | 8.6 | CVE-2024-12757 |
| neran–Social proof testimonials and reviews by Repuso |
The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘rw_image_badge1’ shortcode in all versions up to, and including, 5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-15 | 7.2 | CVE-2024-13351 |
| NetVision Information–airPASS |
The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 2025-01-16 | 9.8 | CVE-2025-0455 |
| NetVision Information–airPASS |
The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords. | 2025-01-16 | 9.8 | CVE-2025-0456 |
| NetVision Information–airPASS |
The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | 2025-01-16 | 8.8 | CVE-2025-0457 |
| New Normal LLC–LucidLMS |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in New Normal LLC LucidLMS allows Reflected XSS.This issue affects LucidLMS: from n/a through 1.0.5. | 2025-01-13 | 7.1 | CVE-2025-22498 |
| Niklas Olsson–Universal Analytics Injector |
Cross-Site Request Forgery (CSRF) vulnerability in Niklas Olsson Universal Analytics Injector allows Stored XSS.This issue affects Universal Analytics Injector: from n/a through 1.0.3. | 2025-01-16 | 7.1 | CVE-2025-23483 |
| Nilesh Shiragave–WordPress Gallery Plugin |
Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n/a through 1.4. | 2025-01-16 | 7.1 | CVE-2025-23842 |
| nitropack–NitroPack Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN |
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘nitropack_dismiss_notice_forever’ AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of ‘1’ which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition. | 2025-01-15 | 8.1 | CVE-2024-11848 |
| Observium–Observium |
A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker. | 2025-01-15 | 8.7 | CVE-2024-45061 |
| Observium–Observium |
A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker. | 2025-01-15 | 8.7 | CVE-2024-47002 |
| Observium–Observium |
A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker. | 2025-01-15 | 8.7 | CVE-2024-47140 |
| OFFIS–DCMTK |
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | 2025-01-13 | 8.4 | CVE-2024-47796 |
| OFFIS–DCMTK |
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | 2025-01-13 | 8.4 | CVE-2024-52333 |
| Oliver Schaal–Floatbox Plus |
Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal Floatbox Plus allows Stored XSS.This issue affects Floatbox Plus: from n/a through 1.4.4. | 2025-01-16 | 7.1 | CVE-2025-23617 |
| Oliver Schaal–GravatarLocalCache |
Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal GravatarLocalCache allows Cross Site Request Forgery.This issue affects GravatarLocalCache: from n/a through 1.1.2. | 2025-01-16 | 7.1 | CVE-2025-23901 |
| openobserve–openobserve |
OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an “Admin” role user to remove a “Root” user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the highest-privileged account. Due to insufficient role checks, the `remove_user_from_org` function does not prevent an “Admin” user from removing a “Root” user. As a result, an attacker with an “Admin” role can remove critical “Root” users, potentially gaining effective full control by eliminating the highest-privileged accounts. The `DELETE /api/{org_id}/users/{email_id}` endpoint is affected. This issue has been addressed in release version `0.14.1` and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-16 | 8.7 | CVE-2024-55954 |
| Oren hahiashvili–add custom google tag manager |
Cross-Site Request Forgery (CSRF) vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through 1.0.3. | 2025-01-16 | 7.1 | CVE-2025-23537 |
| Oren Yomtov–Mass Custom Fields Manager |
Cross-Site Request Forgery (CSRF) vulnerability in Oren Yomtov Mass Custom Fields Manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a through 1.5. | 2025-01-16 | 7.1 | CVE-2025-23430 |
| OriginalTips.com–WordPress Data Guard |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in OriginalTips.com WordPress Data Guard allows Stored XSS.This issue affects WordPress Data Guard: from n/a through 8. | 2025-01-16 | 7.1 | CVE-2025-23828 |
| pankajpragma, rahulpragma–WordPress Google Map Professional |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in pankajpragma, rahulpragma WordPress Google Map Professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through 1.0. | 2025-01-16 | 8.5 | CVE-2025-23913 |
| Paramveer Singh for Arete IT Private Limited–Post And Page Reactions |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paramveer Singh for Arete IT Private Limited Post And Page Reactions allows Reflected XSS.This issue affects Post And Page Reactions: from n/a through 1.0.5. | 2025-01-13 | 7.1 | CVE-2025-22568 |
| Pascal Casier–Board Election |
Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier Board Election allows Stored XSS.This issue affects Board Election: from n/a through 1.0.1. | 2025-01-16 | 7.1 | CVE-2025-23499 |
| PayForm–PayForm |
Cross-Site Request Forgery (CSRF) vulnerability in PayForm PayForm allows Stored XSS.This issue affects PayForm: from n/a through 2.0. | 2025-01-16 | 7.1 | CVE-2025-23872 |
| Peggy Kuo–More Link Modifier |
Cross-Site Request Forgery (CSRF) vulnerability in Peggy Kuo More Link Modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through 1.0.3. | 2025-01-16 | 7.1 | CVE-2025-23818 |
| Peter Shaw–LH Login Page |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Peter Shaw LH Login Page allows Reflected XSS.This issue affects LH Login Page: from n/a through 2.14. | 2025-01-16 | 7.1 | CVE-2025-23547 |
| PHOENIX CONTACT–CHARX SEC-3000 |
An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access. | 2025-01-14 | 8.8 | CVE-2024-11497 |
| pickplugins–Post Grid and Gutenberg Blocks ComboBlocks |
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator. | 2025-01-15 | 9.8 | CVE-2024-9636 |
| PMB Services–PMB platform |
Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely. | 2025-01-16 | 9.9 | CVE-2025-0471 |
| PMB Services–PMB platform |
Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response. | 2025-01-16 | 7.5 | CVE-2025-0472 |
| Poco–Blogger Image Import |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Poco Blogger Image Import allows Stored XSS.This issue affects Blogger Image Import: from 2.1 through n/a. | 2025-01-16 | 7.1 | CVE-2025-23689 |
| Predrag Supurovi–Stop Comment Spam |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Predrag Supurović Stop Comment Spam allows Stored XSS.This issue affects Stop Comment Spam: from n/a through 0.5.3. | 2025-01-16 | 7.1 | CVE-2025-23826 |
| project-zot–zot |
zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended. This may be due to some conflict with the group definitions in the config file, but that wasn’t obvious to me if it were the case. Any Zot configuration that relies on group-based authorization will not respect group remove/revocation by an IdP. This issue has been addressed in version 2.1.2. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-17 | 7.3 | CVE-2025-23208 |
| Rapid Sort–RSV GMaps |
Cross-Site Request Forgery (CSRF) vulnerability in Rapid Sort RSV GMaps allows Stored XSS.This issue affects RSV GMaps: from n/a through 1.5. | 2025-01-16 | 7.1 | CVE-2025-23665 |
| RasaHQ–rasa-pro-security-advisories |
Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on the Rasa instance eg with `–enable-api`. This is not the default configuration. 2. For unauthenticated RCE to be exploitable, the user must not have configured any authentication or other security controls recommended in our documentation. 3. For authenticated RCE, the attacker must posses a valid authentication token or JWT to interact with the Rasa API. This issue has been addressed in rasa version 3.6.21 and all users are advised to upgrade. Users unable to upgrade should ensure that they require authentication and that only trusted users are given access. | 2025-01-14 | 9 | CVE-2024-49375 |
| RaymondDesign–Post & Page Notes |
Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post & Page Notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through 0.1.1. | 2025-01-16 | 7.1 | CVE-2025-23715 |
| Real Seguro Viagem–Real Seguro Viagem |
Cross-Site Request Forgery (CSRF) vulnerability in Real Seguro Viagem Real Seguro Viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through 2.0.5. | 2025-01-16 | 7.1 | CVE-2025-23664 |
| Red Hat–Red Hat Enterprise Linux 7 |
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. | 2025-01-15 | 9.8 | CVE-2024-12084 |
| Red Hat–Red Hat Enterprise Linux 8 |
A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. | 2025-01-14 | 7.5 | CVE-2024-12085 |
| Regios–MyAnime Widget |
Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget allows Privilege Escalation.This issue affects MyAnime Widget: from n/a through 1.0. | 2025-01-16 | 8.8 | CVE-2025-23532 |
| Robert Nicholson–Copyright Safeguard Footer Notice |
Cross-Site Request Forgery (CSRF) vulnerability in Robert Nicholson Copyright Safeguard Footer Notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through 3.0. | 2025-01-16 | 7.1 | CVE-2025-23870 |
| Roninwp–FAT Event Lite |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through 1.1. | 2025-01-16 | 7.5 | CVE-2025-23915 |
| Ryan Sutana–NV Slider |
Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana NV Slider allows Stored XSS.This issue affects NV Slider: from n/a through 1.6. | 2025-01-16 | 7.1 | CVE-2025-23661 |
| Ryan Sutana–WP Panoramio |
Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana WP Panoramio allows Stored XSS.This issue affects WP Panoramio: from n/a through 1.5.0. | 2025-01-16 | 7.1 | CVE-2025-23662 |
| saadiqbal–Advanced File Manager Ultimate WordPress File Manager and Document Library Plugin |
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘fma_local_file_system’ function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above and upload permissions granted by an administrator, to upload arbitrary files on the affected site’s server which may make remote code execution possible. The function can be exploited only if the “Display .htaccess?” setting is enabled. | 2025-01-17 | 7.5 | CVE-2024-13333 |
| Saleswonder.biz Team–WP2LEADS |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Saleswonder.biz Team WP2LEADS allows Reflected XSS.This issue affects WP2LEADS: from n/a through 3.4.2. | 2025-01-13 | 7.1 | CVE-2024-56065 |
| Sam Burdge–WP Background Tile |
Cross-Site Request Forgery (CSRF) vulnerability in Sam Burdge WP Background Tile allows Stored XSS.This issue affects WP Background Tile: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23573 |
| SandyIN–Import Users to MailChimp |
Cross-Site Request Forgery (CSRF) vulnerability in SandyIN Import Users to MailChimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23675 |
| SAP_SE–SAP BusinessObjects Business Intelligence Platform |
SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application. | 2025-01-14 | 8.7 | CVE-2025-0061 |
| SAP_SE–SAP NetWeaver Application Server for ABAP and ABAP Platform |
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability. | 2025-01-14 | 9.9 | CVE-2025-0070 |
| SAP_SE–SAP NetWeaver AS ABAP and ABAP Platform |
SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability. | 2025-01-14 | 8.8 | CVE-2025-0063 |
| SAP_SE–SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) |
Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application | 2025-01-14 | 9.9 | CVE-2025-0066 |
| SAP_SE–SAPSetup |
Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a company. This leads to high impact on confidentiality, integrity and availability of the Windows server. | 2025-01-14 | 7.8 | CVE-2025-0069 |
| Scanventory.net–Scanventory |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Scanventory.net Scanventory allows Reflected XSS.This issue affects Scanventory: from n/a through 1.1.3. | 2025-01-13 | 7.1 | CVE-2025-22588 |
| Schalk Burger–Anonymize Links |
Cross-Site Request Forgery (CSRF) vulnerability in Schalk Burger Anonymize Links allows Stored XSS.This issue affects Anonymize Links: from n/a through 1.1. | 2025-01-16 | 7.1 | CVE-2025-23702 |
| Schneider Electric–Modicon M340 processors (part numbers BMXP34*) |
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure of restricted web page, modification of web page and denial of service when specific web pages are modified and restricted functions are invoked. | 2025-01-17 | 8.6 | CVE-2024-12142 |
| Schneider Electric–Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) |
CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver. | 2025-01-17 | 7.5 | CVE-2024-11425 |
| Schneider Electric–PowerLogic HDPM6000 |
CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges (Elevation of Privileges) when the attacker sends modified HTTPS requests to the device. | 2025-01-17 | 8.8 | CVE-2024-10497 |
| Schneider Electric–Pro-face GP-Pro EX |
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication. | 2025-01-17 | 7.1 | CVE-2024-12399 |
| Schneider Electric–RemoteConnect and SCADAPack x70 Utilities |
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. | 2025-01-17 | 7.8 | CVE-2024-12703 |
| Schneider Electric–Web Designer for BMXNOR0200H |
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool. | 2025-01-17 | 7.8 | CVE-2024-12476 |
| Scott Swezey–Easy Tynt |
Cross-Site Request Forgery (CSRF) vulnerability in Scott Swezey Easy Tynt allows Cross Site Request Forgery.This issue affects Easy Tynt: from n/a through 0.2.5.1. | 2025-01-16 | 7.1 | CVE-2025-23445 |
| SEOReseller Team–SEOReseller Partner |
Cross-Site Request Forgery (CSRF) vulnerability in SEOReseller Team SEOReseller Partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through 1.3.15. | 2025-01-16 | 7.1 | CVE-2025-23805 |
| Shabbos Commerce–Shabbos and Yom Tov |
Cross-Site Request Forgery (CSRF) vulnerability in Shabbos Commerce Shabbos and Yom Tov allows Stored XSS.This issue affects Shabbos and Yom Tov: from n/a through 1.9. | 2025-01-16 | 7.1 | CVE-2025-23694 |
| Shibu Lijack a.k.a CyberJack–CJ Custom Content |
Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.k.a CyberJack CJ Custom Content allows Stored XSS.This issue affects CJ Custom Content: from n/a through 2.0. | 2025-01-16 | 7.1 | CVE-2025-23869 |
| Shiv Prakash Tiwari–WP Service Payment Form With Authorize.net |
Cross-Site Request Forgery (CSRF) vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through 2.6.0. | 2025-01-16 | 7.1 | CVE-2025-23804 |
| Siemens–Mendix LDAP |
A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification. | 2025-01-14 | 7.4 | CVE-2024-56841 |
| Siemens–SIMATIC S7-1200 CPU 1211C AC/DC/Rly |
A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0), SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0), SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0), SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0), SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0), SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0). The web interface of the affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change the CPU mode by tricking a legitimate and authenticated user with sufficient permissions on the target CPU to click on a malicious link. | 2025-01-14 | 7.1 | CVE-2024-47100 |
| simple-help — simplehelp |
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. | 2025-01-15 | 8.8 | CVE-2024-57726 |
| simple-help — simplehelp |
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords. | 2025-01-15 | 7.5 | CVE-2024-57727 |
| simple-help — simplehelp |
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. | 2025-01-15 | 7.2 | CVE-2024-57728 |
| Sismics–Teedy |
Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin. | 2025-01-13 | 7.5 | CVE-2025-22963 |
| SmartAgenda–Smart Agenda |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SmartAgenda Smart Agenda allows Stored XSS.This issue affects Smart Agenda: from n/a through 4.7. | 2025-01-13 | 7.1 | CVE-2025-22506 |
| Solidres Team–Solidres Hotel booking plugin |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Solidres Team Solidres – Hotel booking plugin allows SQL Injection.This issue affects Solidres – Hotel booking plugin: from n/a through 0.9.4. | 2025-01-16 | 8.5 | CVE-2025-23911 |
| Somethinkodd.com Development Team–EmailShroud |
Cross-Site Request Forgery (CSRF) vulnerability in Somethinkodd.com Development Team EmailShroud allows Reflected XSS.This issue affects EmailShroud: from n/a through 2.2.1. | 2025-01-16 | 7.1 | CVE-2025-23456 |
| Sourov Amin–Word Freshener |
Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Word Freshener allows Stored XSS.This issue affects Word Freshener: from n/a through 1.3. | 2025-01-16 | 7.1 | CVE-2025-23577 |
| spoonthemes–Adifier System |
The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user’s identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attackers to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account. | 2025-01-18 | 9.8 | CVE-2024-13375 |
| SpruceJoy–Cookie Consent & Autoblock for GDPR/CCPA |
Cross-Site Request Forgery (CSRF) vulnerability in SpruceJoy Cookie Consent & Autoblock for GDPR/CCPA allows Stored XSS.This issue affects Cookie Consent & Autoblock for GDPR/CCPA: from n/a through 1.0.1. | 2025-01-16 | 7.1 | CVE-2025-23501 |
| Stanisaw Skonieczny–Secure CAPTCHA |
Cross-Site Request Forgery (CSRF) vulnerability in Stanisław Skonieczny Secure CAPTCHA allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through 1.2. | 2025-01-16 | 7.1 | CVE-2025-23693 |
| Stepan Stepasyuk–MemeOne |
Cross-Site Request Forgery (CSRF) vulnerability in Stepan Stepasyuk MemeOne allows Stored XSS.This issue affects MemeOne: from n/a through 2.0.5. | 2025-01-16 | 7.1 | CVE-2025-23559 |
| Strx–Strx Magic Floating Sidebar Maker |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Strx Strx Magic Floating Sidebar Maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through 1.4.1. | 2025-01-16 | 7.1 | CVE-2025-23827 |
| Swift Project–Swift ASN1 |
Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a preconditionFailure if that constraint isn’t met. Importantly, these constraints are actually required to be true in DER, but that correctness wasn’t enforced on the early node parser side so it was incorrect to rely on it later on in decoding, which is what the library did. These crashes can be triggered when parsing any DER/BER format object. There is no memory-safety issue here: the crash is a graceful one from the Swift runtime. The impact of this is that it can be used as a denial-of-service vector when parsing BER/DER data from unknown sources, e.g. when parsing TLS certificates. | 2025-01-15 | 7.5 | CVE-2025-0343 |
| Syed Amir Hussain–Custom Post |
Cross-Site Request Forgery (CSRF) vulnerability in Syed Amir Hussain Custom Post allows Stored XSS.This issue affects Custom Post: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23566 |
| Tarak Patel–Post Carousel & Slider |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tarak Patel Post Carousel & Slider allows Reflected XSS.This issue affects Post Carousel & Slider: from n/a through 1.0.4. | 2025-01-15 | 7.1 | CVE-2025-22750 |
| Taras Dashkevych–Error Notification |
Cross-Site Request Forgery (CSRF) vulnerability in Taras Dashkevych Error Notification allows Cross Site Request Forgery.This issue affects Error Notification: from n/a through 0.2.7. | 2025-01-16 | 7.1 | CVE-2025-23902 |
| TechMix–Event Countdown Timer Plugin by TechMix |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TechMix Event Countdown Timer Plugin by TechMix allows Reflected XSS.This issue affects Event Countdown Timer Plugin by TechMix: from n/a through 1.4. | 2025-01-16 | 7.1 | CVE-2025-23699 |
| Tenda–AC15 |
A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-19 | 8.8 | CVE-2025-0566 |
| Tenda–AC8 |
A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 7.2 | CVE-2025-0528 |
| Thorsten Krug–Multilang Contact Form |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Thorsten Krug Multilang Contact Form allows Reflected XSS.This issue affects Multilang Contact Form: from n/a through 1.5. | 2025-01-15 | 7.1 | CVE-2025-22795 |
| Tim Ridgway–Better Protected Pages |
Cross-Site Request Forgery (CSRF) vulnerability in Tim Ridgway Better Protected Pages allows Stored XSS.This issue affects Better Protected Pages: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23875 |
| trainingbusinesspros–WordPress CRM, Email & Marketing Automation for WordPress | Award Winner Groundhogg |
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner – Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-01-14 | 8.8 | CVE-2025-0394 |
| trustist–TRUSTist REVIEWer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in trustist TRUSTist REVIEWer allows Reflected XSS.This issue affects TRUSTist REVIEWer: from n/a through 2.0. | 2025-01-13 | 7.1 | CVE-2025-22567 |
| Turcu Ciprian–Auto FTP |
Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Auto FTP allows Stored XSS. This issue affects Auto FTP: from n/a through 1.0.1. | 2025-01-16 | 7.1 | CVE-2025-23793 |
| Tussendoor internet & marketing–Call me Now |
Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor internet & marketing Call me Now allows Stored XSS.This issue affects Call me Now: from n/a through 1.0.5. | 2025-01-16 | 7.1 | CVE-2025-23745 |
| TYPO3–typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Scheduler Module” allows attackers to trigger pre-defined command classes – which can lead to unauthorized import or export of data in the worst case. Users are advised to update to TYPO3 versions 11.5.42 ELTS which fixes the problem described. There are no known workarounds for this vulnerability. | 2025-01-14 | 8 | CVE-2024-55924 |
| TYPO3–typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Extension Manager Module” allows attackers to retrieve and install 3rd party extensions from the TYPO3 Extension Repository – which can lead to remote code execution in the worst case. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. | 2025-01-14 | 7.5 | CVE-2024-55921 |
| Typomedia Foundation–WordPress Custom Sidebar |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through 2.3. | 2025-01-16 | 8.5 | CVE-2025-23912 |
| ultimatemember–Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-18 | 7.5 | CVE-2025-0308 |
| Unknown–Appointment Booking Calendar Plugin and Scheduling Plugin |
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist). | 2025-01-13 | 7.5 | CVE-2024-12274 |
| Uri Weil–WP Order By |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Uri Weil WP Order By allows Reflected XSS.This issue affects WP Order By: from n/a through 1.4.2. | 2025-01-15 | 7.1 | CVE-2025-22765 |
| Venki–Supravizio BPM |
Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution. | 2025-01-13 | 9.9 | CVE-2024-46479 |
| Venki–Supravizio BPM |
An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. | 2025-01-13 | 8.4 | CVE-2024-46480 |
| Venki–Supravizio BPM |
The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS. | 2025-01-13 | 7.2 | CVE-2024-46481 |
| Vertim Coders–Neon Product Designer |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1. | 2025-01-15 | 8.5 | CVE-2025-22799 |
| Viktoria Rei Bauer–WP-BlackCheck |
Cross-Site Request Forgery (CSRF) vulnerability in Viktoria Rei Bauer WP-BlackCheck allows Stored XSS.This issue affects WP-BlackCheck: from n/a through 2.7.2. | 2025-01-16 | 7.1 | CVE-2025-23511 |
| Vimal Ghorecha–RSS News Scroller |
Cross-Site Request Forgery (CSRF) vulnerability in Vimal Ghorecha RSS News Scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through 2.0.0. | 2025-01-16 | 7.1 | CVE-2025-23467 |
| Vincius Krolow–Twitter Post |
Cross-Site Request Forgery (CSRF) vulnerability in VinÃcius Krolow Twitter Post allows Stored XSS.This issue affects Twitter Post: from n/a through 0.1. | 2025-01-16 | 7.1 | CVE-2025-23654 |
| WAGO–750-8100 (Controller PFC100) |
An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption. | 2025-01-16 | 7.5 | CVE-2018-25108 |
| Walter Cerrudo–MFPlugin |
Cross-Site Request Forgery (CSRF) vulnerability in Walter Cerrudo MFPlugin allows Stored XSS.This issue affects MFPlugin: from n/a through 1.3. | 2025-01-16 | 7.1 | CVE-2025-23660 |
| Wavlink–Wavlink AC3000 |
An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability. | 2025-01-14 | 10 | CVE-2024-34166 |
| Wavlink–Wavlink AC3000 |
A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability. | 2025-01-14 | 10 | CVE-2024-36258 |
| Wavlink–Wavlink AC3000 |
A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 10 | CVE-2024-36290 |
| Wavlink–Wavlink AC3000 |
A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability. | 2025-01-14 | 10 | CVE-2024-39608 |
| Wavlink–Wavlink AC3000 |
A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability. | 2025-01-14 | 10 | CVE-2024-39754 |
| Wavlink–Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_hour_value` POST parameter. | 2025-01-14 | 10 | CVE-2024-39759 |
| Wavlink–Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_min_value` POST parameter. | 2025-01-14 | 10 | CVE-2024-39760 |
| Wavlink–Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_week_value` POST parameter. | 2025-01-14 | 10 | CVE-2024-39761 |
| Wavlink–Wavlink AC3000 |
A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-21797 |
| Wavlink–Wavlink AC3000 |
A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-34544 |
| Wavlink–Wavlink AC3000 |
A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-36272 |
| Wavlink–Wavlink AC3000 |
A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-36295 |
| Wavlink–Wavlink AC3000 |
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-36493 |
| Wavlink–Wavlink AC3000 |
A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-37184 |
| Wavlink–Wavlink AC3000 |
An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-37186 |
| Wavlink–Wavlink AC3000 |
A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-37357 |
| Wavlink–Wavlink AC3000 |
An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-38666 |
| Wavlink–Wavlink AC3000 |
A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2025-01-14 | 9 | CVE-2024-39273 |
| Wavlink–Wavlink AC3000 |
An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39280 |
| Wavlink–Wavlink AC3000 |
A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39288 |
| Wavlink–Wavlink AC3000 |
A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39294 |
| Wavlink–Wavlink AC3000 |
A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39299 |
| Wavlink–Wavlink AC3000 |
A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39357 |
| Wavlink–Wavlink AC3000 |
A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39358 |
| Wavlink–Wavlink AC3000 |
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39359 |
| Wavlink–Wavlink AC3000 |
An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39360 |
| Wavlink–Wavlink AC3000 |
A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.6 | CVE-2024-39363 |
| Wavlink–Wavlink AC3000 |
An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39367 |
| Wavlink–Wavlink AC3000 |
An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39370 |
| Wavlink–Wavlink AC3000 |
An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39602 |
| Wavlink–Wavlink AC3000 |
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39603 |
| Wavlink–Wavlink AC3000 |
A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2025-01-14 | 9 | CVE-2024-39604 |
| Wavlink–Wavlink AC3000 |
A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39756 |
| Wavlink–Wavlink AC3000 |
A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39757 |
| Wavlink–Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `netmask` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39762 |
| Wavlink–Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `gateway` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39763 |
| Wavlink–Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `dest` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39764 |
| Wavlink–Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `custom_interface` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39765 |
| Wavlink–Wavlink AC3000 |
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_name` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39768 |
| Wavlink–Wavlink AC3000 |
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_mac` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39769 |
| Wavlink–Wavlink AC3000 |
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `en_enable` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39770 |
| Wavlink–Wavlink AC3000 |
A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39774 |
| Wavlink–Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_hour` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39781 |
| Wavlink–Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_min` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39782 |
| Wavlink–Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_week` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39783 |
| Wavlink–Wavlink AC3000 |
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the disk_part POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39784 |
| Wavlink–Wavlink AC3000 |
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39785 |
| Wavlink–Wavlink AC3000 |
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39786 |
| Wavlink–Wavlink AC3000 |
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39787 |
| Wavlink–Wavlink AC3000 |
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39788 |
| Wavlink–Wavlink AC3000 |
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_port` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39789 |
| Wavlink–Wavlink AC3000 |
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_max_sessions` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39790 |
| Wavlink–Wavlink AC3000 |
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_name` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39793 |
| Wavlink–Wavlink AC3000 |
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_port` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39794 |
| Wavlink–Wavlink AC3000 |
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_max_sessions` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39795 |
| Wavlink–Wavlink AC3000 |
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_protocol` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39798 |
| Wavlink–Wavlink AC3000 |
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_interface` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39799 |
| Wavlink–Wavlink AC3000 |
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `open_port` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39800 |
| Wavlink–Wavlink AC3000 |
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_bandwidth` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39801 |
| Wavlink–Wavlink AC3000 |
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_dat` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39802 |
| Wavlink–Wavlink AC3000 |
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `sel_mode` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39803 |
| Web Ready Now–WR Price List Manager For Woocommerce |
Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Upload a Web Shell to a Web Server.This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8. | 2025-01-15 | 9.9 | CVE-2025-22782 |
| web-mv.de–ResAds |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in web-mv.de ResAds allows SQL Injection.This issue affects ResAds: from n/a through 2.0.5. | 2025-01-16 | 7.6 | CVE-2025-23779 |
| wellwisher–Custom Widget Classes |
Cross-Site Request Forgery (CSRF) vulnerability in wellwisher Custom Widget Classes allows Cross Site Request Forgery.This issue affects Custom Widget Classes: from n/a through 1.1. | 2025-01-16 | 7.1 | CVE-2025-23844 |
| Wizcrew Technologies–go Social |
Cross-Site Request Forgery (CSRF) vulnerability in Wizcrew Technologies go Social allows Stored XSS.This issue affects go Social: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23426 |
| Wouter Dijkstra–DD Roles |
Incorrect Privilege Assignment vulnerability in Wouter Dijkstra DD Roles allows Privilege Escalation.This issue affects DD Roles: from n/a through 4.1. | 2025-01-16 | 8.8 | CVE-2025-23528 |
| WP Scripts–Food Store Online Food Delivery & Pickup |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Scripts Food Store – Online Food Delivery & Pickup allows Reflected XSS.This issue affects Food Store – Online Food Delivery & Pickup: from n/a through 1.5.1. | 2025-01-13 | 7.1 | CVE-2025-22314 |
| WPExperts–User Management |
Incorrect Privilege Assignment vulnerability in WPExperts User Management allows Privilege Escalation.This issue affects User Management: from n/a through 1.2. | 2025-01-15 | 8.8 | CVE-2025-22736 |
| wpextended–The Ultimate WordPress Toolkit WP Extended |
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-18 | 7.5 | CVE-2024-13184 |
| wpwebs Team – VA Jariwala–WP Post Corrector |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpwebs Team – VA Jariwala WP Post Corrector allows Reflected XSS.This issue affects WP Post Corrector: from n/a through 1.0.2. | 2025-01-15 | 7.1 | CVE-2025-22764 |
| X Villamuera–Visit Site Link enhanced |
Cross-Site Request Forgery (CSRF) vulnerability in X Villamuera Visit Site Link enhanced allows Stored XSS.This issue affects Visit Site Link enhanced: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23470 |
| xwiki–xwiki-platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was **experimental**, and thus **not recommended**, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended, starting with XWiki 16.9.0. A user with only **edit right** can join a realtime editing session where others, that where already there or that may join later, have **script** or **programming** access rights. This user can then insert **script rendering macros** that are executed for those users in the realtime session that have script or programming rights. The inserted scripts can be used to gain more access rights. This vulnerability has been patched in XWiki 15.10.2, 16.4.1 and 16.6.0-rc-1. Users are advised to upgrade. Users unable to upgrade may either disable the realtime WYSIWYG editing by disabling the “xwiki-realtime“ CKEditor plugin from the WYSIWYG editor administration section or uninstall the Realtime WYSIWYG Editorextension (org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui). | 2025-01-14 | 9 | CVE-2025-23025 |
| Y’S corporation–STEALTHONE D220 |
OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340 provided by Y’S corporation. An attacker who can access the affected product may execute an arbitrary OS command. | 2025-01-14 | 9.8 | CVE-2025-20055 |
| Y’S corporation–STEALTHONE D220 |
OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340/D440 provided by Y’S corporation. A user with an administrative privilege who logged in to the web management page of the affected product may execute an arbitrary OS command. | 2025-01-14 | 7.2 | CVE-2025-20016 |
| Y’S corporation–STEALTHONE D220 |
SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y’S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page. | 2025-01-14 | 7.5 | CVE-2025-20620 |
| Yamna Tatheer–KNR Author List Widget |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Yamna Tatheer KNR Author List Widget allows Reflected XSS.This issue affects KNR Author List Widget: from n/a through 3.1.1. | 2025-01-13 | 7.1 | CVE-2025-22514 |
| Yonatan Reinberg of Social Ink–Custom Post Type Lockdown |
Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg of Social Ink Custom Post Type Lockdown allows Privilege Escalation.This issue affects Custom Post Type Lockdown: from n/a through 1.11. | 2025-01-16 | 8.8 | CVE-2025-23530 |
| Zaantar–WordPress Logging Service |
Cross-Site Request Forgery (CSRF) vulnerability in Zaantar WordPress Logging Service allows Stored XSS.This issue affects WordPress Logging Service: from n/a through 1.5.4. | 2025-01-16 | 7.1 | CVE-2025-23510 |
| Zyxel–WBE530 firmware |
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device. | 2025-01-14 | 8.8 | CVE-2024-12398 |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects–Attendance Tracking Management System |
A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_action.php. The manipulation of the argument attendance_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 6.3 | CVE-2025-0536 |
| 1902756969–reggie |
A vulnerability classified as critical was found in 1902756969 reggie 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0402 |
| 1902756969–reggie |
A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 5.3 | CVE-2025-0401 |
| 1902756969–reggie |
A vulnerability, which was classified as problematic, has been found in 1902756969 reggie 1.0. Affected by this issue is some unknown functionality of the file /user/sendMsg of the component Phone Number Validation Handler. The manipulation of the argument code leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 5.3 | CVE-2025-0403 |
| addonsorg–PDF for WPForms + Drag and Drop Template Builder |
The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s yeepdf_dotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-15 | 6.4 | CVE-2024-12593 |
| advancedcreation–ShipWorks Connector for Woocommerce |
The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to missing or incorrect nonce validation on the ‘shipworks-wordpress’ page. This makes it possible for unauthenticated attackers to update the services username and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-18 | 4.3 | CVE-2024-13317 |
| AGILELOGIX–Free Google Maps |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AGILELOGIX Free Google Maps allows Stored XSS.This issue affects Free Google Maps: from n/a through 1.0.1. | 2025-01-15 | 6.5 | CVE-2025-22329 |
| aiwp–Elementor AI Addons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in aiwp Elementor AI Addons allows DOM-Based XSS.This issue affects Elementor AI Addons: from n/a through 2.2.1. | 2025-01-15 | 6.5 | CVE-2025-22758 |
| Albertolabs.com–Easy EU Cookie law |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Albertolabs.com Easy EU Cookie law allows Stored XSS.This issue affects Easy EU Cookie law: from n/a through 1.3.3.1. | 2025-01-16 | 6.5 | CVE-2025-23434 |
| Aleksandar Arsovski–Google Org Chart |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aleksandar Arsovski Google Org Chart allows Stored XSS.This issue affects Google Org Chart: from n/a through 1.0.1. | 2025-01-16 | 6.5 | CVE-2025-23928 |
| Alessandro Staniscia–Simple Vertical Timeline |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alessandro Staniscia Simple Vertical Timeline allows DOM-Based XSS.This issue affects Simple Vertical Timeline: from n/a through 0.1. | 2025-01-16 | 6.5 | CVE-2025-23856 |
| Alex Furr and Simon Ward–Progress Tracker |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. | 2025-01-16 | 6.5 | CVE-2025-23892 |
| Alex Thorpe–Easy Shortcode Buttons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alex Thorpe Easy Shortcode Buttons allows Stored XSS.This issue affects Easy Shortcode Buttons: from n/a through 1.2. | 2025-01-16 | 6.5 | CVE-2025-23825 |
| Alex Volkov–Woo Tuner |
Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2. | 2025-01-16 | 5.4 | CVE-2025-23761 |
| Alexander Weleczka–FontAwesome.io ShortCodes |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alexander Weleczka FontAwesome.io ShortCodes allows Stored XSS.This issue affects FontAwesome.io ShortCodes: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23824 |
| Alexey Yuzhakov–wp-pano |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alexey Yuzhakov wp-pano allows Stored XSS.This issue affects wp-pano: from n/a through 1.17. | 2025-01-15 | 6.5 | CVE-2025-22780 |
| Anshi Solutions–Category D3 Tree |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Anshi Solutions Category D3 Tree allows Stored XSS.This issue affects Category D3 Tree: from n/a through 1.1. | 2025-01-16 | 6.5 | CVE-2025-23873 |
| Apache Software Foundation–Apache CloudStack |
CloudStack users can add and read comments (annotations) on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources. An attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources. This may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn’t same as access to CloudStack resources, making this issue of very low severity and general low impact. CloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure. | 2025-01-13 | 4.3 | CVE-2025-22828 |
| Apache Software Foundation–Apache Linkis Metadata Query Service JDBC |
In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.7.0 will be affected. We recommend users upgrade the version of Linkis to version 1.7.0. | 2025-01-14 | 5.9 | CVE-2024-45627 |
| apple — ipados |
A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders. | 2025-01-15 | 4.3 | CVE-2024-54535 |
| Apple–Apple Music for Windows |
The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app. | 2025-01-15 | 5.5 | CVE-2024-54540 |
| Apple–iOS and iPadOS |
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1. An attacker with physical access may be able to access contacts from the lock screen. | 2025-01-15 | 4.6 | CVE-2024-54470 |
| Apple–macOS |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination. | 2025-01-15 | 6.5 | CVE-2024-40854 |
| Arm–SCP-Firmware |
Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP | 2025-01-14 | 5.3 | CVE-2024-11863 |
| arul–PDF.js Shortcode |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in arul PDF.js Shortcode allows Stored XSS.This issue affects PDF.js Shortcode: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23943 |
| August Infotech–AI Responsive Gallery Album |
Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4. | 2025-01-16 | 4.3 | CVE-2025-23785 |
| AWcode & KingfisherFox–Salvador AI Image Generator |
Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11. | 2025-01-16 | 4.3 | CVE-2025-23954 |
| awordpresslife–Event Monster Event Management, Tickets Booking, Upcoming Event |
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number. | 2025-01-14 | 5.3 | CVE-2024-11396 |
| AwoThemes–Social Media Engine |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AwoThemes Social Media Engine allows Stored XSS.This issue affects Social Media Engine: from n/a through 1.0.2. | 2025-01-15 | 6.5 | CVE-2025-22749 |
| barteled–Sandbox |
The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘debug’ parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-17 | 6.1 | CVE-2024-13366 |
| barteled–Sandbox |
The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download an entire copy of a sandbox environment which can contain sensitive information like the wp-config.php file. | 2025-01-17 | 6.5 | CVE-2024-13367 |
| Bjrn Weinbrenner–Navigation Du Lapin Blanc |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Björn Weinbrenner Navigation Du Lapin Blanc allows DOM-Based XSS.This issue affects Navigation Du Lapin Blanc: from n/a through 1.1.1. | 2025-01-15 | 6.5 | CVE-2025-22745 |
| BlackBerry–QNX Software Development Platform (SDP) |
Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec. | 2025-01-14 | 5.3 | CVE-2024-48854 |
| BlackBerry–QNX Software Development Platform (SDP) |
Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec. | 2025-01-14 | 5.3 | CVE-2024-48855 |
| BnB Select Ltd–Bookalet |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BnB Select Ltd Bookalet allows Stored XSS.This issue affects Bookalet: from n/a through 1.0.3. | 2025-01-16 | 6.5 | CVE-2025-23899 |
| boldgrid — w3_total_cache |
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and deactivate plugin extensions. | 2025-01-14 | 5.3 | CVE-2024-12006 |
| boldgrid — w3_total_cache |
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks. Note: the debug feature must be enabled for this to be a concern, and it is disabled by default. | 2025-01-14 | 5.3 | CVE-2024-12008 |
| BoldGrid–Post and Page Builder by BoldGrid Visual Drag and Drop Editor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.4. | 2025-01-15 | 6.5 | CVE-2025-22759 |
| bPlugins LLC–Button Block |
Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5. | 2025-01-15 | 4.3 | CVE-2025-22787 |
| bplugins–HTML5 Video Player mp4 Video Player Plugin and Block |
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-14 | 6.4 | CVE-2024-13156 |
| brandondove–RSS Icon Widget |
The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_color’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-17 | 4.4 | CVE-2024-12203 |
| caido–caido |
Caido is a web security auditing toolkit. A Cross-Site Scripting (XSS) vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to the theft of sensitive information. This issue has been addressed in version 0.45.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-17 | 5.2 | CVE-2025-23039 |
| carrotbits–Greek Namedays Widget From Eortologio.Net |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in carrotbits Greek Namedays Widget From Eortologio.Net allows Stored XSS.This issue affects Greek Namedays Widget From Eortologio.Net: from n/a through 20191113. | 2025-01-16 | 6.5 | CVE-2025-23783 |
| casid–jte |
jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with `script` tags or script attributes that include a Javascript template string (backticks) are subject to XSS. The `javaScriptBlock` and `javaScriptAttribute` methods in the `Escape` class do not escape backticks, which are used for Javascript template strings. Dollar signs in template strings should also be escaped as well to prevent undesired interpolation. HTML templates rendered by Jte’s `OwaspHtmlTemplateOutput` in versions less than or equal to `3.1.15` with `script` tags or script attributes that contain Javascript template strings (backticks) are vulnerable. Users are advised to upgrade to version 3.1.16 or later to resolve this issue. There are no known workarounds for this vulnerability. | 2025-01-13 | 6.1 | CVE-2025-23026 |
| Chandrika Guntur, Morgan Kay–Chamber Dashboard Business Directory |
Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.8. | 2025-01-16 | 5.4 | CVE-2025-23917 |
| CHR Designer–Responsive jQuery Slider |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CHR Designer Responsive jQuery Slider allows Stored XSS.This issue affects Responsive jQuery Slider: from n/a through 1.1.1. | 2025-01-15 | 6.5 | CVE-2025-22798 |
| Chris Roberts–Annie |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1. | 2025-01-16 | 6.5 | CVE-2025-23886 |
| chuck1982–WP Inventory Manager |
The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-17 | 6.1 | CVE-2024-13434 |
| closed–SOCIAL.NINJA |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in closed SOCIAL.NINJA allows Stored XSS. This issue affects SOCIAL.NINJA: from n/a through 0.2. | 2025-01-16 | 6.5 | CVE-2025-23907 |
| cmsmasters–Buzz Club Night Club, DJ and Music Festival Event WordPress Theme |
The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the ‘cmsmasters_hide_admin_notice’ function in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to ‘hide’ on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. | 2025-01-18 | 4.3 | CVE-2025-0515 |
| code-projects–Chat System |
A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/leaveroom.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 6.3 | CVE-2025-0531 |
| code-projects–Fantasy-Cricket |
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been classified as critical. Affected is an unknown function of the file /dash/update.php. The manipulation of the argument uname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-19 | 6.3 | CVE-2025-0563 |
| code-projects–Train Ticket Reservation System |
A vulnerability, which was classified as critical, was found in code-projects Train Ticket Reservation System 1.0. This affects an unknown part of the component Login Form. The manipulation of the argument username leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 5.3 | CVE-2025-0529 |
| Codexpert, Inc–CoDesigner WooCommerce Builder for Elementor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Codexpert, Inc CoDesigner WooCommerce Builder for Elementor allows Stored XSS.This issue affects CoDesigner WooCommerce Builder for Elementor: from n/a through 4.7.17.2. | 2025-01-15 | 5.9 | CVE-2025-22788 |
| Codezips–Gym Management System |
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of the argument m_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 6.3 | CVE-2025-0532 |
| Codezips–Gym Management System |
A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/edit_mem_submit.php. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 6.3 | CVE-2025-0535 |
| Codezips–Gym Management System |
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/edit_member.php. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-17 | 6.3 | CVE-2025-0541 |
| Codezips–Gym Management System |
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/health_status_entry.php. The manipulation of the argument usrid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-19 | 6.3 | CVE-2025-0562 |
| Common Ninja–Compare Ninja |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Common Ninja Compare Ninja allows Stored XSS.This issue affects Compare Ninja: from n/a through 2.1.0. | 2025-01-16 | 6.5 | CVE-2025-23909 |
| Creative Brahma–Multifox |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Creative Brahma Multifox allows Stored XSS.This issue affects Multifox: from n/a through 1.3.7. | 2025-01-15 | 6.5 | CVE-2025-22769 |
| Crocoblock–JetEngine |
The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2025-0369 |
| D-Link–DIR-878 |
A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 5.3 | CVE-2025-0481 |
| Data443–Posts Footer Manager |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Data443 Posts Footer Manager allows Stored XSS.This issue affects Posts Footer Manager: from n/a through 2.1.0. | 2025-01-15 | 5.9 | CVE-2025-22734 |
| davidanderson–UpdraftPlus: WP Backup & Migration Plugin |
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an admin user into performing an action such as clicking on a link. | 2025-01-15 | 6.1 | CVE-2025-0215 |
| Dell–Dell Display Manager |
Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion. | 2025-01-15 | 6.6 | CVE-2025-21101 |
| Dell–Dell Display Manager |
Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation. | 2025-01-15 | 6.7 | CVE-2025-22394 |
| desktop–desktop |
GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user’s credentials through the use of maliciously crafted remote URL. GitHub Desktop relies on Git to perform all network related operations (such as cloning, fetching, and pushing). When a user attempts to clone a repository GitHub Desktop will invoke `git clone` and when Git encounters a remote which requires authentication it will request the credentials for that remote host from GitHub Desktop using the git-credential protocol. Using a maliciously crafted URL it’s possible to cause the credential request coming from Git to be misinterpreted by Github Desktop such that it will send credentials for a different host than the host that Git is currently communicating with thereby allowing for secret exfiltration. GitHub username and OAuth token, or credentials for other Git remote hosts stored in GitHub Desktop could be improperly transmitted to an unrelated host. Users should update to GitHub Desktop 3.4.12 or greater which fixes this vulnerability. Users who suspect they may be affected should revoke any relevant credentials. | 2025-01-15 | 6.6 | CVE-2025-23040 |
| DivEngine–Gallery: Hybrid Advanced Visual Gallery |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DivEngine Gallery: Hybrid – Advanced Visual Gallery allows Stored XSS.This issue affects Gallery: Hybrid – Advanced Visual Gallery: from n/a through 1.4.0.2. | 2025-01-16 | 6.5 | CVE-2025-23951 |
| djangoproject–Django |
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) | 2025-01-14 | 5.8 | CVE-2024-56374 |
| Eiji Sabaoh Yamada–Rollover Tab |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Eiji ‘Sabaoh’ Yamada Rollover Tab allows Stored XSS.This issue affects Rollover Tab: from n/a through 1.3.2. | 2025-01-16 | 6.5 | CVE-2025-23863 |
| Ella van Durpe–Slides & Presentations |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ella van Durpe Slides & Presentations allows Code Injection.This issue affects Slides & Presentations: from n/a through 0.0.39. | 2025-01-16 | 5.4 | CVE-2025-23919 |
| Epic Games–Launcher |
A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. | 2025-01-19 | 4.5 | CVE-2025-0567 |
| eteubert–Podlove Podcast Publisher |
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-18 | 4.4 | CVE-2025-0554 |
| ETIC Telecom–Remote Access Server (RAS) |
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device. | 2025-01-17 | 6.8 | CVE-2024-26155 |
| ETIC Telecom–Remote Access Server (RAS) |
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in get view method under view parameter. The ETIC RAS web server uses dynamic pages that get their input from the client side and reflect the input in their response to the client. | 2025-01-17 | 6.1 | CVE-2024-26157 |
| ETIC Telecom–Remote Access Server (RAS) |
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. The ETIC RAS web server saves the site name and then presents it to the administrators in a few different pages. | 2025-01-17 | 4.8 | CVE-2024-26154 |
| ETIC Telecom–Remote Access Server (RAS) |
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client. | 2025-01-17 | 4.8 | CVE-2024-26156 |
| Eugenio Petull–imaGenius |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Eugenio Petullà imaGenius allows Stored XSS.This issue affects imaGenius: from n/a through 1.7. | 2025-01-16 | 6.5 | CVE-2025-23772 |
| evergreencontentposter–Evergreen Content Poster Auto Post and Schedule Your Best Content to Social Media |
The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to delete arbitrary posts and pages. | 2025-01-18 | 5.3 | CVE-2024-12071 |
| extendthemes–Kubio AI Page Builder |
The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-18 | 6.1 | CVE-2024-13516 |
| Eyouth { rob.panes }–Charity-thermometer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Eyouth { rob.panes } Charity-thermometer allows Stored XSS.This issue affects Charity-thermometer: from n/a through 1.1.2. | 2025-01-16 | 6.5 | CVE-2025-23860 |
| fahadmahmood–WP Responsive Tabs |
The WP Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wprtabs’ shortcode in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-16 | 6.4 | CVE-2024-13387 |
| Faizaan Gagan–Course Migration for LearnDash |
Server-Side Request Forgery (SSRF) vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a. | 2025-01-15 | 6.4 | CVE-2025-22346 |
| falldeaf–WP ViewSTL |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in falldeaf WP ViewSTL allows DOM-Based XSS.This issue affects WP ViewSTL: from n/a through 1.0. | 2025-01-15 | 6.5 | CVE-2025-22742 |
| Fanli2012–native-php-cms |
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/cat_edit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 6.3 | CVE-2025-0487 |
| Fanli2012–native-php-cms |
A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 6.3 | CVE-2025-0488 |
| Fanli2012–native-php-cms |
A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 6.3 | CVE-2025-0489 |
| Fanli2012–native-php-cms |
A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/article_dodel.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 6.3 | CVE-2025-0490 |
| Fanli2012–native-php-cms |
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/cat_dodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 6.3 | CVE-2025-0491 |
| fortinet — fortios |
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. | 2025-01-14 | 6.5 | CVE-2023-42785 |
| fortinet — fortios |
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. | 2025-01-14 | 6.5 | CVE-2023-42786 |
| Fortinet–FortiAnalyzer |
A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets. | 2025-01-14 | 5.6 | CVE-2024-35276 |
| Fortinet–FortiAP-S |
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI. | 2025-01-14 | 6.7 | CVE-2024-26012 |
| Fortinet–FortiClientEMS |
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses. | 2025-01-14 | 5.3 | CVE-2024-36510 |
| Fortinet–FortiDeceptor |
A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints | 2025-01-15 | 5.4 | CVE-2024-35280 |
| Fortinet–FortiDeceptor |
An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests. | 2025-01-14 | 4.3 | CVE-2024-45326 |
| Fortinet–FortiMail |
An improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI. | 2025-01-14 | 6.7 | CVE-2024-56497 |
| Fortinet–FortiManager |
An improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests. | 2025-01-14 | 6.5 | CVE-2024-33502 |
| Fortinet–FortiManager |
A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands | 2025-01-14 | 6.7 | CVE-2024-33503 |
| Fortinet–FortiManager |
A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. | 2025-01-14 | 6.6 | CVE-2024-35275 |
| Fortinet–FortiManager |
A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. | 2025-01-14 | 5.5 | CVE-2024-32115 |
| Fortinet–FortiOS |
An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL. | 2025-01-14 | 6.5 | CVE-2024-36504 |
| Fortinet–FortiOS |
An improper neutralization of crlf sequences in http headers (‘http response splitting’) in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header. | 2025-01-14 | 6.5 | CVE-2024-54021 |
| Fortinet–FortiOS |
An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints. | 2025-01-14 | 5.3 | CVE-2024-46666 |
| Fortinet–FortiPortal |
A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request. | 2025-01-14 | 4.3 | CVE-2024-35278 |
| Fortinet–FortiProxy |
An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets. | 2025-01-14 | 5 | CVE-2023-46715 |
| Fortinet–FortiRecorder |
A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests. | 2025-01-14 | 5.5 | CVE-2024-46664 |
| Fortinet–FortiRecorder |
A improper limitation of a pathname to a restricted directory (‘path traversal’) [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. | 2025-01-14 | 5.1 | CVE-2024-47566 |
| Fortinet–FortiRecorder |
A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets. | 2025-01-16 | 5.3 | CVE-2024-48885 |
| Fortinet–FortiSIEM |
An Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests. | 2025-01-14 | 4.1 | CVE-2024-52969 |
| Fortinet–FortiSOAR |
An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook | 2025-01-14 | 6.6 | CVE-2024-48890 |
| Fortinet–FortiSOAR |
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook. | 2025-01-14 | 6.8 | CVE-2024-48893 |
| Fortinet–FortiVoice |
An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. | 2025-01-14 | 6.7 | CVE-2024-40587 |
| Fortinet–FortiWeb |
A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections. | 2025-01-14 | 6.4 | CVE-2024-21758 |
| Fortra–Fortra Application Hub |
Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3 | 2025-01-18 | 5.5 | CVE-2024-11923 |
| glofoxwebdev–Glofox Shortcodes |
The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘glofox’ and ‘glofox_lead_capture ‘ shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-17 | 6.4 | CVE-2024-12508 |
| Gold Plugins–Easy FAQs |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gold Plugins Easy FAQs allows Stored XSS.This issue affects Easy FAQs: from n/a through 3.2.1. | 2025-01-16 | 6.5 | CVE-2025-23795 |
| Goldstar–Goldstar |
Missing Authorization vulnerability in Goldstar Goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through 2.1.1. | 2025-01-16 | 4.3 | CVE-2025-23962 |
| Google–Chrome |
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | 2025-01-15 | 6.5 | CVE-2025-0435 |
| Google–Chrome |
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2025-01-15 | 6.5 | CVE-2025-0439 |
| Google–Chrome |
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2025-01-15 | 6.5 | CVE-2025-0440 |
| Google–Chrome |
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium) | 2025-01-15 | 6.5 | CVE-2025-0441 |
| Google–Chrome |
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2025-01-15 | 6.5 | CVE-2025-0442 |
| Google–Chrome |
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | 2025-01-15 | 4.3 | CVE-2025-0446 |
| Google–Chrome |
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 2025-01-15 | 4.3 | CVE-2025-0448 |
| gpriday–Page Builder by SiteOrigin |
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-14 | 6.4 | CVE-2024-12240 |
| Gravity Forms–Gravity Forms |
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style_settings’ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The attack is only successful in the Chrome web browser, and requires directly browsing the media file via the attachment post. | 2025-01-17 | 5.4 | CVE-2024-13378 |
| gwendydd–Chamber Dashboard Business Directory |
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘business_categories’ shortcode in all versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-16 | 6.4 | CVE-2024-11452 |
| Harun R. Rayhan (Cr@zy Coder)–CC Circle Progress Bar |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar allows Stored XSS.This issue affects CC Circle Progress Bar: from n/a through 1.0.0. | 2025-01-16 | 6.5 | CVE-2025-23936 |
| HireHive–HireHive Job Plugin |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HireHive HireHive Job Plugin allows Stored XSS.This issue affects HireHive Job Plugin: from n/a through 2.9.0. | 2025-01-15 | 6.5 | CVE-2025-22746 |
| hirewebxperts — passwords_manager |
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-16 | 6.5 | CVE-2024-12615 |
| Hyland–Alfresco Community Edition |
A vulnerability classified as problematic has been found in Hyland Alfresco Community Edition and Alfresco Enterprise Edition up to 6.2.2. This affects an unknown part of the file /share/s/ of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0 is able to address this issue. It is recommended to upgrade the affected component. | 2025-01-18 | 4.3 | CVE-2025-0557 |
| IBM–App Connect Enterprise |
IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials. | 2025-01-18 | 4.4 | CVE-2024-49338 |
| IBM–Concert Software |
IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls. | 2025-01-18 | 5.3 | CVE-2024-49354 |
| IBM–InfoSphere Information Server |
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. | 2025-01-17 | 6.5 | CVE-2024-52363 |
| IBM–Jazz for Service Management |
IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system. | 2025-01-18 | 5.3 | CVE-2024-47106 |
| IBM–Maximo Asset Management |
IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. | 2025-01-19 | 6.5 | CVE-2024-45652 |
| IBM–MQ |
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned. | 2025-01-14 | 6.2 | CVE-2024-52898 |
| IBM–QRadar WinCollect Agent |
IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data. | 2025-01-17 | 4 | CVE-2024-51462 |
| IBM–Robotic Process Automation |
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement. | 2025-01-18 | 6.5 | CVE-2024-49824 |
| IBM–Robotic Process Automation |
IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege. | 2025-01-18 | 6.7 | CVE-2024-51448 |
| IBM–Security ReaQta |
IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs. | 2025-01-19 | 4.3 | CVE-2024-45654 |
| IBM–Sterling Connect:Direct Web Services |
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system. | 2025-01-19 | 4.3 | CVE-2024-45653 |
| IETF–IPv6 |
IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136. | 2025-01-14 | 5.4 | CVE-2025-23018 |
| IETF–IPv6 |
IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface. | 2025-01-14 | 5.4 | CVE-2025-23019 |
| Imagination Technologies–Graphics DDK |
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest’s virtualised GPU memory. | 2025-01-13 | 6.7 | CVE-2024-52937 |
| Imagination Technologies–Graphics DDK |
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest’s virtualised GPU memory. | 2025-01-13 | 4.1 | CVE-2024-52935 |
| imithemes–Eventer – WordPress Event & Booking Manager Plugin |
The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-01-17 | 6.5 | CVE-2024-10799 |
| Infomaniak Staff–VOD Infomaniak |
Missing Authorization vulnerability in Infomaniak Staff VOD Infomaniak allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VOD Infomaniak: from n/a through 1.5.9. | 2025-01-15 | 4.3 | CVE-2025-22729 |
| iTechArt-Group–PayPal Marketing Solutions |
Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2. | 2025-01-16 | 4.3 | CVE-2025-23930 |
| itsourcecode–Farm Management System |
A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-19 | 6.3 | CVE-2025-0561 |
| itsourcecode–Tailoring Management System |
A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /expadd.php. The manipulation of the argument expcat leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 6.3 | CVE-2025-0540 |
| Ivo Brett ApplyMetrics–Apply with LinkedIn buttons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ivo Brett – ApplyMetrics Apply with LinkedIn buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3. | 2025-01-16 | 6.5 | CVE-2025-23897 |
| Jens Remus–WP krpano |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jens Remus WP krpano allows Stored XSS.This issue affects WP krpano: from n/a through 1.2.1. | 2025-01-16 | 6.5 | CVE-2025-23876 |
| Jimmy Hu–Spiderpowa Embed PDF |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jimmy Hu Spiderpowa Embed PDF allows Stored XSS.This issue affects Spiderpowa Embed PDF: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23807 |
| Jimmy Pea–Feedburner Optin Form |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jimmy Peña Feedburner Optin Form allows Stored XSS.This issue affects Feedburner Optin Form: from n/a through 0.2.8. | 2025-01-16 | 6.5 | CVE-2025-23925 |
| Jobair–JB Horizontal Scroller News Ticker |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jobair JB Horizontal Scroller News Ticker allows DOM-Based XSS.This issue affects JB Horizontal Scroller News Ticker: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23830 |
| Joshua Wieczorek–Daily Proverb |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Joshua Wieczorek Daily Proverb allows Stored XSS.This issue affects Daily Proverb: from n/a through 2.0.3. | 2025-01-16 | 6.5 | CVE-2025-23859 |
| Jrmy Heleine–WP Photo Sphere |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jérémy Heleine WP Photo Sphere allows Stored XSS.This issue affects WP Photo Sphere: from n/a through 3.8. | 2025-01-16 | 6.5 | CVE-2025-23924 |
| jsmoriss–JSM Screenshot Machine Shortcode |
The JSM Screenshot Machine Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ssm’ shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2024-13385 |
| Justin Kuepper–QuoteMedia Tools |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Justin Kuepper QuoteMedia Tools allows DOM-Based XSS.This issue affects QuoteMedia Tools: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23644 |
| KaTeX–KaTeX |
KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `htmlData` that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade to KaTeX v0.16.21 to remove this vulnerability. Users unable to upgrade should avoid use of or turn off the `trust` option, or set it to forbid `htmlData` commands, forbid inputs containing the substring `”\htmlData”` and sanitize HTML output from KaTeX. | 2025-01-17 | 6.3 | CVE-2025-23207 |
| katsushi-kawamori–Moving Users |
The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user data. This could allow unauthenticated attackers to extract sensitive user data, for instance, email addresses, hashed passwords, and IP addresses. | 2025-01-17 | 5.3 | CVE-2024-12637 |
| kevonadonis–WP Abstracts |
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-18 | 6.1 | CVE-2024-12385 |
| Kopatheme–Kopa Nictitate Toolkit |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kopatheme Kopa Nictitate Toolkit allows Stored XSS.This issue affects Kopa Nictitate Toolkit: from n/a through 1.0.2. | 2025-01-16 | 6.5 | CVE-2025-23965 |
| le Pixel Solitaire–Enhanced YouTube Shortcode |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in le Pixel Solitaire Enhanced YouTube Shortcode allows Stored XSS.This issue affects Enhanced YouTube Shortcode: from n/a through 2.0.1. | 2025-01-16 | 6.5 | CVE-2025-23946 |
| Lenovo–PC Manager |
A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | 2025-01-14 | 4.7 | CVE-2024-10253 |
| Lenovo–PC Manager |
A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | 2025-01-14 | 4.7 | CVE-2024-10254 |
| Lenovo–XClarity Administrator |
A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances. | 2025-01-14 | 6.8 | CVE-2024-45102 |
| Lexmark–Printer Firmware |
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. | 2025-01-17 | 4.3 | CVE-2023-50738 |
| librenms–librenms |
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-16 | 5.4 | CVE-2025-23201 |
| librenms–librenms |
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.11.0 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.12.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-16 | 4.6 | CVE-2024-56144 |
| librenms–librenms |
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-16 | 4.6 | CVE-2025-23198 |
| librenms–librenms |
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-16 | 4.6 | CVE-2025-23199 |
| librenms–librenms |
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-16 | 4.6 | CVE-2025-23200 |
| libretro–RetroArch |
A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 5.3 | CVE-2025-0459 |
| liujianview–gymxmjpa |
A vulnerability has been found in liujianview gymxmjpa 1.0 and classified as critical. This vulnerability affects the function CoachController of the file src/main/java/com/liujian/gymxmjpa/controller/CoachController.java. The manipulation of the argument coachName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0404 |
| liujianview–gymxmjpa |
A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical. This issue affects the function GoodsDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/GoodsController.java. The manipulation of the argument goodsName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0405 |
| liujianview–gymxmjpa |
A vulnerability was found in liujianview gymxmjpa 1.0. It has been classified as critical. Affected is the function SubjectDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java. The manipulation of the argument subname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0406 |
| liujianview–gymxmjpa |
A vulnerability was found in liujianview gymxmjpa 1.0. It has been declared as critical. Affected by this vulnerability is the function EquipmentDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/EquipmentController.java. The manipulation of the argument hyname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0407 |
| liujianview–gymxmjpa |
A vulnerability was found in liujianview gymxmjpa 1.0. It has been rated as critical. Affected by this issue is the function LoosDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/LoosController.java. The manipulation of the argument loosName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0408 |
| liujianview–gymxmjpa |
A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument typeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0409 |
| liujianview–gymxmjpa |
A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. This vulnerability affects the function MenberDaoInpl of the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the argument hyname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0410 |
| M.J–WP-Player |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in M.J WP-Player allows Stored XSS.This issue affects WP-Player: from n/a through 2.6.1. | 2025-01-16 | 6.5 | CVE-2025-23947 |
| MagePeople Team–WpTravelly |
Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.8.5. | 2025-01-15 | 5.3 | CVE-2025-22737 |
| Magic Plugin Factory–Magic Google Maps |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Magic Plugin Factory Magic Google Maps allows Stored XSS.This issue affects Magic Google Maps: from n/a through 1.0.4. | 2025-01-16 | 6.5 | CVE-2025-23935 |
| Manuel Costales–GMap Shortcode |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Manuel Costales GMap Shortcode allows DOM-Based XSS.This issue affects GMap Shortcode: from n/a through 2.0. | 2025-01-16 | 6.5 | CVE-2025-23893 |
| Markus Liebelt–Chess Tempo Viewer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Markus Liebelt Chess Tempo Viewer allows Stored XSS.This issue affects Chess Tempo Viewer: from n/a through 0.9.5. | 2025-01-16 | 6.5 | CVE-2025-23868 |
| Massimo Serpilli–Incredible Font Awesome |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Massimo Serpilli Incredible Font Awesome allows Stored XSS.This issue affects Incredible Font Awesome: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23927 |
| matrix-org–gomatrixserverlib |
Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access. | 2025-01-16 | 4.3 | CVE-2024-52594 |
| Mattermost–Mattermost |
Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | 2025-01-15 | 6.5 | CVE-2025-20036 |
| Mattermost–Mattermost |
Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action’s style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input. | 2025-01-16 | 6.5 | CVE-2025-20072 |
| Mattermost–Mattermost |
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | 2025-01-15 | 6.5 | CVE-2025-20086 |
| Mattermost–Mattermost |
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | 2025-01-15 | 6.5 | CVE-2025-20088 |
| Mattermost–Mattermost |
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel. | 2025-01-16 | 6.5 | CVE-2025-20621 |
| Mattermost–Mattermost |
Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel. | 2025-01-16 | 6.5 | CVE-2025-20630 |
| Mattermost–Mattermost |
Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | 2025-01-15 | 6.5 | CVE-2025-21083 |
| Mattermost–Mattermost |
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action’s style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input. | 2025-01-15 | 6.5 | CVE-2025-21088 |
| Mattermost–Mattermost |
Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment | 2025-01-16 | 4.3 | CVE-2025-0476 |
| Meinturnierplan.de Team–MeinTurnierplan.de Widget Viewer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Meinturnierplan.de Team MeinTurnierplan.de Widget Viewer allows Stored XSS.This issue affects MeinTurnierplan.de Widget Viewer: from n/a through 1.1. | 2025-01-16 | 6.5 | CVE-2025-23941 |
| metaphorcreations–Metaphor Widgets |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4. | 2025-01-16 | 6.5 | CVE-2025-23816 |
| microsoft — sharepoint_server |
Microsoft SharePoint Server Spoofing Vulnerability | 2025-01-14 | 6.3 | CVE-2025-21393 |
| microsoft — windows_10_1507 |
Windows CSC Service Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21374 |
| Microsoft–Microsoft Edge (Chromium-based) |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2025-01-17 | 6.5 | CVE-2025-21185 |
| Microsoft–Microsoft Office 2019 |
Microsoft Outlook Remote Code Execution Vulnerability | 2025-01-14 | 6.7 | CVE-2025-21357 |
| Microsoft–On-Premises Data Gateway |
On-Premises Data Gateway Information Disclosure Vulnerability | 2025-01-14 | 6.4 | CVE-2025-21403 |
| Microsoft–Windows 10 Version 1809 |
Windows Recovery Environment Agent Elevation of Privilege Vulnerability | 2025-01-14 | 6.1 | CVE-2025-21202 |
| Microsoft–Windows 10 Version 1809 |
Secure Boot Security Feature Bypass Vulnerability | 2025-01-14 | 6.8 | CVE-2025-21211 |
| Microsoft–Windows 10 Version 1809 |
Windows NTLM Spoofing Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21217 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21226 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21227 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21228 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21229 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21232 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21249 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21255 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21256 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21258 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21260 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21261 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21263 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21265 |
| Microsoft–Windows 10 Version 1809 |
Windows COM Server Information Disclosure Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21272 |
| Microsoft–Windows 10 Version 1809 |
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | 2025-01-14 | 6.2 | CVE-2025-21278 |
| Microsoft–Windows 10 Version 1809 |
Windows COM Server Information Disclosure Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21288 |
| Microsoft–Windows 10 Version 1809 |
Windows Geolocation Service Information Disclosure Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21301 |
| Microsoft–Windows 10 Version 1809 |
Windows Themes Spoofing Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21308 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21310 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21324 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21327 |
| Microsoft–Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21341 |
| Microsoft–Windows 10 Version 1809 |
Windows Kerberos Information Disclosure Vulnerability | 2025-01-14 | 5.9 | CVE-2025-21242 |
| Microsoft–Windows 10 Version 1809 |
Windows WLAN AutoConfig Service Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21257 |
| Microsoft–Windows 10 Version 1809 |
Windows Event Tracing Denial of Service Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21274 |
| Microsoft–Windows 10 Version 1809 |
Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21280 |
| Microsoft–Windows 10 Version 1809 |
Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21284 |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21316 |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21318 |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21319 |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21320 |
| Microsoft–Windows 10 Version 1809 |
Windows Cryptographic Information Disclosure Vulnerability | 2025-01-14 | 5.6 | CVE-2025-21336 |
| Microsoft–Windows 10 Version 1809 |
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21340 |
| Microsoft–Windows 10 Version 1809 |
MapUrlToZone Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21189 |
| Microsoft–Windows 10 Version 1809 |
Windows BitLocker Information Disclosure Vulnerability | 2025-01-14 | 4.2 | CVE-2025-21210 |
| Microsoft–Windows 10 Version 1809 |
Secure Boot Security Feature Bypass Vulnerability | 2025-01-14 | 4.6 | CVE-2025-21213 |
| Microsoft–Windows 10 Version 1809 |
Windows BitLocker Information Disclosure Vulnerability | 2025-01-14 | 4.2 | CVE-2025-21214 |
| Microsoft–Windows 10 Version 1809 |
Secure Boot Security Feature Bypass Vulnerability | 2025-01-14 | 4.6 | CVE-2025-21215 |
| Microsoft–Windows 10 Version 1809 |
MapUrlToZone Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21219 |
| Microsoft–Windows 10 Version 1809 |
Windows HTML Platforms Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21269 |
| Microsoft–Windows 10 Version 1809 |
MapUrlToZone Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21328 |
| Microsoft–Windows Server 2019 |
Active Directory Federation Server Spoofing Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21193 |
| Microsoft–Windows Server 2019 |
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | 2025-01-14 | 5.9 | CVE-2025-21225 |
| Microsoft–Windows Server 2022 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21317 |
| Microsoft–Windows Server 2022 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21323 |
| Microsoft–Windows Server 2025 (Server Core installation) |
Windows Security Account Manager (SAM) Denial of Service Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21313 |
| Microsoft–Windows Server 2025 (Server Core installation) |
Windows SmartScreen Spoofing Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21314 |
| Microsoft–Windows Server 2025 (Server Core installation) |
MapUrlToZone Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21268 |
| Microsoft–Windows Server 2025 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21321 |
| Microsoft–Windows Server 2025 |
MapUrlToZone Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21329 |
| Microsoft–Windows Server 2025 |
MapUrlToZone Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21332 |
| Mohsin Rasool–Twitter Bootstrap Collapse aka Accordian Shortcode |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mohsin Rasool Twitter Bootstrap Collapse aka Accordian Shortcode allows DOM-Based XSS.This issue affects Twitter Bootstrap Collapse aka Accordian Shortcode: from n/a through 1.0. | 2025-01-15 | 6.5 | CVE-2025-22743 |
| MojofyWP–Product Carousel For WooCommerce WoorouSell |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MojofyWP Product Carousel For WooCommerce – WoorouSell allows Stored XSS.This issue affects Product Carousel For WooCommerce – WoorouSell: from n/a through 1.1.0. | 2025-01-15 | 6.5 | CVE-2025-22724 |
| mondula2016–Multi Step Form |
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images. | 2025-01-16 | 5.3 | CVE-2024-12427 |
| n/a–n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function. | 2025-01-13 | 6.1 | CVE-2023-42230 |
| n/a–n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function. | 2025-01-13 | 6.1 | CVE-2023-42233 |
| n/a–n/a |
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php. | 2025-01-13 | 6.1 | CVE-2023-42245 |
| n/a–n/a |
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php. | 2025-01-13 | 6.1 | CVE-2023-42246 |
| n/a–n/a |
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php. | 2025-01-13 | 6.1 | CVE-2023-42247 |
| n/a–n/a |
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php. | 2025-01-13 | 6.1 | CVE-2023-42249 |
| n/a–n/a |
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php. | 2025-01-13 | 6.1 | CVE-2023-42250 |
| n/a–n/a |
BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS) via the “Label” field in the Report template function. | 2025-01-13 | 6.1 | CVE-2024-44771 |
| n/a–n/a |
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadInputBuffers. | 2025-01-13 | 6.5 | CVE-2024-46920 |
| n/a–n/a |
The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the “TSIG Key” field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks. | 2025-01-14 | 6.1 | CVE-2024-50861 |
| n/a–n/a |
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module. | 2025-01-13 | 6.5 | CVE-2024-54999 |
| n/a–n/a |
Cross Site Scripting vulnerability in InformationPush master version allows a remote attacker to obtain sensitive information via the title, time and msg parameters | 2025-01-17 | 6.1 | CVE-2024-57372 |
| n/a–n/a |
In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server. | 2025-01-13 | 6.5 | CVE-2024-57487 |
| n/a–n/a |
Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php. | 2025-01-13 | 6.5 | CVE-2024-57488 |
| n/a–n/a |
An issue in the qst_vec_set_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 6.5 | CVE-2024-57653 |
| n/a–n/a |
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadOutputBuffers. | 2025-01-13 | 5.3 | CVE-2024-46919 |
| n/a–n/a |
A stored cross-site scripting (XSS) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | 2025-01-14 | 5.4 | CVE-2024-53563 |
| n/a–n/a |
Sourcecodester House Rental Management system v1.0 is vulnerable to Cross Site Scripting (XSS) in rental/manage_categories.php. | 2025-01-14 | 5.4 | CVE-2024-55000 |
| n/a–n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | 2025-01-16 | 5.7 | CVE-2024-57577 |
| n/a–n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function. | 2025-01-16 | 5.7 | CVE-2024-57578 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | 2025-01-15 | 4.8 | CVE-2024-41453 |
| n/a–n/a |
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, and Modem 5300. The UE incorrectly handles a malformed uplink scheduling message, resulting in an information leak of the UE. | 2025-01-13 | 4.3 | CVE-2024-48883 |
| n/a–n/a |
The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully. | 2025-01-14 | 4.8 | CVE-2024-50857 |
| n/a–n/a |
The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data. | 2025-01-14 | 4.8 | CVE-2024-50859 |
| n/a–n/a |
OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily. | 2025-01-17 | 4.3 | CVE-2024-57252 |
| n/a–n/a |
A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | 2025-01-15 | 4.8 | CVE-2025-22996 |
| n/a–n/a |
A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | 2025-01-15 | 4.8 | CVE-2025-22997 |
| n/a–wuzhicms |
A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 4.3 | CVE-2025-0480 |
| naa986–Checkout for PayPal |
The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘checkout_for_paypal’ shortcode in all versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-17 | 6.4 | CVE-2024-13398 |
| naa986–Payment Button for PayPal |
The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wp_paypal_checkout’ shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-17 | 6.4 | CVE-2024-13401 |
| Nasir–Scroll Top Advanced |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nasir Scroll Top Advanced allows Stored XSS.This issue affects Scroll Top Advanced: from n/a through 2.5. | 2025-01-16 | 6.5 | CVE-2025-23444 |
| Nativery Developer–Nativery |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nativery Developer Nativery allows DOM-Based XSS.This issue affects Nativery: from n/a through 0.1.6. | 2025-01-15 | 6.5 | CVE-2025-22781 |
| NCiphers–SEO Bulk Editor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NCiphers SEO Bulk Editor allows Stored XSS.This issue affects SEO Bulk Editor: from n/a through 1.1.0. | 2025-01-15 | 6.5 | CVE-2025-22587 |
| NEC Corporation–WX1500HP |
NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network. | 2025-01-15 | 4.8 | CVE-2025-0356 |
| Nikos M.–Top Flash Embed |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nikos M. Top Flash Embed allows Stored XSS.This issue affects Top Flash Embed: from n/a through 0.3.4. | 2025-01-16 | 6.5 | CVE-2025-23841 |
| nitethemes–Nite Shortcodes |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in nitethemes Nite Shortcodes allows Stored XSS.This issue affects Nite Shortcodes: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23877 |
| nitropack–NitroPack Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN |
The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to integers and not arbitrary values. | 2025-01-15 | 4.3 | CVE-2024-11851 |
| nmedia–Admin and Customer Messages After Order for WooCommerce: OrderConvo |
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the upload_file() function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload files on the affected site’s server which may make remote code execution possible and is confirmed to make Cross-Site Scripting possible. | 2025-01-16 | 5.4 | CVE-2024-13355 |
| notaryproject–notation-go |
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab’s audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificate(s) used to generate the timestamp signature was not verified. During timestamp signature generation, notation-go did not check the revocation status of the certificate chain used by the TSA. This oversight creates a vulnerability that could be exploited through a Man-in-The-Middle attack. An attacker could potentially use a compromised, intermediate, or revoked leaf certificate to generate a malicious countersignature, which would then be accepted and stored by `notation`. This could lead to denial of service scenarios, particularly in CI/CD environments during signature verification processes because timestamp signature would fail due to the presence of a revoked certificate(s) potentially disrupting operations. This issue has been addressed in release version 1.3.0-rc.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | 4 | CVE-2024-56138 |
| Nuanced Media–WP Meetup |
Missing Authorization vulnerability in Nuanced Media WP Meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through 2.3.0. | 2025-01-16 | 5.4 | CVE-2025-23916 |
| Octopus Deploy–Kubernetes Worker or Kubernetes Agent |
In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accordingly. | 2025-01-16 | 6.5 | CVE-2024-12226 |
| Octrace Studio–WordPress HelpDesk & Support Ticket System Plugin Octrace Support |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin – Octrace Support allows Stored XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin – Octrace Support: from n/a through 1.2.7. | 2025-01-15 | 5.9 | CVE-2025-22762 |
| Olaf Lederer–Ajax Contact Form |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Olaf Lederer Ajax Contact Form allows Stored XSS.This issue affects Ajax Contact Form: from n/a through 1.2.5.1. | 2025-01-15 | 6.5 | CVE-2025-22761 |
| OMRON Corporation–Machine Automation Controller NJ-series |
Path Traversal Vulnerabilities (CWE-22) exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products. | 2025-01-14 | 6.6 | CVE-2024-12083 |
| OMRON Corporation–Programable Terminals NB-Designer |
We found a vulnerability Improper Restriction of XML External Entity Reference (CWE-611) in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer. | 2025-01-14 | 5.5 | CVE-2024-12298 |
| Oncle Tom–Mindmeister Shortcode |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Oncle Tom Mindmeister Shortcode allows DOM-Based XSS.This issue affects Mindmeister Shortcode: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23896 |
| Ossur–Mobile Logic Application |
Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An attacker could access unauthorized information. | 2025-01-17 | 4.3 | CVE-2024-45832 |
| Ossur–Mobile Logic Application |
A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the integrity of normal use. | 2025-01-17 | 4.4 | CVE-2024-53683 |
| Oulcan zgen–Gallery and Lightbox |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in OÄŸulcan Özügenç Gallery and Lightbox allows Stored XSS.This issue affects Gallery and Lightbox: from n/a through 1.0.14. | 2025-01-15 | 6.5 | CVE-2025-22797 |
| Pegasystems–Pega Infinity |
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. | 2025-01-13 | 5.4 | CVE-2024-12211 |
| pflonk–Sidebar-Content from Shortcode |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pflonk Sidebar-Content from Shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through 2.0. | 2025-01-16 | 6.5 | CVE-2025-23642 |
| piotnetdotcom–Piotnet Addons For Elementor |
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the ‘pafe-template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2025-01-15 | 4.3 | CVE-2024-10775 |
| PMB Services–PMB platform |
Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to ‘/pmb/authorities/import/iimport_authorities’. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted. | 2025-01-16 | 6.5 | CVE-2025-0473 |
| Poll Maker Team–Poll Maker |
Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6. | 2025-01-15 | 6.5 | CVE-2024-56295 |
| Post SMTP–Post SMTP |
Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through 2.9.11. | 2025-01-13 | 4.3 | CVE-2025-22800 |
| Pravin Durugkar–User Sync ActiveCampaign |
Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through 1.3.2. | 2025-01-16 | 5.4 | CVE-2025-23778 |
| Pressfore–Winning Portfolio |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pressfore Winning Portfolio allows Stored XSS.This issue affects Winning Portfolio: from n/a through 1.1. | 2025-01-16 | 6.5 | CVE-2025-23865 |
| PromoSimple–Giveaways and Contests by PromoSimple |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PromoSimple Giveaways and Contests by PromoSimple allows Stored XSS.This issue affects Giveaways and Contests by PromoSimple: from n/a through 1.24. | 2025-01-16 | 6.5 | CVE-2025-23934 |
| Radix–SmartRecovery |
Howyar UEFI Application “Reloader” (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. | 2025-01-14 | 6.5 | CVE-2024-7344 |
| Rami Yushuvaev–Pastebin |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rami Yushuvaev Pastebin allows Stored XSS.This issue affects Pastebin: from n/a through 1.5. | 2025-01-16 | 6.5 | CVE-2025-23908 |
| RaminMT–Links/Problem Reporter |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RaminMT Links/Problem Reporter allows DOM-Based XSS.This issue affects Links/Problem Reporter: from n/a through 2.6.0. | 2025-01-16 | 6.5 | CVE-2025-23833 |
| rccoder–wp_amaps |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in rccoder wp_amaps allows Stored XSS.This issue affects wp_amaps: from n/a through 1.7. | 2025-01-16 | 6.5 | CVE-2025-23794 |
| realwebcare–Awesome Responsive Photo Gallery Image & Video Lightbox Gallery |
The Image Gallery – Responsive Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘awsmgallery’ parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-15 | 6.1 | CVE-2024-12403 |
| Red Hat–Red Hat build of Keycloak 26.0 |
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request. | 2025-01-14 | 6.5 | CVE-2024-11734 |
| Red Hat–Red Hat build of Keycloak 26.0 |
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing. | 2025-01-14 | 4.9 | CVE-2024-11736 |
| Red Hat–Red Hat Enterprise Linux 6 |
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client’s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client. | 2025-01-14 | 6.1 | CVE-2024-12086 |
| Red Hat–Red Hat Enterprise Linux 6 |
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `–inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `–inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client’s intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. | 2025-01-14 | 6.5 | CVE-2024-12087 |
| Red Hat–Red Hat Enterprise Linux 6 |
A flaw was found in rsync. When using the `–safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. | 2025-01-14 | 6.5 | CVE-2024-12088 |
| Red Hat–Red Hat Enterprise Linux 6 |
A flaw was found in rsync. This vulnerability arises from a race condition during rsync’s handling of symbolic links. Rsync’s default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. | 2025-01-14 | 5.6 | CVE-2024-12747 |
| Red Hat–Red Hat Enterprise Linux 9 |
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials. | 2025-01-15 | 5.5 | CVE-2024-11029 |
| Red Hat–Red Hat JBoss Data Grid 7 |
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”. | 2025-01-14 | 6.5 | CVE-2025-23366 |
| Rene Hermenau–QR Code Generator |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rene Hermenau QR Code Generator allows DOM-Based XSS.This issue affects QR Code Generator: from n/a through 1.2.6. | 2025-01-16 | 6.5 | CVE-2025-23831 |
| Revolutionart–Marmoset Viewer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Revolutionart Marmoset Viewer allows Stored XSS.This issue affects Marmoset Viewer: from n/a through 1.9.3. | 2025-01-16 | 6.5 | CVE-2025-23767 |
| Rob von Bothmer / SeoDev–S-DEV SEO |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rob von Bothmer / SeoDev S-DEV SEO allows Stored XSS.This issue affects S-DEV SEO: from n/a through 1.88. | 2025-01-15 | 6.5 | CVE-2025-22744 |
| robdavenport–WP Smart TV |
The WP Smart TV plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘tv-video-player’ shortcode in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-15 | 6.4 | CVE-2024-12818 |
| RocaPress–Horizontal Line Shortcode |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RocaPress Horizontal Line Shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23791 |
| Said Shiripour–EZPlayer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Said Shiripour EZPlayer allows Stored XSS.This issue affects EZPlayer: from n/a through 1.0.10. | 2025-01-16 | 6.5 | CVE-2025-23950 |
| Saiem Khan–Image Switcher |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 1.1. | 2025-01-16 | 6.5 | CVE-2025-23939 |
| Saiem Khan–Image Switcher |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 0.1.1. | 2025-01-16 | 6.5 | CVE-2025-23940 |
| Sanjaysolutions–Loginplus |
Missing Authorization vulnerability in Sanjaysolutions Loginplus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Loginplus: from n/a through 1.2. | 2025-01-16 | 5.3 | CVE-2025-23514 |
| SAP_SE–SAP Business Workflow and SAP Flexible Workflow |
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable. | 2025-01-14 | 6.5 | CVE-2025-0058 |
| SAP_SE–SAP BusinessObjects Business Intelligence Platform |
SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged user causing high impact on confidentiality and integrity of the application. | 2025-01-14 | 6.5 | CVE-2025-0060 |
| SAP_SE–SAP GUI for Java |
SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. | 2025-01-14 | 6 | CVE-2025-0056 |
| SAP_SE–SAP GUI for Windows |
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. | 2025-01-14 | 6 | CVE-2025-0055 |
| SAP_SE–SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) |
Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. | 2025-01-14 | 6 | CVE-2025-0059 |
| SAP_SE–SAP NetWeaver Application Server ABAP |
An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker could obtain information that would otherwise be restricted. It has no impact on integrity or availability on the application. | 2025-01-14 | 4.3 | CVE-2025-0068 |
| SAP_SE–SAP NetWeaver Application Server for ABAP and ABAP Platform |
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits. | 2025-01-14 | 5.3 | CVE-2025-0053 |
| SAP_SE–SAP NetWeaver Application Server Java |
Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on confidentiality, integrity, and availability of the application. | 2025-01-14 | 6.3 | CVE-2025-0067 |
| SAP_SE–SAP NetWeaver AS JAVA (User Admin Application) |
SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of victim’s web browser. | 2025-01-14 | 4.8 | CVE-2025-0057 |
| Schneider Electric–PowerLogic HDPM6000 |
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow an unauthorized attacker to modify configuration values outside of the normal range when the attacker sends specific Modbus write packets to the device which could result in invalid data or loss of web interface functionality. | 2025-01-17 | 6.5 | CVE-2024-10498 |
| Scott Allan Wallick–Blog Summary |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Scott Allan Wallick Blog Summary allows Stored XSS.This issue affects Blog Summary: from n/a through 0.1.2 β. | 2025-01-16 | 6.5 | CVE-2025-23887 |
| Scott Reilly–Post-to-Post Links |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Scott Reilly Post-to-Post Links allows Stored XSS.This issue affects Post-to-Post Links: from n/a through 4.2. | 2025-01-16 | 5.9 | CVE-2025-23878 |
| scottpaterson–Contact Form 7 Redirect & Thank You Page |
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-15 | 6.1 | CVE-2024-12423 |
| scribit–Proofreading |
The Proofreading plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘nonce’ parameter in all versions up to, and including, 1.2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-17 | 6.1 | CVE-2024-12466 |
| scriptsbundle–DWT – Directory & Listing WordPress Theme |
The DWT – Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the ‘sort_by’ and ‘token’ parameters. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-16 | 6.1 | CVE-2025-0170 |
| SetMore Appointments–SetMore Theme Custom Post Types |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SetMore Appointments SetMore Theme – Custom Post Types allows Stored XSS.This issue affects SetMore Theme – Custom Post Types: from n/a through 1.1. | 2025-01-15 | 6.5 | CVE-2025-22748 |
| Shanghai Lingdang Information Technology–Lingdang CRM |
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as critical. This issue affects some unknown processing of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1. The manipulation of the argument searchcontent leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 6.3 | CVE-2025-0462 |
| Shanghai Lingdang Information Technology–Lingdang CRM |
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0. It has been classified as critical. Affected is an unknown function of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument name leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 6.3 | CVE-2025-0463 |
| Shanghai Lingdang Information Technology–Lingdang CRM |
A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument pathfile leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 4.3 | CVE-2025-0461 |
| Siemens–Industrial Edge Management OS (IEM-OS) |
A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). Affected components are vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. | 2025-01-14 | 4.7 | CVE-2024-45385 |
| Siemens–SIPROTEC 5 6MD84 (CP300) |
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.80), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions < V9.80), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions < V9.80), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions < V9.80), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions < V9.80), SIPROTEC 5 7SX82 (CP150) (All versions < V9.80), SIPROTEC 5 7SX85 (CP300) (All versions < V9.80), SIPROTEC 5 7SY82 (CP150) (All versions < V9.80), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions < V9.80), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VU85 (CP300) (All versions < V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.80). Affected devices do not properly limit the path accessible via their webserver. This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices. | 2025-01-14 | 6.5 | CVE-2024-53649 |
| silabs.com–EmberZNet |
A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service (DoS). To recover from this DoS, the network must be re-established | 2025-01-15 | 5.8 | CVE-2024-7322 |
| silabs.com–SiSDK |
A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert | 2025-01-13 | 4.3 | CVE-2024-6352 |
| silverplugins217–Build Private Store For Woocommerce |
Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Build Private Store For Woocommerce allows Cross Site Request Forgery.This issue affects Build Private Store For Woocommerce: from n/a through 1.0. | 2025-01-15 | 4.3 | CVE-2025-22731 |
| silverstripe–silverstripe-asset-admin |
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the “insert media” functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | 5.4 | CVE-2024-47605 |
| silverstripe–silverstripe-framework |
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn’t get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | 5.4 | CVE-2024-53277 |
| sjhand–Webcamconsult |
The Webcamconsult plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-18 | 6.1 | CVE-2024-13432 |
| Smackcoders–SendGrid for WordPress |
Missing Authorization vulnerability in Smackcoders SendGrid for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n/a through 1.4. | 2025-01-16 | 4.3 | CVE-2025-23423 |
| smartagenda–Smart Agenda Prise de rendez-vous en ligne |
The Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce validation on the smartagenda_options_page_html() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-14 | 6.1 | CVE-2024-13348 |
| smub–Easy Digital Downloads eCommerce Payments and Subscriptions made easy |
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-18 | 4.4 | CVE-2024-13517 |
| Soflyy–WP All Import Pro |
The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-01-19 | 5.5 | CVE-2024-8722 |
| Steven Soehl–WP-Revive Adserver |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Steven Soehl WP-Revive Adserver allows Stored XSS.This issue affects WP-Revive Adserver: from n/a through 2.2.1. | 2025-01-16 | 6.5 | CVE-2025-23802 |
| stylemix–Motors Car Dealer, Classifieds & Listing |
The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | 2025-01-16 | 5.4 | CVE-2024-10970 |
| Sur.ly–Sur.ly |
Missing Authorization vulnerability in Sur.ly Sur.ly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sur.ly: from n/a through 3.0.3. | 2025-01-16 | 4.3 | CVE-2025-23957 |
| Sven Hofmann & Michael Schoenrock–Mark Posts |
Missing Authorization vulnerability in Sven Hofmann & Michael Schoenrock Mark Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through 2.2.3. | 2025-01-16 | 5.4 | CVE-2025-23963 |
| swarminteractive–ViewMedica 9 |
The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘viewmedica’ shortcode in all versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-15 | 6.4 | CVE-2024-13394 |
| SzMake–Contact Form 7 Anti Spambot |
Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through 1.0.1. | 2025-01-16 | 5.3 | CVE-2025-23862 |
| t2bot–matrix-media-repo |
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled (they are disabled by default), a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in ImageMagick. In some ImageMagick installations, this includes the capability to run Ghostscript to decode the image/file. If MP4 thumbnailers are enabled (also disabled by default), the same issue as above may occur with the ffmpeg installation instead. MMR uses a number of other decoders for all other file types when preparing thumbnails. Theoretical issues are possible with these decoders, however in testing they were not possible to exploit. This is fixed in MMR v1.3.8. MMR now inspects the mimetype of media prior to thumbnailing, and picks a thumbnailer based on those results instead of relying on user-supplied values. This may lead to fewer thumbnails when obscure file shapes are used. This also helps narrow scope of theoretical issues with all decoders MMR uses for thumbnails. Users are advised to upgrade. Users unable to upgrade may disable the SVG, JPEGXL, and MP4 thumbnail types in the MMR config which prevents the decoders from being invoked. Further disabling uncommon file types on the server is recommended to limit risk surface. Containers and other similar technologies may also be used to limit the impact of vulnerabilities in external decoders, like ImageMagick and ffmpeg. Some installations of ImageMagick may disable “unsafe” file types, like PDFs, already. This option can be replicated to other environments as needed. ffmpeg may be compiled with limited decoders/codecs. The Docker image for MMR disables PDFs and similar formats by default. | 2025-01-16 | 6.8 | CVE-2024-56515 |
| t2bot–matrix-media-repo |
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. MMR 1.3.5 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. Though extremely limited, server operators can use more strict rate limits based on IP address as a partial workaround. | 2025-01-16 | 5.3 | CVE-2024-36402 |
| t2bot–matrix-media-repo |
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR’s typical operating environment uses S3-like storage as a backend, with file-backed store as an alternative option. Instances using a file-backed store or those which self-host an S3 storage system are therefore vulnerable to a disk fill attack. Once the disk is full, authenticated users will be unable to upload new media, resulting in denial of service. For instances configured to use a cloud-based S3 storage option, this could result in high service fees instead of a denial of service. MMR 1.3.5 introduces a new default-on “leaky bucket” rate limit to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user’s ability to request large amounts of data. Operators should note that the leaky bucket implementation introduced in MMR 1.3.5 requires the IP address associated with the request to be forwarded, to avoid mistakenly applying the rate limit to the reverse proxy instead. To avoid this issue, the reverse proxy should populate the X-Forwarded-For header when sending the request to MMR. Operators who cannot update may wish to lower the maximum file size they allow and implement harsh rate limits, though this can still lead to a large amount of data to be downloaded. | 2025-01-16 | 5.3 | CVE-2024-36403 |
| t2bot–matrix-media-repo |
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade. | 2025-01-16 | 5 | CVE-2024-52602 |
| t2bot–matrix-media-repo |
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. This is fixed in MMR v1.3.8. Users are advised to upgrade. For users unable to upgrade; forward proxies can be configured to block requests to unsafe hosts. Alternatively, MMR processes can be configured with memory limits and auto-restart. Running multiple MMR processes concurrently can help ensure a restart does not overly impact users. | 2025-01-16 | 5.3 | CVE-2024-52791 |
| TC–Ajax WP Query Search Filter |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TC Ajax WP Query Search Filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through 1.0.7. | 2025-01-16 | 6.5 | CVE-2025-23926 |
| TDuckCloud–tduck-platform |
A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the function QueryProThemeRequest of the file src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java. The manipulation of the argument color leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-18 | 6.3 | CVE-2025-0558 |
| TechnoWich–WP ULike |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TechnoWich WP ULike allows Stored XSS.This issue affects WP ULike: from n/a through 4.7.6. | 2025-01-15 | 5.9 | CVE-2025-22738 |
| theverylastperson–Car Demon |
The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_condition’ parameter in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-15 | 6.1 | CVE-2024-13334 |
| thimpress–WP Hotel Booking |
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to add rooms with custom prices. | 2025-01-17 | 5.3 | CVE-2024-12370 |
| Thomas Ehrhardt–Powie’s pLinks PagePeeker |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Thomas Ehrhardt Powie’s pLinks PagePeeker allows DOM-Based XSS.This issue affects Powie’s pLinks PagePeeker: from n/a through 1.0.2. | 2025-01-16 | 6.5 | CVE-2025-23641 |
| Thorn Technologies LLC–Cache Sniper for Nginx |
Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2. | 2025-01-16 | 4.3 | CVE-2025-23776 |
| tobig–quote-posttype-plugin |
The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-17 | 6.4 | CVE-2024-13386 |
| Tom Ewer and Tito Pandu–Easy Tweet Embed |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tom Ewer and Tito Pandu Easy Tweet Embed allows DOM-Based XSS.This issue affects Easy Tweet Embed: from n/a through 1.7. | 2025-01-16 | 6.5 | CVE-2025-23890 |
| Tor Morten Jensen–Foundation Columns |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tor Morten Jensen Foundation Columns allows Stored XSS.This issue affects Foundation Columns: from n/a through 0.8. | 2025-01-15 | 6.5 | CVE-2025-22747 |
| Tushar Patel–Easy Portfolio |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tushar Patel Easy Portfolio allows Stored XSS.This issue affects Easy Portfolio: from n/a through 1.3. | 2025-01-16 | 6.5 | CVE-2025-23796 |
| TYPO3–typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none The vulnerability in the affected downstream component “Form Framework Module” allows attackers to manipulate or delete persisted form definitions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability. | 2025-01-14 | 5.4 | CVE-2024-55922 |
| TYPO3–typo3 |
TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3CMSCoreHttpUri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability. | 2025-01-14 | 4.8 | CVE-2024-55892 |
| TYPO3–typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Log Module” allows attackers to remove log entries. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability. | 2025-01-14 | 4.3 | CVE-2024-55893 |
| TYPO3–typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Backend User Module” allows attackers to initiate password resets for other backend users or to terminate their user sessions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. | 2025-01-14 | 4.3 | CVE-2024-55894 |
| TYPO3–typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Dashboard Module” allows attackers to manipulate the victim’s dashboard configuration. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability. | 2025-01-14 | 4.3 | CVE-2024-55920 |
| TYPO3–typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Indexed Search Module” allows attackers to delete items of the component. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this issue. | 2025-01-14 | 4.3 | CVE-2024-55923 |
| TYPO3–typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to `lax` or `none`. The vulnerability in the affected downstream component “DB Check Module” allows attackers to manipulate data through unauthorized actions. Users are advised to update to TYPO3 versions 11.5.42 ELTS which fixes the problem described. There are no known workarounds for this issue. | 2025-01-14 | 4.3 | CVE-2024-55945 |
| Ugur CELIK–WP News Sliders |
Missing Authorization vulnerability in Ugur CELIK WP News Sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through 1.0. | 2025-01-15 | 4.3 | CVE-2025-22779 |
| Ujjaval Jani–Copy Move Posts |
Missing Authorization vulnerability in Ujjaval Jani Copy Move Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Copy Move Posts: from n/a through 1.6. | 2025-01-16 | 5.3 | CVE-2025-23764 |
| ultimatemember–Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table. | 2025-01-18 | 5.3 | CVE-2025-0318 |
| umbraco–Umbraco.Forms.Issues |
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade. There are no known workarounds for this issue. | 2025-01-14 | 5.8 | CVE-2025-23041 |
| Unknown–Email Subscribers by Icegram Express |
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-13 | 4.8 | CVE-2024-11636 |
| Unknown–Email Subscribers by Icegram Express |
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-13 | 4.8 | CVE-2024-12566 |
| Unknown–Email Subscribers by Icegram Express |
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-13 | 4.8 | CVE-2024-12567 |
| Unknown–Email Subscribers by Icegram Express |
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-13 | 4.8 | CVE-2024-12568 |
| vcita–Event Registration Calendar By vcita |
The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-15 | 6.4 | CVE-2024-11870 |
| videowhisper–MicroPayments Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet |
The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘videowhisper_content_upload_guest’ shortcode in all versions up to, and including, 2.9.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2024-13391 |
| videowhisper–Picture Gallery Frontend Image Uploads, AJAX Photo List |
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s videowhisper_picture_upload_guest shortcode in all versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2024-12696 |
| videowhisper–Rate Star Review Vote AJAX Reviews, Votes, Star Ratings |
The Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘videowhisper_reviews’ shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2024-13392 |
| videowhisper–Video Share VOD Turnkey Video Site Builder Script |
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘videowhisper_videos’ shortcode in all versions up to, and including, 2.6.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2024-13393 |
| vim–vim |
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won’t try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003 | 2025-01-13 | 4.2 | CVE-2025-22134 |
| Vincent Loy–Yet Another Countdown |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vincent Loy Yet Another Countdown allows DOM-Based XSS.This issue affects Yet Another Countdown: from n/a through 1.0.1. | 2025-01-16 | 6.5 | CVE-2025-23891 |
| Virtual Computer–Vysual RH Solution |
A vulnerability classified as problematic was found in Virtual Computer Vysual RH Solution 2024.12.1. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Panel. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 4.3 | CVE-2025-0458 |
| W3speedster–W3SPEEDSTER |
Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER allows Cross Site Request Forgery.This issue affects W3SPEEDSTER: from n/a through 7.33. | 2025-01-16 | 4.3 | CVE-2025-23765 |
| Wavlink–Wavlink AC3000 |
An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | 2025-01-14 | 5.3 | CVE-2024-39773 |
| webtechstreet–Elementor Addon Elements |
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the ‘render’ function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data. | 2025-01-15 | 4.3 | CVE-2024-13215 |
| webwizardsdev–MarketKing Ultimate WooCommerce Multivendor Marketplace Solution |
The MarketKing – Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin’s settings in all versions up to, and including, 1.9.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-18 | 4.4 | CVE-2024-13519 |
| webzunft–Image Source Control Lite Show Image Credits and Captions |
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘path’ parameter in all versions up to, and including, 2.28.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-18 | 6.1 | CVE-2024-13515 |
| Wikimedia Foundation–Mediawiki – DataTransfer Extension |
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki – DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects Mediawiki – DataTransfer Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 2025-01-14 | 6.1 | CVE-2025-23081 |
| Wikimedia Foundation–Mediawiki – OpenBadges Extension |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki – OpenBadges Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki – OpenBadges Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 2025-01-14 | 5.3 | CVE-2025-23080 |
| Willows Consulting Ltd.–GDPR Personal Data Reports |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Willows Consulting Ltd. GDPR Personal Data Reports allows Stored XSS.This issue affects GDPR Personal Data Reports: from n/a through 1.0.5. | 2025-01-16 | 6.5 | CVE-2025-23777 |
| wishfulthemes–Email Capture & Lead Generation |
Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2. | 2025-01-16 | 4.3 | CVE-2025-23929 |
| WP Code Snippets (Luke America)–WCS QR Code Generator |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Code Snippets (Luke America) WCS QR Code Generator allows Stored XSS.This issue affects WCS QR Code Generator: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23864 |
| WP Tasker–WordPress Graphs & Charts |
Missing Authorization vulnerability in WP Tasker WordPress Graphs & Charts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through 2.0.8. | 2025-01-16 | 5.4 | CVE-2025-23961 |
| WPChill–Htaccess File Editor |
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WPChill Htaccess File Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through 1.0.19. | 2025-01-15 | 5.3 | CVE-2025-22773 |
| wpdevelop–WP Booking Calendar |
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘booking’ shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-14 | 6.4 | CVE-2024-13323 |
| wpeventmanager–WP User Profile Avatar |
The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the plugins setting which controls access to the functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-16 | 4.3 | CVE-2024-10789 |
| WpFreeware–WpF Ultimate Carousel |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WpFreeware WpF Ultimate Carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through 1.0.11. | 2025-01-16 | 6.5 | CVE-2025-23933 |
| wproyal–Royal Elementor Addons and Templates |
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-14 | 6.1 | CVE-2025-0393 |
| WWP–GMAPS for WPBakery Page Builder Free |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WWP GMAPS for WPBakery Page Builder Free allows Stored XSS.This issue affects GMAPS for WPBakery Page Builder Free: from n/a through 1.2. | 2025-01-16 | 6.5 | CVE-2025-23775 |
| xola.com–Xola |
Missing Authorization vulnerability in xola.com Xola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through 1.6. | 2025-01-16 | 4.3 | CVE-2025-23955 |
| YesStreaming.com Shoutcast and Icecast Internet Radio Hosting–Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in YesStreaming.com Shoutcast and Icecast Internet Radio Hosting Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com allows Stored XSS.This issue affects Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com: from n/a through 3.3. | 2025-01-16 | 5.9 | CVE-2025-23854 |
| yunra–Utilities for MTG |
The Utilities for MTG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mtglink’ shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2024-13433 |
| zookatron–MyBookProgress by Stormhill Media |
The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-17 | 6.4 | CVE-2024-12598 |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Apple–iOS and iPadOS |
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen. | 2025-01-15 | 2.4 | CVE-2024-40839 |
| CampCodes–School Management Software |
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /photo-gallery of the component Photo Gallery Page. The manipulation of the argument Description leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-18 | 2.4 | CVE-2025-0560 |
| Campcodes–School Management Software |
A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-18 | 2.4 | CVE-2025-0559 |
| code-projects–Car Rental Management System |
A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0. This issue affects some unknown processing of the file /admin/manage-pages.php. The manipulation of the argument pgdetails leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 2.4 | CVE-2025-0537 |
| code-projects–Job Recruitment |
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/_feedback_system.php. The manipulation of the argument type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 3.5 | CVE-2025-0530 |
| code-projects–Tourism Management System |
A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The manipulation of the argument pgedetails leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 3.5 | CVE-2025-0538 |
| Fanli2012–native-php-cms |
A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of the argument message/error leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 3.5 | CVE-2025-0483 |
| Fanli2012–native-php-cms |
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been classified as problematic. Affected is an unknown function of the file /fladmin/sysconfig_doedit.php. The manipulation of the argument info leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 3.5 | CVE-2025-0485 |
| Fortinet–FortiClientEMS |
An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection. | 2025-01-14 | 3.7 | CVE-2024-36506 |
| Fortinet–FortiClientWindows |
A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped. | 2025-01-14 | 3.3 | CVE-2024-50564 |
| Fortinet–FortiOS |
An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests. | 2025-01-14 | 3.7 | CVE-2024-46665 |
| Fortinet–FortiOS |
An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service. | 2025-01-14 | 3.5 | CVE-2024-46669 |
| Fortinet–FortiPortal |
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection. | 2025-01-14 | 3.5 | CVE-2024-52967 |
| Fortinet–FortiProxy |
A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets. | 2025-01-14 | 3.7 | CVE-2024-52963 |
| Fortinet–FortiWeb |
A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries | 2025-01-14 | 2.7 | CVE-2024-55593 |
| Microsoft–Windows 10 Version 1809 |
Windows Smart Card Reader Information Disclosure Vulnerability | 2025-01-14 | 2.4 | CVE-2025-21312 |
| n/a–Intel(R) Neural Compressor software |
Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access. | 2025-01-16 | 2.6 | CVE-2024-37181 |
| notaryproject–notation-go |
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab’s security audit on the Certificate Revocation List (CRL) based revocation check feature. After retrieving the CRL, notation-go attempts to update the CRL cache using the os.Rename method. However, this operation may fail due to operating system-specific limitations, particularly when the source and destination paths are on different mount points. This failure could lead to an unexpected program termination. In method `crl.(*FileCache).Set`, a temporary file is created in the OS dedicated area (like /tmp for, usually, Linux/Unix). The file is written and then it is tried to move it to the dedicated `notation` cache directory thanks `os.Rename`. As specified in Go documentation, OS specific restriction may apply. When used with Linux OS, it is relying on rename syscall from the libc and as per the documentation, moving a file to a different mountpoint raises an EXDEV error, interpreted as Cross device link not permitted error. Some Linux distribution, like RedHat use a dedicated filesystem (tmpfs), mounted on a specific mountpoint (usually /tmp) for temporary files. When using such OS, revocation check based on CRL will repeatedly crash notation. As a result the signature verification process is aborted as process crashes. This issue has been addressed in version 1.3.0-rc.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | 3.3 | CVE-2024-51491 |
| OpenVPN–ovpn-dco |
OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt. | 2025-01-15 | 3.3 | CVE-2024-5198 |
| Ossur–Mobile Logic Application |
Multiple bash files were present in the application’s private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application. | 2025-01-17 | 3.5 | CVE-2024-54681 |
| phiewer — phiewer |
In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data. | 2025-01-15 | 3.3 | CVE-2024-53407 |
| Phoenix–SecureCore for Intel Kaby Lake |
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCoreâ„¢ for Intel Kaby Lake, Phoenix SecureCoreâ„¢ for Intel Coffee Lake, Phoenix SecureCoreâ„¢ for Intel Comet Lake, Phoenix SecureCoreâ„¢ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCoreâ„¢ for Intel Kaby Lake: before 4.0.1.1012; SecureCoreâ„¢ for Intel Coffee Lake: before 4.1.0.568; SecureCoreâ„¢ for Intel Comet Lake: before 4.2.1.292; SecureCoreâ„¢ for Intel Ice Lake: before 4.2.0.334. | 2025-01-14 | 2.3 | CVE-2024-29979 |
| Phoenix–SecureCore for Intel Kaby Lake |
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCoreâ„¢ for Intel Kaby Lake, Phoenix SecureCoreâ„¢ for Intel Coffee Lake, Phoenix SecureCoreâ„¢ for Intel Comet Lake, Phoenix SecureCoreâ„¢ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCoreâ„¢ for Intel Kaby Lake: before 4.0.1.1012; SecureCoreâ„¢ for Intel Coffee Lake: before 4.1.0.568; SecureCoreâ„¢ for Intel Comet Lake: before 4.2.1.292; SecureCoreâ„¢ for Intel Ice Lake: before 4.2.0.334. | 2025-01-14 | 2.3 | CVE-2024-29980 |
| SourceCodester–Task Reminder System |
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Maintenance Section. The manipulation of the argument System Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-14 | 2.4 | CVE-2025-0464 |
| termius — termius |
An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component. | 2025-01-15 | 3.3 | CVE-2024-55503 |
| TYPO3–typo3 |
TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability. | 2025-01-14 | 3.1 | CVE-2024-55891 |
| Union Bank of India–Vyom |
A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-19 | 3.9 | CVE-2025-0575 |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| aws–aws-cdk |
The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow. However, the current `tls.connect` method will always set `rejectUnauthorized: false` which is a potential security concern. CDK should follow the best practice and set `rejectUnauthorized: true`. However, this could be a breaking change for existing CDK applications and we should fix this with a feature flag. Note that this is marked as low severity Security advisory because the issuer url is provided by CDK users who define the CDK application. If they insist on connecting to a unauthorized OIDC provider, CDK should not disallow this. Additionally, the code block is run in a Lambda environment which mitigate the MITM attack. The patch is in progress. To mitigate, upgrade to CDK v2.177.0 (Expected release date 2025-02-22). Once upgraded, users should make sure the feature flag ‘@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections’ is set to true in `cdk.context.json` or `cdk.json`. There are no known workarounds for this vulnerability. | 2025-01-17 | not yet calculated | CVE-2025-23206 |
| Bitdefender–Antivirus Free 2020 |
An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file. | 2025-01-15 | not yet calculated | CVE-2020-8094 |
| Bitdefender–Virus Scanner |
A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18. | 2025-01-13 | not yet calculated | CVE-2024-11128 |
| codidact–qpixel |
@codidact/qpixel is a Q&A-based community knowledge-sharing software. In affected versions when a category is set to private or limited-visibility within QPixel’s admin tools, suggested edits within this category can still be viewed by unprivileged or anonymous users via the suggested edit queue. This issue has not yet been patched and no workarounds are available. Users are advised to follow the development repo for updates. ### Patches Not yet patched. ### Workarounds None available. Private or limited-visibility categories should not be considered ways to store sensitive information. ### References Internal: [SUPPORT-114](https://codidact.atlassian.net/issues/SUPPORT-114) | 2025-01-13 | not yet calculated | CVE-2025-22138 |
| CrafterCMS–CrafterCMS |
Transmission of Private Resources into a New Sphere (‘Resource Leak’) vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6. | 2025-01-15 | not yet calculated | CVE-2025-0502 |
| devycreates–Bible-Module |
Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to manipulate the API request URLs, potentially leading to unauthorized access or data tampering. This issue has been addressed in version 0.0.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-17 | not yet calculated | CVE-2025-23202 |
| exelban–stats |
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exelban.Stats.SMC.Helper`. The associated binary, eu.exelban.Stats.SMC.Helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client, such as setting fan modes, adjusting fan speeds, and executing the `powermetrics` command. The root cause of this vulnerability lies in the `shouldAcceptNewConnection` method, which unconditionally returns YES (or true), allowing any XPC client to connect to the service without any form of verification. As a result, unauthorized clients can establish a connection to the Mach service and invoke methods exposed by the HelperTool interface. An attacker can exploit this vulnerability to modify the hardware settings of the user’s device and execute arbitrary code with root privileges. This issue has been addressed in version 2.11.21 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-17 | not yet calculated | CVE-2025-21606 |
| FFmpeg–FFmpeg |
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman | 2025-01-16 | not yet calculated | CVE-2025-0518 |
| git–git |
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escape sequences that the terminal interpret to confuse users e.g. into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker’s control. This issue has been patch via commits `7725b81` and `c903985` which are included in release versions v2.48.1, v2.47.1, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones. | 2025-01-14 | not yet calculated | CVE-2024-50349 |
| git–git |
Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called “sideband channel”. These messages will be prefixed with “remote:” and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources. | 2025-01-15 | not yet calculated | CVE-2024-52005 |
| git–git |
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.1, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones. | 2025-01-14 | not yet calculated | CVE-2024-52006 |
| git-lfs–git-lfs |
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host’s URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker may be able to retrieve a user’s Git credentials. This problem exists in all previous versions and is patched in v3.6.1. All users should upgrade to v3.6.1. There are no workarounds known at this time. | 2025-01-14 | not yet calculated | CVE-2024-53263 |
| Google–Android |
In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2017-13322 |
| Google–Android |
In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9375 |
| Google–Android |
In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9379 |
| Google–Android |
In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9382 |
| Google–Android |
In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9383 |
| Google–Android |
In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9384 |
| Google–Android |
In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9387 |
| Google–Android |
In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9389 |
| Google–Android |
In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9401 |
| Google–Android |
In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9405 |
| Google–Android |
In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9406 |
| Google–Android |
In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9434 |
| Google–Android |
In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9447 |
| Google–Android |
In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9461 |
| Google–Android |
In multiple locations, there is a possible way to read protected files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9464 |
| gradio-app–gradio |
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio’s Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or directory path. This vulnerability arises due to the lack of case normalization in the file path validation logic. On case-insensitive file systems, such as those used by Windows and macOS, this flaw enables attackers to circumvent security restrictions and access sensitive files that should be protected. This issue can lead to unauthorized data access, exposing sensitive information and undermining the integrity of Gradio’s security model. Given Gradio’s popularity for building web applications, particularly in machine learning and AI, this vulnerability may pose a substantial threat if exploited in production environments. This issue has been addressed in release version 5.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23042 |
| haydenbleasel–next-forge |
next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems. | 2025-01-13 | not yet calculated | CVE-2025-23027 |
| Imagination Technologies–Graphics DDK |
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest’s virtualised GPU memory. | 2025-01-13 | not yet calculated | CVE-2024-52936 |
| jupyter–nbgrader |
nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: ‘self’ grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of `enable_subdomains = False`. #1915 disables a protection which would allow user Alice to craft a page embedding formgrader in an IFrame. If Bob visits that page, his credentials will be sent and the formgrader page loaded. Because Alice’s page is on the same Origin as the formgrader iframe, Javasript on Alice’s page has _full access_ to the contents of the page served by formgrader using Bob’s credentials. This issue has been addressed in release 0.9.5 and all users are advised to upgrade. Users unable to upgrade may disable `frame-ancestors: self`, or enable per-user and per-service subdomains with `JupyterHub.enable_subdomains = True` (then even if embedding in an IFrame is allowed, the host page does not have access to the contents of the frame). | 2025-01-17 | not yet calculated | CVE-2025-23205 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `informacao_adicional.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `informacao_adicional.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim’s browser, potentially compromising the user’s data and system. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22613 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_editarInfoPessoal.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `nome` and `SobrenomeForm`parameters. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `dependente_editarInfoPessoal.php` parameters. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim’s browser, potentially compromising the user’s data and system. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22614 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `Cadastro_Atendido.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `cpf` parameter. The application fails to validate and sanitize user inputs in the `cpf` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user’s browser in the server’s response and executed within the context of the victim’s browser. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22615 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_parentesco_adicionar.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `dependente_parentesco_adicionar.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim’s browser, potentially compromising the user’s data and system. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22616 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_socio.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `socio` parameter. The application fails to validate and sanitize user inputs in the `socio` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user’s browser in the server’s response and executed within the context of the victim’s browser. This issue has been addressed in version 3.2.7 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22617 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cargo.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_cargo.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim’s browser, potentially compromising the user’s data and system. This issue has been addressed in release version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22618 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_permissoes.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_c` parameter. The application fails to validate and sanitize user inputs in the `msg_c` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user’s browser in the server’s response and executed within the context of the victim’s browser. This issue has been addressed in release version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22619 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `cadastro_funcionario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `cpf` parameter. The application fails to validate and sanitize user inputs in the `cpf` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user’s browser in the server’s response and executed within the context of the victim’s browser. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23030 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_alergia.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `nome` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_alergia.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim’s browser, potentially compromising the user’s data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23031 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_escala.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `escala` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_escala.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim’s browser, potentially compromising the user’s data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23032 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_situacao.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `situacao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_situacao.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim’s browser, potentially compromising the user’s data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23033 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `tags.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` parameter. The application fails to validate and sanitize user inputs in the `msg_e` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user’s browser in the server’s response and executed within the context of the victim’s browser. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23034 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_quadro_horario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_tipo_quadro_horario.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim’s browser, potentially compromising the user’s data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23035 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `pre_cadastro_funcionario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` parameter. The application fails to validate and sanitize user inputs in the `msg_e` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user’s browser in the server’s response and executed within the context of the victim’s browser. This issue has been addressed in version 3.2.7. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23036 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `control.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim’s browser, potentially compromising the user’s data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23037 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `remuneracao.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `remuneracao.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim’s browser, potentially compromising the user’s data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23038 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure ‘ib_sge list’ is accessible Move the declaration of the ‘ib_sge list’ variable outside the ‘always_invalidate’ block to ensure it remains accessible for use throughout the function. Previously, ‘ib_sge list’ was declared within the ‘always_invalidate’ block, limiting its accessibility, then caused a ‘BUG: kernel NULL pointer dereference'[1]. ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2d0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? memcpy_orig+0xd5/0x140 rxe_mr_copy+0x1c3/0x200 [rdma_rxe] ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe] copy_data+0xa5/0x230 [rdma_rxe] rxe_requester+0xd9b/0xf70 [rdma_rxe] ? finish_task_switch.isra.0+0x99/0x2e0 rxe_sender+0x13/0x40 [rdma_rxe] do_task+0x68/0x1e0 [rdma_rxe] process_one_work+0x177/0x330 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10 This change ensures the variable is available for subsequent operations that require it. [1] https://lore.kernel.org/linux-rdma/[email protected]/ | 2025-01-15 | not yet calculated | CVE-2024-36476 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command operation. If the main thread detects that the task has timed out, the asynchronous thread will panic when executing the completion notification because the main thread completion object has been released. BUG: unable to handle page fault for address: fffffffffffffff8 PGD 1f283a067 P4D 1f283a067 PUD 1f283c067 PMD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:complete_all+0x3e/0xa0 […] Call Trace: <TASK> ? __die_body+0x68/0xb0 ? page_fault_oops+0x379/0x3e0 ? exc_page_fault+0x69/0xa0 ? asm_exc_page_fault+0x22/0x30 ? complete_all+0x3e/0xa0 fsm_main_thread+0xa3/0x9c0 [mtk_t7xx (HASH:1400 5)] ? __pfx_autoremove_wake_function+0x10/0x10 kthread+0xd8/0x110 ? __pfx_fsm_main_thread+0x10/0x10 [mtk_t7xx (HASH:1400 5)] ? __pfx_kthread+0x10/0x10 ret_from_fork+0x38/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> […] CR2: fffffffffffffff8 —[ end trace 0000000000000000 ]— Use the reference counter to ensure safe release as Sergey suggests: https://lore.kernel.org/all/[email protected]/ | 2025-01-15 | not yet calculated | CVE-2024-39282 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: nvmet: Don’t overflow subsysnqn nvmet_root_discovery_nqn_store treats the subsysnqn string like a fixed size buffer, even though it is dynamically allocated to the size of the string. Create a new string with kstrndup instead of using the old buffer. | 2025-01-15 | not yet calculated | CVE-2024-53681 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Access to genmask field in struct nft_set_ext results in unaligned atomic read: [ 72.130109] Unable to handle kernel paging request at virtual address ffff0000c2bb708c [ 72.131036] Mem abort info: [ 72.131213] ESR = 0x0000000096000021 [ 72.131446] EC = 0x25: DABT (current EL), IL = 32 bits [ 72.132209] SET = 0, FnV = 0 [ 72.133216] EA = 0, S1PTW = 0 [ 72.134080] FSC = 0x21: alignment fault [ 72.135593] Data abort info: [ 72.137194] ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000 [ 72.142351] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 72.145989] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 72.150115] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000237d27000 [ 72.154893] [ffff0000c2bb708c] pgd=0000000000000000, p4d=180000023ffff403, pud=180000023f84b403, pmd=180000023f835403, +pte=0068000102bb7707 [ 72.163021] Internal error: Oops: 0000000096000021 [#1] SMP […] [ 72.170041] CPU: 7 UID: 0 PID: 54 Comm: kworker/7:0 Tainted: G E 6.13.0-rc3+ #2 [ 72.170509] Tainted: [E]=UNSIGNED_MODULE [ 72.170720] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-stable202302-for-qemu 03/01/2023 [ 72.171192] Workqueue: events_power_efficient nft_rhash_gc [nf_tables] [ 72.171552] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=–) [ 72.171915] pc : nft_rhash_gc+0x200/0x2d8 [nf_tables] [ 72.172166] lr : nft_rhash_gc+0x128/0x2d8 [nf_tables] [ 72.172546] sp : ffff800081f2bce0 [ 72.172724] x29: ffff800081f2bd40 x28: ffff0000c2bb708c x27: 0000000000000038 [ 72.173078] x26: ffff0000c6780ef0 x25: ffff0000c643df00 x24: ffff0000c6778f78 [ 72.173431] x23: 000000000000001a x22: ffff0000c4b1f000 x21: ffff0000c6780f78 [ 72.173782] x20: ffff0000c2bb70dc x19: ffff0000c2bb7080 x18: 0000000000000000 [ 72.174135] x17: ffff0000c0a4e1c0 x16: 0000000000003000 x15: 0000ac26d173b978 [ 72.174485] x14: ffffffffffffffff x13: 0000000000000030 x12: ffff0000c6780ef0 [ 72.174841] x11: 0000000000000000 x10: ffff800081f2bcf8 x9 : ffff0000c3000000 [ 72.175193] x8 : 00000000000004be x7 : 0000000000000000 x6 : 0000000000000000 [ 72.175544] x5 : 0000000000000040 x4 : ffff0000c3000010 x3 : 0000000000000000 [ 72.175871] x2 : 0000000000003a98 x1 : ffff0000c2bb708c x0 : 0000000000000004 [ 72.176207] Call trace: [ 72.176316] nft_rhash_gc+0x200/0x2d8 [nf_tables] (P) [ 72.176653] process_one_work+0x178/0x3d0 [ 72.176831] worker_thread+0x200/0x3f0 [ 72.176995] kthread+0xe8/0xf8 [ 72.177130] ret_from_fork+0x10/0x20 [ 72.177289] Code: 54fff984 d503201f d2800080 91003261 (f820303f) [ 72.177557] —[ end trace 0000000000000000 ]— Align struct nft_set_ext to word size to address this and documentation it. pahole reports that this increases the size of elements for rhash and pipapo in 8 bytes on x86_64. | 2025-01-15 | not yet calculated | CVE-2024-54031 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The following analyze this problem. In the following Call Traces: ” BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 Read of size 4 at addr ffff8880554640b0 by task kworker/1:4/5295 CPU: 1 UID: 0 PID: 5295 Comm: kworker/1:4 Not tainted 6.12.0-rc3-syzkaller-00399-g9197b73fd7bb #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: infiniband ib_cache_event_task Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 rxe_query_port+0x12d/0x260 drivers/infiniband/sw/rxe/rxe_verbs.c:60 __ib_query_port drivers/infiniband/core/device.c:2111 [inline] ib_query_port+0x168/0x7d0 drivers/infiniband/core/device.c:2143 ib_cache_update+0x1a9/0xb80 drivers/infiniband/core/cache.c:1494 ib_cache_event_task+0xf3/0x1e0 drivers/infiniband/core/cache.c:1568 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f2/0x390 kernel/kthread.c:389 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> ” 1). In the link [1], ” infiniband syz2: set down ” This means that on 839.350575, the event ib_cache_event_task was sent andi queued in ib_wq. 2). In the link [1], ” team0 (unregistering): Port device team_slave_0 removed ” It indicates that before 843.251853, the net device should be freed. 3). In the link [1], ” BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 ” This means that on 850.559070, this slab-use-after-free problem occurred. In all, on 839.350575, the event ib_cache_event_task was sent and queued in ib_wq, before 843.251853, the net device veth was freed. on 850.559070, this event was executed, and the mentioned freed net device was called. Thus, the above call trace occurred. [1] https://syzkaller.appspot.com/x/log.txt?x=12e7025f980000 | 2025-01-15 | not yet calculated | CVE-2024-57795 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloading vport rep. So, the mlx5e_rep_priv is already freed while trying to get rpriv->netdev, or walk rpriv->tc_ht, which results in use-after-free. So add the checking to make sure access the data of vport rep which is still loaded. | 2025-01-15 | not yet calculated | CVE-2024-57801 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601 nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774 nr_xmit+0x5a/0x1c0 net/netrom/nr_dev.c:144 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] raw_sendmsg+0x654/0xc10 net/ieee802154/socket.c:299 ieee802154_sock_sendmsg+0x91/0xc0 net/ieee802154/socket.c:96 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2780 sock_alloc_send_skb include/net/sock.h:1884 [inline] raw_sendmsg+0x36d/0xc10 net/ieee802154/socket.c:282 ieee802154_sock_sendmsg+0x91/0xc0 net/ieee802154/socket.c:96 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5037 Comm: syz-executor166 Not tainted 6.7.0-rc7-syzkaller-00003-gfbafc3e621c3 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 ===================================================== This issue occurs because the skb buffer is too small, and it’s actual allocation is aligned. This hides an actual issue, which is that nr_route_frame does not validate the buffer size before using it. Fix this issue by checking skb->len before accessing any fields in skb->data. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. | 2025-01-15 | not yet calculated | CVE-2024-57802 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in tcp_conn_request() If inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will return without free the dst memory, which allocated in af_ops->route_req. Here is the kmemleak stack: unreferenced object 0xffff8881198631c0 (size 240): comm “softirq”, pid 0, jiffies 4299266571 (age 1802.392s) hex dump (first 32 bytes): 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ……………. 81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00 .U………….. backtrace: [<ffffffffb93e8d4c>] kmem_cache_alloc+0x60c/0xa80 [<ffffffffba11b4c5>] dst_alloc+0x55/0x250 [<ffffffffba227bf6>] rt_dst_alloc+0x46/0x1d0 [<ffffffffba23050a>] __mkroute_output+0x29a/0xa50 [<ffffffffba23456b>] ip_route_output_key_hash+0x10b/0x240 [<ffffffffba2346bd>] ip_route_output_flow+0x1d/0x90 [<ffffffffba254855>] inet_csk_route_req+0x2c5/0x500 [<ffffffffba26b331>] tcp_conn_request+0x691/0x12c0 [<ffffffffba27bd08>] tcp_rcv_state_process+0x3c8/0x11b0 [<ffffffffba2965c6>] tcp_v4_do_rcv+0x156/0x3b0 [<ffffffffba299c98>] tcp_v4_rcv+0x1cf8/0x1d80 [<ffffffffba239656>] ip_protocol_deliver_rcu+0xf6/0x360 [<ffffffffba2399a6>] ip_local_deliver_finish+0xe6/0x1e0 [<ffffffffba239b8e>] ip_local_deliver+0xee/0x360 [<ffffffffba239ead>] ip_rcv+0xad/0x2f0 [<ffffffffba110943>] __netif_receive_skb_one_core+0x123/0x140 Call dst_release() to free the dst memory when inet_csk_reqsk_queue_hash_add() return false in tcp_conn_request(). | 2025-01-15 | not yet calculated | CVE-2024-57841 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn’t try to access the hardware. Protect it by using drm_dev_enter()/drm_dev_exit(). This fixes the following page fault: <6> [IGT] xe_wedged: exiting, ret=98 <1> BUG: unable to handle page fault for address: ffffc901bc5e508c <1> #PF: supervisor read access in kernel mode <1> #PF: error_code(0x0000) – not-present page … <4> xe_lrc_update_timestamp+0x1c/0xd0 [xe] <4> xe_exec_queue_update_run_ticks+0x50/0xb0 [xe] <4> xe_exec_queue_fini+0x16/0xb0 [xe] <4> __guc_exec_queue_fini_async+0xc4/0x190 [xe] <4> guc_exec_queue_fini_async+0xa0/0xe0 [xe] <4> guc_exec_queue_fini+0x23/0x40 [xe] <4> xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> xe_file_close+0xd4/0x1a0 [xe] <4> drm_file_free+0x210/0x280 [drm] <4> drm_close_helper.isra.0+0x6d/0x80 [drm] <4> drm_release_noglobal+0x20/0x90 [drm] (cherry picked from commit 4ca1fd418338d4d135428a0eb1e16e3b3ce17ee8) | 2025-01-15 | not yet calculated | CVE-2024-57844 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Remove direct link to net_device Do not manage a per device direct link to net_device. Rely on associated ib_devices net_device management, not doubling the effort locally. A badly managed local link to net_device was causing a ‘KASAN: slab-use-after-free’ exception during siw_query_port() call. | 2025-01-15 | not yet calculated | CVE-2024-57857 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix TCP options overflow. Syzbot reported the following splat: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:_compound_head include/linux/page-flags.h:242 [inline] RIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552 Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83 RSP: 0000:ffffc90003916c90 EFLAGS: 00010202 RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000 RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac R10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007 R13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_page_unref include/linux/skbuff_ref.h:43 [inline] __skb_frag_unref include/linux/skbuff_ref.h:56 [inline] skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb+0x55/0x70 net/core/skbuff.c:1204 tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline] tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032 tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805 tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939 tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 __netif_receive_skb_one_core net/core/dev.c:5672 [inline] __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785 process_backlog+0x662/0x15b0 net/core/dev.c:6117 __napi_poll+0xcb/0x490 net/core/dev.c:6883 napi_poll net/core/dev.c:6952 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:7074 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0033:0x7f34f4519ad5 Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 RSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246 RAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5 RDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0 RBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000 R10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4 R13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68 </TASK> Eric noted a probable shinfo->nr_frags corruption, which indeed occurs. The root cause is a buggy MPTCP option len computation in some circumstances: the ADD_ADDR option should be mutually exclusive with DSS since the blamed commit. Still, mptcp_established_options_add_addr() tries to set the relevant info in mptcp_out_options, if —truncated— | 2025-01-15 | not yet calculated | CVE-2024-57882 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: independent PMD page table shared count The folio refcount may be increased unexpectly through try_get_folio() by caller such as split_huge_pages. In huge_pmd_unshare(), we use refcount to check whether a pmd page table is shared. The check is incorrect if the refcount is increased by the above caller, and this can cause the page table leaked: BUG: Bad page state in process sh pfn:109324 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x66 pfn:0x109324 flags: 0x17ffff800000000(node=0|zone=2|lastcpupid=0xfffff) page_type: f2(table) raw: 017ffff800000000 0000000000000000 0000000000000000 0000000000000000 raw: 0000000000000066 0000000000000000 00000000f2000000 0000000000000000 page dumped because: nonzero mapcount … CPU: 31 UID: 0 PID: 7515 Comm: sh Kdump: loaded Tainted: G B 6.13.0-rc2master+ #7 Tainted: [B]=BAD_PAGE Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 Call trace: show_stack+0x20/0x38 (C) dump_stack_lvl+0x80/0xf8 dump_stack+0x18/0x28 bad_page+0x8c/0x130 free_page_is_bad_report+0xa4/0xb0 free_unref_page+0x3cc/0x620 __folio_put+0xf4/0x158 split_huge_pages_all+0x1e0/0x3e8 split_huge_pages_write+0x25c/0x2d8 full_proxy_write+0x64/0xd8 vfs_write+0xcc/0x280 ksys_write+0x70/0x110 __arm64_sys_write+0x24/0x38 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x34/0x128 el0t_64_sync_handler+0xc8/0xd0 el0t_64_sync+0x190/0x198 The issue may be triggered by damon, offline_page, page_idle, etc, which will increase the refcount of page table. 1. The page table itself will be discarded after reporting the “nonzero mapcount”. 2. The HugeTLB page mapped by the page table miss freeing since we treat the page table as shared and a shared page table will not be unmapped. Fix it by introducing independent PMD page table shared count. As described by comment, pt_index/pt_mm/pt_frag_refcount are used for s390 gmap, x86 pgds and powerpc, pt_share_count is used for x86/arm64/riscv pmds, so we can reuse the field as pt_share_count. | 2025-01-15 | not yet calculated | CVE-2024-57883 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false. #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c #2 [ffff80002cb6f990] schedule at ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550 #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68 #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660 #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98 #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8 #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974 #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4 At this point, the pgdat contains the following two zones: NODE: 4 ZONE: 0 ADDR: ffff00817fffe540 NAME: “DMA32” SIZE: 20480 MIN/LOW/HIGH: 11/28/45 VM_STAT: NR_FREE_PAGES: 359 NR_ZONE_INACTIVE_ANON: 18813 NR_ZONE_ACTIVE_ANON: 0 NR_ZONE_INACTIVE_FILE: 50 NR_ZONE_ACTIVE_FILE: 0 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 NODE: 4 ZONE: 1 ADDR: ffff00817fffec00 NAME: “Normal” SIZE: 8454144 PRESENT: 98304 MIN/LOW/HIGH: 68/166/264 VM_STAT: NR_FREE_PAGES: 146 NR_ZONE_INACTIVE_ANON: 94668 NR_ZONE_ACTIVE_ANON: 3 NR_ZONE_INACTIVE_FILE: 735 NR_ZONE_ACTIVE_FILE: 78 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 In allow_direct_reclaim(), while processing ZONE_DMA32, the sum of inactive/active file-backed pages calculated in zone_reclaimable_pages() based on the result of zone_page_state_snapshot() is zero. Additionally, since this system lacks swap, the calculation of inactive/ active anonymous pages is skipped. crash> p nr_swap_pages nr_swap_pages = $1937 = { counter = 0 } As a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to the processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having free pages significantly exceeding the high watermark. The problem is that the pgdat->kswapd_failures hasn’t been incremented. crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures $1935 = 0x0 This is because the node deemed balanced. The node balancing logic in balance_pgdat() evaluates all zones collectively. If one or more zones (e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the entire node is deemed balanced. This causes balance_pgdat() to exit early before incrementing the kswapd_failures, as it considers the overall memory state acceptable, even though some zones (like ZONE_NORMAL) remain under significant pressure. The patch ensures that zone_reclaimable_pages() includes free pages (NR_FREE_PAGES) in its calculation when no other reclaimable pages are available (e.g., file-backed or anonymous pages). This change prevents zones like ZONE_DMA32, which have sufficient free pages, from being mistakenly deemed unreclaimable. By doing so, the patch ensures proper node balancing, avoids masking pressure on other zones like ZONE_NORMAL, and prevents infinite loops in throttle_direct_reclaim() caused by allow_direct_reclaim(pgdat) repeatedly returning false. The kernel hangs due to a task stuck in throttle_direct_reclaim(), caused by a node being incorrectly deemed balanced despite pressure in certain zones, such as ZONE_NORMAL. This issue arises from zone_reclaimable_pages —truncated— | 2025-01-15 | not yet calculated | CVE-2024-57884 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: fix sleeping function called from invalid context at print message Address a bug in the kernel that triggers a “sleeping function called from invalid context” warning when /sys/kernel/debug/kmemleak is printed under specific conditions: – CONFIG_PREEMPT_RT=y – Set SELinux as the LSM for the system – Set kptr_restrict to 1 – kmemleak buffer contains at least one item BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 136, name: cat preempt_count: 1, expected: 0 RCU nest depth: 2, expected: 2 6 locks held by cat/136: #0: ffff32e64bcbf950 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb8/0xe30 #1: ffffafe6aaa9dea0 (scan_mutex){+.+.}-{3:3}, at: kmemleak_seq_start+0x34/0x128 #3: ffff32e6546b1cd0 (&object->lock){….}-{2:2}, at: kmemleak_seq_show+0x3c/0x1e0 #4: ffffafe6aa8d8560 (rcu_read_lock){….}-{1:2}, at: has_ns_capability_noaudit+0x8/0x1b0 #5: ffffafe6aabbc0f8 (notif_lock){+.+.}-{2:2}, at: avc_compute_av+0xc4/0x3d0 irq event stamp: 136660 hardirqs last enabled at (136659): [<ffffafe6a80fd7a0>] _raw_spin_unlock_irqrestore+0xa8/0xd8 hardirqs last disabled at (136660): [<ffffafe6a80fd85c>] _raw_spin_lock_irqsave+0x8c/0xb0 softirqs last enabled at (0): [<ffffafe6a5d50b28>] copy_process+0x11d8/0x3df8 softirqs last disabled at (0): [<0000000000000000>] 0x0 Preemption disabled at: [<ffffafe6a6598a4c>] kmemleak_seq_show+0x3c/0x1e0 CPU: 1 UID: 0 PID: 136 Comm: cat Tainted: G E 6.11.0-rt7+ #34 Tainted: [E]=UNSIGNED_MODULE Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0xa0/0x128 show_stack+0x1c/0x30 dump_stack_lvl+0xe8/0x198 dump_stack+0x18/0x20 rt_spin_lock+0x8c/0x1a8 avc_perm_nonode+0xa0/0x150 cred_has_capability.isra.0+0x118/0x218 selinux_capable+0x50/0x80 security_capable+0x7c/0xd0 has_ns_capability_noaudit+0x94/0x1b0 has_capability_noaudit+0x20/0x30 restricted_pointer+0x21c/0x4b0 pointer+0x298/0x760 vsnprintf+0x330/0xf70 seq_printf+0x178/0x218 print_unreferenced+0x1a4/0x2d0 kmemleak_seq_show+0xd0/0x1e0 seq_read_iter+0x354/0xe30 seq_read+0x250/0x378 full_proxy_read+0xd8/0x148 vfs_read+0x190/0x918 ksys_read+0xf0/0x1e0 __arm64_sys_read+0x70/0xa8 invoke_syscall.constprop.0+0xd4/0x1d8 el0_svc+0x50/0x158 el0t_64_sync+0x17c/0x180 %pS and %pK, in the same back trace line, are redundant, and %pS can void %pK service in certain contexts. %pS alone already provides the necessary information, and if it cannot resolve the symbol, it falls back to printing the raw address voiding the original intent behind the %pK. Additionally, %pK requires a privilege check CAP_SYSLOG enforced through the LSM, which can trigger a “sleeping function called from invalid context” warning under RT_PREEMPT kernels when the check occurs in an atomic context. This issue may also affect other LSMs. This change avoids the unnecessary privilege check and resolves the sleeping function warning without any loss of information. | 2025-01-15 | not yet calculated | CVE-2024-57885 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damon_target objects leaks on damon_commit_targets() Patch series “mm/damon/core: fix memory leaks and ignored inputs from damon_commit_ctx()”. Due to two bugs in damon_commit_targets() and damon_commit_schemes(), which are called from damon_commit_ctx(), some user inputs can be ignored, and some mmeory objects can be leaked. Fix those. Note that only DAMON sysfs interface users are affected. Other DAMON core API user modules that more focused more on simple and dedicated production usages, including DAMON_RECLAIM and DAMON_LRU_SORT are not using the buggy function in the way, so not affected. This patch (of 2): When new DAMON targets are added via damon_commit_targets(), the newly created targets are not deallocated when updating the internal data (damon_commit_target()) is failed. Worse yet, even if the setup is successfully done, the new target is not linked to the context. Hence, the new targets are always leaked regardless of the internal data setup failure. Fix the leaks. | 2025-01-15 | not yet calculated | CVE-2024-57886 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue by dropping of_node_put() in adv7533_parse_dt() and calling of_node_put() in error path of probe() and also in the remove(). | 2025-01-15 | not yet calculated | CVE-2024-57887 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker After commit 746ae46c1113 (“drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM”) amdgpu started seeing the following warning: [ ] workqueue: WQ_MEM_RECLAIM sdma0:drm_sched_run_job_work [gpu_sched] is flushing !WQ_MEM_RECLAIM events:amdgpu_device_delay_enable_gfx_off [amdgpu] … [ ] Workqueue: sdma0 drm_sched_run_job_work [gpu_sched] … [ ] Call Trace: [ ] <TASK> … [ ] ? check_flush_dependency+0xf5/0x110 … [ ] cancel_delayed_work_sync+0x6e/0x80 [ ] amdgpu_gfx_off_ctrl+0xab/0x140 [amdgpu] [ ] amdgpu_ring_alloc+0x40/0x50 [amdgpu] [ ] amdgpu_ib_schedule+0xf4/0x810 [amdgpu] [ ] ? drm_sched_run_job_work+0x22c/0x430 [gpu_sched] [ ] amdgpu_job_run+0xaa/0x1f0 [amdgpu] [ ] drm_sched_run_job_work+0x257/0x430 [gpu_sched] [ ] process_one_work+0x217/0x720 … [ ] </TASK> The intent of the verifcation done in check_flush_depedency is to ensure forward progress during memory reclaim, by flagging cases when either a memory reclaim process, or a memory reclaim work item is flushed from a context not marked as memory reclaim safe. This is correct when flushing, but when called from the cancel(_delayed)_work_sync() paths it is a false positive because work is either already running, or will not be running at all. Therefore cancelling it is safe and we can relax the warning criteria by letting the helper know of the calling context. References: 746ae46c1113 (“drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM”) | 2025-01-15 | not yet calculated | CVE-2024-57888 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, … preempt_count: 1, expected: 0 … Call Trace: … __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 mcp23s08_irq_set_type+0x1ae/0x1d6 __irq_set_trigger+0x56/0x172 __setup_irq+0x1e6/0x646 request_threaded_irq+0xb6/0x160 … We observed the problem while experimenting with a touchscreen driver which used MCP23017 IO expander (I2C). The regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from concurrent accesses, which is the default for regmaps without .fast_io, .disable_locking, etc. mcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter locks the mutex. However, __setup_irq() locks desc->lock spinlock before calling these functions. As a result, the system tries to lock the mutex whole holding the spinlock. It seems, the internal regmap locks are not needed in this driver at all. mcp->lock seems to protect the regmap from concurrent accesses already, except, probably, in mcp_pinconf_get/set. mcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under chip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes mcp->lock and enables regmap caching, so that the potentially slow I2C accesses are deferred until chip_bus_unlock(). The accesses to the regmap from mcp23s08_probe_one() do not need additional locking. In all remaining places where the regmap is accessed, except mcp_pinconf_get/set(), the driver already takes mcp->lock. This patch adds locking in mcp_pinconf_get/set() and disables internal locking in the regmap config. Among other things, it fixes the sleeping in atomic context described above. | 2025-01-15 | not yet calculated | CVE-2024-57889 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression “cmd.wqe_size * cmd.wr_count”, both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to uverbs_request_next_ptr() which also could potentially wrap. The “cmd.sge_count * sizeof(struct ib_uverbs_sge)” multiplication can also overflow on 32bit systems although it’s fine on 64bit systems. This patch does two things. First, I’ve re-arranged the condition in uverbs_request_next_ptr() so that the use controlled variable “len” is on one side of the comparison by itself without any math. Then I’ve modified all the callers to use size_mul() for the multiplications. | 2025-01-15 | not yet calculated | CVE-2024-57890 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix invalid irq restore in scx_ops_bypass() While adding outer irqsave/restore locking, 0e7ffff1b811 (“scx: Fix raciness in scx_ops_bypass()”) forgot to convert an inner rq_unlock_irqrestore() to rq_unlock() which could re-enable IRQ prematurely leading to the following warning: raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 1 PID: 96 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40 … Sched_ext: create_dsq (enabling) pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=–) pc : warn_bogus_irq_restore+0x30/0x40 lr : warn_bogus_irq_restore+0x30/0x40 … Call trace: warn_bogus_irq_restore+0x30/0x40 (P) warn_bogus_irq_restore+0x30/0x40 (L) scx_ops_bypass+0x224/0x3b8 scx_ops_enable.isra.0+0x2c8/0xaa8 bpf_scx_reg+0x18/0x30 … irq event stamp: 33739 hardirqs last enabled at (33739): [<ffff8000800b699c>] scx_ops_bypass+0x174/0x3b8 hardirqs last disabled at (33738): [<ffff800080d48ad4>] _raw_spin_lock_irqsave+0xb4/0xd8 Drop the stray _irqrestore(). | 2025-01-15 | not yet calculated | CVE-2024-57891 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the dangling pointer. During the remounting process, the pointer dqi_priv is freed but is never set as null leaving it to be accessed. Additionally, the read-only option for remounting sets the DQUOT_SUSPENDED flag instead of setting the DQUOT_USAGE_ENABLED flags. Moreover, later in the process of getting the next quota, the function ocfs2_get_next_id is called and only checks the quota usage flags and not the quota suspended flags. To fix this, I set dqi_priv to null when it is freed after remounting with read-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id. [[email protected]: coding-style cleanups] | 2025-01-15 | not yet calculated | CVE-2024-57892 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this access is racy as of now, which may lead to the out-of-bounds access. As a temporary band-aid fix, introduce a mutex for serializing the process of the SysEx message packets. | 2025-01-15 | not yet calculated | CVE-2024-57893 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix sleeping function called from invalid context This reworks hci_cb_list to not use mutex hci_cb_list_lock to avoid bugs like the bellow: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5070, name: kworker/u9:2 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 4 locks held by kworker/u9:2/5070: #0: ffff888015be3948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3229 [inline] #0: ffff888015be3948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x8e0/0x1770 kernel/workqueue.c:3335 #1: ffffc90003b6fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3230 [inline] #1: ffffc90003b6fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x91b/0x1770 kernel/workqueue.c:3335 #2: ffff8880665d0078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 net/bluetooth/hci_event.c:6914 #3: ffffffff8e132020 (rcu_read_lock){….}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #3: ffffffff8e132020 (rcu_read_lock){….}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #3: ffffffff8e132020 (rcu_read_lock){….}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 net/bluetooth/hci_event.c:6915 CPU: 0 PID: 5070 Comm: kworker/u9:2 Not tainted 6.8.0-syzkaller-08073-g480e035fc4c7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: hci0 hci_rx_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 __might_resched+0x5d4/0x780 kernel/sched/core.c:10187 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0xc1/0xd70 kernel/locking/mutex.c:752 hci_connect_cfm include/net/bluetooth/hci_core.h:2004 [inline] hci_le_create_big_complete_evt+0x3d9/0xae0 net/bluetooth/hci_event.c:6939 hci_event_func net/bluetooth/hci_event.c:7514 [inline] hci_event_packet+0xa53/0x1540 net/bluetooth/hci_event.c:7569 hci_rx_work+0x3e8/0xca0 net/bluetooth/hci_core.c:4171 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 </TASK> | 2025-01-15 | not yet calculated | CVE-2024-57894 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: set ATTR_CTIME flags when setting mtime David reported that the new warning from setattr_copy_mgtime is coming like the following. [ 113.215316] ————[ cut here ]———— [ 113.215974] WARNING: CPU: 1 PID: 31 at fs/attr.c:300 setattr_copy+0x1ee/0x200 [ 113.219192] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:1 Not tainted 6.13.0-rc1+ #234 [ 113.220127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 [ 113.221530] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] [ 113.222220] RIP: 0010:setattr_copy+0x1ee/0x200 [ 113.222833] Code: 24 28 49 8b 44 24 30 48 89 53 58 89 43 6c 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 89 df e8 77 d6 ff ff e9 cd fe ff ff <0f> 0b e9 be fe ff ff 66 0 [ 113.225110] RSP: 0018:ffffaf218010fb68 EFLAGS: 00010202 [ 113.225765] RAX: 0000000000000120 RBX: ffffa446815f8568 RCX: 0000000000000003 [ 113.226667] RDX: ffffaf218010fd38 RSI: ffffa446815f8568 RDI: ffffffff94eb03a0 [ 113.227531] RBP: ffffaf218010fb90 R08: 0000001a251e217d R09: 00000000675259fa [ 113.228426] R10: 0000000002ba8a6d R11: ffffa4468196c7a8 R12: ffffaf218010fd38 [ 113.229304] R13: 0000000000000120 R14: ffffffff94eb03a0 R15: 0000000000000000 [ 113.230210] FS: 0000000000000000(0000) GS:ffffa44739d00000(0000) knlGS:0000000000000000 [ 113.231215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.232055] CR2: 00007efe0053d27e CR3: 000000000331a000 CR4: 00000000000006b0 [ 113.232926] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 113.233812] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 113.234797] Call Trace: [ 113.235116] <TASK> [ 113.235393] ? __warn+0x73/0xd0 [ 113.235802] ? setattr_copy+0x1ee/0x200 [ 113.236299] ? report_bug+0xf3/0x1e0 [ 113.236757] ? handle_bug+0x4d/0x90 [ 113.237202] ? exc_invalid_op+0x13/0x60 [ 113.237689] ? asm_exc_invalid_op+0x16/0x20 [ 113.238185] ? setattr_copy+0x1ee/0x200 [ 113.238692] btrfs_setattr+0x80/0x820 [btrfs] [ 113.239285] ? get_stack_info_noinstr+0x12/0xf0 [ 113.239857] ? __module_address+0x22/0xa0 [ 113.240368] ? handle_ksmbd_work+0x6e/0x460 [ksmbd] [ 113.240993] ? __module_text_address+0x9/0x50 [ 113.241545] ? __module_address+0x22/0xa0 [ 113.242033] ? unwind_next_frame+0x10e/0x920 [ 113.242600] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 113.243268] notify_change+0x2c2/0x4e0 [ 113.243746] ? stack_depot_save_flags+0x27/0x730 [ 113.244339] ? set_file_basic_info+0x130/0x2b0 [ksmbd] [ 113.244993] set_file_basic_info+0x130/0x2b0 [ksmbd] [ 113.245613] ? process_scheduled_works+0xbe/0x310 [ 113.246181] ? worker_thread+0x100/0x240 [ 113.246696] ? kthread+0xc8/0x100 [ 113.247126] ? ret_from_fork+0x2b/0x40 [ 113.247606] ? ret_from_fork_asm+0x1a/0x30 [ 113.248132] smb2_set_info+0x63f/0xa70 [ksmbd] ksmbd is trying to set the atime and mtime via notify_change without also setting the ctime. so This patch add ATTR_CTIME flags when setting mtime to avoid a warning. | 2025-01-15 | not yet calculated | CVE-2024-57895 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() which frees the associated task_struct, and then stop and destroy all the work queues. However after we stopped the cleaner we may still have a worker from the delalloc_workers queue running inode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(), which in turn tries to wake up the cleaner kthread – which was already destroyed before, resulting in a use-after-free on the task_struct. Syzbot reported this with the following stack traces: BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52 CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: btrfs-delalloc btrfs_work_helper Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline] try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205 submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615 run_ordered_work fs/btrfs/async-thread.c:288 [inline] btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 2: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4104 [inline] slab_alloc_node mm/slub.c:4153 [inline] kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205 alloc_task_struct_node kernel/fork.c:180 [inline] dup_task_struct+0x57/0x8c0 kernel/fork.c:1113 copy_process+0x5d1/0x3d50 kernel/fork.c:2225 kernel_clone+0x223/0x870 kernel/fork.c:2807 kernel_thread+0x1bc/0x240 kernel/fork.c:2869 create_kthread kernel/kthread.c:412 [inline] kthreadd+0x60d/0x810 kernel/kthread.c:767 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 24: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2338 [inline] slab_free mm/slub.c:4598 [inline] kmem_cache_free+0x195/0x410 mm/slub.c:4700 put_task_struct include/linux/sched/task.h:144 [inline] delayed_put_task_struct+0x125/0x300 kernel/exit.c:227 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:943 —truncated— | 2025-01-15 | not yet calculated | CVE-2024-57896 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Correct the migration DMA map direction The SVM DMA device map direction should be set the same as the DMA unmap setting, otherwise the DMA core will report the following warning. Before finialize this solution, there’re some discussion on the DMA mapping type(stream-based or coherent) in this KFD migration case, followed by https://lore.kernel.org/all/04d4ab32 [email protected]/T/. As there’s no dma_sync_single_for_*() in the DMA buffer accessed that because this migration operation should be sync properly and automatically. Give that there’s might not be a performance problem in various cache sync policy of DMA sync. Therefore, in order to simplify the DMA direction setting alignment, let’s set the DMA map direction as BIDIRECTIONAL. [ 150.834218] WARNING: CPU: 8 PID: 1812 at kernel/dma/debug.c:1028 check_unmap+0x1cc/0x930 [ 150.834225] Modules linked in: amdgpu(OE) amdxcp drm_exec(OE) gpu_sched drm_buddy(OE) drm_ttm_helper(OE) ttm(OE) drm_suballoc_helper(OE) drm_display_helper(OE) drm_kms_helper(OE) i2c_algo_bit rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo iptable_nat xt_addrtype iptable_filter br_netfilter nvme_fabrics overlay nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c bridge stp llc sch_fq_codel intel_rapl_msr amd_atl intel_rapl_common snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg edac_mce_amd snd_pci_acp6x snd_hda_codec snd_acp_config snd_hda_core snd_hwdep snd_soc_acpi kvm_amd sunrpc snd_pcm kvm binfmt_misc snd_seq_midi crct10dif_pclmul snd_seq_midi_event ghash_clmulni_intel sha512_ssse3 snd_rawmidi nls_iso8859_1 sha256_ssse3 sha1_ssse3 snd_seq aesni_intel snd_seq_device crypto_simd snd_timer cryptd input_leds [ 150.834310] wmi_bmof serio_raw k10temp rapl snd sp5100_tco ipmi_devintf soundcore ccp ipmi_msghandler cm32181 industrialio mac_hid msr parport_pc ppdev lp parport efi_pstore drm(OE) ip_tables x_tables pci_stub crc32_pclmul nvme ahci libahci i2c_piix4 r8169 nvme_core i2c_designware_pci realtek i2c_ccgx_ucsi video wmi hid_generic cdc_ether usbnet usbhid hid r8152 mii [ 150.834354] CPU: 8 PID: 1812 Comm: rocrtst64 Tainted: G OE 6.10.0-custom #492 [ 150.834358] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS RMJ1009A 06/13/2021 [ 150.834360] RIP: 0010:check_unmap+0x1cc/0x930 [ 150.834363] Code: c0 4c 89 4d c8 e8 34 bf 86 00 4c 8b 4d c8 4c 8b 45 c0 48 8b 4d b8 48 89 c6 41 57 4c 89 ea 48 c7 c7 80 49 b4 84 e8 b4 81 f3 ff <0f> 0b 48 c7 c7 04 83 ac 84 e8 76 ba fc ff 41 8b 76 4c 49 8d 7e 50 [ 150.834365] RSP: 0018:ffffaac5023739e0 EFLAGS: 00010086 [ 150.834368] RAX: 0000000000000000 RBX: ffffffff8566a2e0 RCX: 0000000000000027 [ 150.834370] RDX: ffff8f6a8f621688 RSI: 0000000000000001 RDI: ffff8f6a8f621680 [ 150.834372] RBP: ffffaac502373a30 R08: 00000000000000c9 R09: ffffaac502373850 [ 150.834373] R10: ffffaac502373848 R11: ffffffff84f46328 R12: ffffaac502373a40 [ 150.834375] R13: ffff8f6741045330 R14: ffff8f6741a77700 R15: ffffffff84ac831b [ 150.834377] FS: 00007faf0fc94c00(0000) GS:ffff8f6a8f600000(0000) knlGS:0000000000000000 [ 150.834379] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.834381] CR2: 00007faf0b600020 CR3: 000000010a52e000 CR4: 0000000000350ef0 [ 150.834383] Call Trace: [ 150.834385] <TASK> [ 150.834387] ? show_regs+0x6d/0x80 [ 150.834393] ? __warn+0x8c/0x140 [ 150.834397] ? check_unmap+0x1cc/0x930 [ 150.834400] ? report_bug+0x193/0x1a0 [ 150.834406] ? handle_bug+0x46/0x80 [ 150.834410] ? exc_invalid_op+0x1d/0x80 [ 150.834413] ? asm_exc_invalid_op+0x1f/0x30 [ 150.834420] ? check_unmap+0x1cc/0x930 [ 150.834425] debug_dma_unmap_page+0x86/0x90 [ 150.834431] ? srso_return_thunk+0x5/0x5f [ 150.834435] —truncated— | 2025-01-15 | not yet calculated | CVE-2024-57897 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the valid_links bitmap before performing any clean-up operations. However, some functions require the link ID to remain in the valid_links bitmap. One such example is cfg80211_cac_event(). The flow is – nl80211_remove_link() cfg80211_remove_link() ieee80211_del_intf_link() ieee80211_vif_set_links() ieee80211_vif_update_links() ieee80211_link_stop() cfg80211_cac_event() cfg80211_cac_event() requires link ID to be present but it is cleared already in cfg80211_remove_link(). Ultimately, WARN_ON() is hit. Therefore, clear the link ID from the bitmap only after completing the link clean-up. | 2025-01-15 | not yet calculated | CVE-2024-57898 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE), the code is incorrectly searching for a bit in a 32-bit variable that is expected to be 64 bits in size, leading to incorrect bit finding. Solution: Ensure that the size of the bits variable is correctly adjusted for each architecture. Call Trace: ? show_regs+0x54/0x58 ? __warn+0x6b/0xd4 ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211] ? report_bug+0x113/0x150 ? exc_overflow+0x30/0x30 ? handle_bug+0x27/0x44 ? exc_invalid_op+0x18/0x50 ? handle_exception+0xf6/0xf6 ? exc_overflow+0x30/0x30 ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211] ? exc_overflow+0x30/0x30 ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211] ? ieee80211_mesh_work+0xff/0x260 [mac80211] ? cfg80211_wiphy_work+0x72/0x98 [cfg80211] ? process_one_work+0xf1/0x1fc ? worker_thread+0x2c0/0x3b4 ? kthread+0xc7/0xf0 ? mod_delayed_work_on+0x4c/0x4c ? kthread_complete_and_exit+0x14/0x14 ? ret_from_fork+0x24/0x38 ? kthread_complete_and_exit+0x14/0x14 ? ret_from_fork_asm+0xf/0x14 ? entry_INT80_32+0xf0/0xf0 [restore no-op path for no changes] | 2025-01-15 | not yet calculated | CVE-2024-57899 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nf_register_net_hooks() syzbot found a race in ila_add_mapping() [1] commit 031ae72825ce (“ila: call nf_unregister_net_hooks() sooner”) attempted to fix a similar issue. Looking at the syzbot repro, we have concurrent ILA_CMD_ADD commands. Add a mutex to make sure at most one thread is calling nf_register_net_hooks(). [1] BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604 Read of size 4 at addr ffff888028f40008 by task dhcpcd/5501 CPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 rht_key_hashfn include/linux/rhashtable.h:159 [inline] __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604 rhashtable_lookup include/linux/rhashtable.h:646 [inline] rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline] ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline] ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline] ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626 nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269 NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309 __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785 process_backlog+0x443/0x15f0 net/core/dev.c:6117 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883 napi_poll net/core/dev.c:6952 [inline] net_rx_action+0xa94/0x1010 net/core/dev.c:7074 handle_softirqs+0x213/0x8f0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049 | 2025-01-15 | not yet calculated | CVE-2024-57900 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_protocol_dgram() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8ccd05 len:29 put:14 head:ffff88807fc8e400 data:ffff88807fc8e3f4 tail:0x11 end:0x140 dev:<NULL> ————[ cut here ]———— kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 5892 Comm: syz-executor883 Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0b 8d 48 c7 c6 86 d5 25 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 5a 69 79 f7 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc900038d7638 EFLAGS: 00010282 RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 609ffd18ea660600 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: ffff88802483c8d0 R08: ffffffff817f0a8c R09: 1ffff9200071ae60 R10: dffffc0000000000 R11: fffff5200071ae61 R12: 0000000000000140 R13: ffff88807fc8e400 R14: ffff88807fc8e3f4 R15: 0000000000000011 FS: 00007fbac5e006c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fbac5e00d58 CR3: 000000001238e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 vlan_get_protocol_dgram+0x165/0x290 net/packet/af_packet.c:585 packet_recvmsg+0x948/0x1ef0 net/packet/af_packet.c:3552 sock_recvmsg_nosec net/socket.c:1033 [inline] sock_recvmsg+0x22f/0x280 net/socket.c:1055 ____sys_recvmsg+0x1c6/0x480 net/socket.c:2803 ___sys_recvmsg net/socket.c:2845 [inline] do_recvmmsg+0x426/0xab0 net/socket.c:2940 __sys_recvmmsg net/socket.c:3014 [inline] __do_sys_recvmmsg net/socket.c:3037 [inline] __se_sys_recvmmsg net/socket.c:3030 [inline] __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3030 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2025-01-15 | not yet calculated | CVE-2024-57901 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_tci() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_tci() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8da482 len:32 put:14 head:ffff88807a1d5800 data:ffff88807a1d5810 tail:0x14 end:0x140 dev:<NULL> ————[ cut here ]———— kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 5880 Comm: syz-executor172 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0b 8d 48 c7 c6 9e 6c 26 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 3a 5a 79 f7 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc90003baf5b8 EFLAGS: 00010286 RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 8565c1eec37aa000 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: ffff88802616fb50 R08: ffffffff817f0a4c R09: 1ffff92000775e50 R10: dffffc0000000000 R11: fffff52000775e51 R12: 0000000000000140 R13: ffff88807a1d5800 R14: ffff88807a1d5810 R15: 0000000000000014 FS: 00007fa03261f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd65753000 CR3: 0000000031720000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 vlan_get_tci+0x272/0x550 net/packet/af_packet.c:565 packet_recvmsg+0x13c9/0x1ef0 net/packet/af_packet.c:3616 sock_recvmsg_nosec net/socket.c:1044 [inline] sock_recvmsg+0x22f/0x280 net/socket.c:1066 ____sys_recvmsg+0x1c6/0x480 net/socket.c:2814 ___sys_recvmsg net/socket.c:2856 [inline] do_recvmmsg+0x426/0xab0 net/socket.c:2951 __sys_recvmmsg net/socket.c:3025 [inline] __do_sys_recvmmsg net/socket.c:3048 [inline] __se_sys_recvmmsg net/socket.c:3041 [inline] __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3041 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 | 2025-01-15 | not yet calculated | CVE-2024-57902 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: restrict SO_REUSEPORT to inet sockets After blamed commit, crypto sockets could accidentally be destroyed from RCU call back, as spotted by zyzbot [1]. Trying to acquire a mutex in RCU callback is not allowed. Restrict SO_REUSEPORT socket option to inet sockets. v1 of this patch supported TCP, UDP and SCTP sockets, but fcnal-test.sh test needed RAW and ICMP support. [1] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 24, name: ksoftirqd/1 preempt_count: 100, expected: 0 RCU nest depth: 0, expected: 0 1 lock held by ksoftirqd/1/24: #0: ffffffff8e937ba0 (rcu_callback){….}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #0: ffffffff8e937ba0 (rcu_callback){….}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline] #0: ffffffff8e937ba0 (rcu_callback){….}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823 Preemption disabled at: [<ffffffff8161c8c8>] softirq_handle_begin kernel/softirq.c:402 [inline] [<ffffffff8161c8c8>] handle_softirqs+0x128/0x9b0 kernel/softirq.c:537 CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 __might_resched+0x5d4/0x780 kernel/sched/core.c:8758 __mutex_lock_common kernel/locking/mutex.c:562 [inline] __mutex_lock+0x131/0xee0 kernel/locking/mutex.c:735 crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179 aead_release+0x3d/0x50 crypto/algif_aead.c:489 alg_do_release crypto/af_alg.c:118 [inline] alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502 __sk_destruct+0x58/0x5f0 net/core/sock.c:2260 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561 run_ksoftirqd+0xca/0x130 kernel/softirq.c:950 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> | 2025-01-15 | not yet calculated | CVE-2024-57903 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input. | 2025-01-19 | not yet calculated | CVE-2024-57904 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The ‘scan’ local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample (unsigned int) and the timestamp. This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57905 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The ‘buffer’ local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57906 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchip_saradc: fix information leak in triggered buffer The ‘data’ local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57907 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The ‘buffer’ local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57908 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1745: fix information leak in triggered buffer The ‘scan’ local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57909 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The ‘buffer’ local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57910 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer The ‘data’ array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57911 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The ‘sample’ local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57912 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in functionsfs_bind, which easily leads to the following scenarios. 1.adb_write in adbd 2. UDC write via configfs ================= ===================== ->usb_ffs_open_thread() ->UDC write ->open_functionfs() ->configfs_write_iter() ->adb_open() ->gadget_dev_desc_UDC_store() ->adb_write() ->usb_gadget_register_driver_owner ->driver_register() ->StartMonitor() ->bus_add_driver() ->adb_read() ->gadget_bind_driver() <times-out without BIND event> ->configfs_composite_bind() ->usb_add_function() ->open_functionfs() ->ffs_func_bind() ->adb_open() ->functionfs_bind() <ffs->state !=FFS_ACTIVE> The adb_open, adb_read, and adb_write operations are invoked from the daemon, but trying to bind the function is a process that is invoked by UDC write through configfs, which opens up the possibility of a race condition between the two paths. In this race scenario, the kernel panic occurs due to the WARN_ON from functionfs_bind when panic_on_warn is enabled. This commit fixes the kernel panic by removing the unnecessary WARN_ON. Kernel panic – not syncing: kernel: panic_on_warn set … [ 14.542395] Call trace: [ 14.542464] ffs_func_bind+0x1c8/0x14a8 [ 14.542468] usb_add_function+0xcc/0x1f0 [ 14.542473] configfs_composite_bind+0x468/0x588 [ 14.542478] gadget_bind_driver+0x108/0x27c [ 14.542483] really_probe+0x190/0x374 [ 14.542488] __driver_probe_device+0xa0/0x12c [ 14.542492] driver_probe_device+0x3c/0x220 [ 14.542498] __driver_attach+0x11c/0x1fc [ 14.542502] bus_for_each_dev+0x104/0x160 [ 14.542506] driver_attach+0x24/0x34 [ 14.542510] bus_add_driver+0x154/0x270 [ 14.542514] driver_register+0x68/0x104 [ 14.542518] usb_gadget_register_driver_owner+0x48/0xf4 [ 14.542523] gadget_dev_desc_UDC_store+0xf8/0x144 [ 14.542526] configfs_write_iter+0xf0/0x138 | 2025-01-19 | not yet calculated | CVE-2024-57913 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpci: fix NULL pointer issue on shared irq case The tcpci_irq() may meet below NULL pointer dereference issue: [ 2.641851] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 [ 2.641951] status 0x1, 0x37f [ 2.650659] Mem abort info: [ 2.656490] ESR = 0x0000000096000004 [ 2.660230] EC = 0x25: DABT (current EL), IL = 32 bits [ 2.665532] SET = 0, FnV = 0 [ 2.668579] EA = 0, S1PTW = 0 [ 2.671715] FSC = 0x04: level 0 translation fault [ 2.676584] Data abort info: [ 2.679459] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 2.684936] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 2.689980] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 2.695284] [0000000000000010] user address but active_mm is swapper [ 2.701632] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 2.707883] Modules linked in: [ 2.710936] CPU: 1 UID: 0 PID: 87 Comm: irq/111-2-0051 Not tainted 6.12.0-rc6-06316-g7f63786ad3d1-dirty #4 [ 2.720570] Hardware name: NXP i.MX93 11X11 EVK board (DT) [ 2.726040] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=–) [ 2.732989] pc : tcpci_irq+0x38/0x318 [ 2.736647] lr : _tcpci_irq+0x14/0x20 [ 2.740295] sp : ffff80008324bd30 [ 2.743597] x29: ffff80008324bd70 x28: ffff800080107894 x27: ffff800082198f70 [ 2.750721] x26: ffff0000050e6680 x25: ffff000004d172ac x24: ffff0000050f0000 [ 2.757845] x23: ffff000004d17200 x22: 0000000000000001 x21: ffff0000050f0000 [ 2.764969] x20: ffff000004d17200 x19: 0000000000000000 x18: 0000000000000001 [ 2.772093] x17: 0000000000000000 x16: ffff80008183d8a0 x15: ffff00007fbab040 [ 2.779217] x14: ffff00007fb918c0 x13: 0000000000000000 x12: 000000000000017a [ 2.786341] x11: 0000000000000001 x10: 0000000000000a90 x9 : ffff80008324bd00 [ 2.793465] x8 : ffff0000050f0af0 x7 : ffff00007fbaa840 x6 : 0000000000000031 [ 2.800589] x5 : 000000000000017a x4 : 0000000000000002 x3 : 0000000000000002 [ 2.807713] x2 : ffff80008324bd3a x1 : 0000000000000010 x0 : 0000000000000000 [ 2.814838] Call trace: [ 2.817273] tcpci_irq+0x38/0x318 [ 2.820583] _tcpci_irq+0x14/0x20 [ 2.823885] irq_thread_fn+0x2c/0xa8 [ 2.827456] irq_thread+0x16c/0x2f4 [ 2.830940] kthread+0x110/0x114 [ 2.834164] ret_from_fork+0x10/0x20 [ 2.837738] Code: f9426420 f9001fe0 d2800000 52800201 (f9400a60) This may happen on shared irq case. Such as two Type-C ports share one irq. After the first port finished tcpci_register_port(), it may trigger interrupt. However, if the interrupt comes by chance the 2nd port finishes devm_request_threaded_irq(), the 2nd port interrupt handler will run at first. Then the above issue happens due to tcpci is still a NULL pointer in tcpci_irq() when dereference to regmap. devm_request_threaded_irq() <– port1 irq comes disable_irq(client->irq); tcpci_register_port() This will restore the logic to the state before commit (77e85107a771 “usb: typec: tcpci: support edge irq”). However, moving tcpci_register_port() earlier creates a problem when use edge irq because tcpci_init() will be called before devm_request_threaded_irq(). The tcpci_init() writes the ALERT_MASK to the hardware to tell it to start generating interrupts but we’re not ready to deal with them yet, then the ALERT events may be missed and ALERT line will not recover to high level forever. To avoid the issue, this will also set ALERT_MASK register after devm_request_threaded_irq() return. | 2025-01-19 | not yet calculated | CVE-2024-57914 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Considering that in some extreme cases, when performing the unbinding operation, gserial_disconnect has cleared gser->ioport, which triggers gadget reconfiguration, and then calls gs_read_complete, resulting in access to a null pointer. Therefore, ep is disabled before gserial_disconnect sets port to null to prevent this from happening. Call trace: gs_read_complete+0x58/0x240 usb_gadget_giveback_request+0x40/0x160 dwc3_remove_requests+0x170/0x484 dwc3_ep0_out_start+0xb0/0x1d4 __dwc3_gadget_start+0x25c/0x720 kretprobe_trampoline.cfi_jt+0x0/0x8 kretprobe_trampoline.cfi_jt+0x0/0x8 udc_bind_to_driver+0x1d8/0x300 usb_gadget_probe_driver+0xa8/0x1dc gadget_dev_desc_UDC_store+0x13c/0x188 configfs_write_iter+0x160/0x1f4 vfs_write+0x2d0/0x40c ksys_write+0x7c/0xf0 __arm64_sys_write+0x20/0x30 invoke_syscall+0x60/0x150 el0_svc_common+0x8c/0xf8 do_el0_svc+0x28/0xa0 el0_svc+0x24/0x84 | 2025-01-19 | not yet calculated | CVE-2024-57915 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs while accessing GPIO values. This is done by replacing generic_handle_irq with handle_nested_irq. | 2025-01-19 | not yet calculated | CVE-2024-57916 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values (15 and 11) from vsnprintf(“%*pbl “, …) test:keyward is WARNING in kvasprintf WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130 Call Trace: kvasprintf+0x121/0x130 kasprintf+0xa6/0xe0 bitmap_print_to_buf+0x89/0x100 core_siblings_list_read+0x7e/0xb0 kernfs_file_read_iter+0x15b/0x270 new_sync_read+0x153/0x260 vfs_read+0x215/0x290 ksys_read+0xb9/0x160 do_syscall_64+0x56/0x100 entry_SYSCALL_64_after_hwframe+0x78/0xe2 The call trace shows that kvasprintf() reported this warning during the printing of core_siblings_list. kvasprintf() has several steps: (1) First, calculate the length of the resulting formatted string. (2) Allocate a buffer based on the returned length. (3) Then, perform the actual string formatting. (4) Check whether the lengths of the formatted strings returned in steps (1) and (2) are consistent. If the core_cpumask is modified between steps (1) and (3), the lengths obtained in these two steps may not match. Indeed our test includes cpu hotplugging, which should modify core_cpumask while printing. To fix this issue, cache the cpumask into a temporary variable before calling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged during the printing process. | 2025-01-19 | not yet calculated | CVE-2024-57917 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix page fault due to max surface definition mismatch DC driver is using two different values to define the maximum number of surfaces: MAX_SURFACES and MAX_SURFACE_NUM. Consolidate MAX_SURFACES as the unique definition for surface updates across DC. It fixes page fault faced by Cosmic users on AMD display versions that support two overlay planes, since the introduction of cursor overlay mode. [Nov26 21:33] BUG: unable to handle page fault for address: 0000000051d0f08b [ +0.000015] #PF: supervisor read access in kernel mode [ +0.000006] #PF: error_code(0x0000) – not-present page [ +0.000005] PGD 0 P4D 0 [ +0.000007] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ +0.000006] CPU: 4 PID: 71 Comm: kworker/u32:6 Not tainted 6.10.0+ #300 [ +0.000006] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024 [ +0.000007] Workqueue: events_unbound commit_work [drm_kms_helper] [ +0.000040] RIP: 0010:copy_stream_update_to_stream.isra.0+0x30d/0x750 [amdgpu] [ +0.000847] Code: 8b 10 49 89 94 24 f8 00 00 00 48 8b 50 08 49 89 94 24 00 01 00 00 8b 40 10 41 89 84 24 08 01 00 00 49 8b 45 78 48 85 c0 74 0b <0f> b6 00 41 88 84 24 90 64 00 00 49 8b 45 60 48 85 c0 74 3b 48 8b [ +0.000010] RSP: 0018:ffffc203802f79a0 EFLAGS: 00010206 [ +0.000009] RAX: 0000000051d0f08b RBX: 0000000000000004 RCX: ffff9f964f0a8070 [ +0.000004] RDX: ffff9f9710f90e40 RSI: ffff9f96600c8000 RDI: ffff9f964f000000 [ +0.000004] RBP: ffffc203802f79f8 R08: 0000000000000000 R09: 0000000000000000 [ +0.000005] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9f96600c8000 [ +0.000004] R13: ffff9f9710f90e40 R14: ffff9f964f000000 R15: ffff9f96600c8000 [ +0.000004] FS: 0000000000000000(0000) GS:ffff9f9970000000(0000) knlGS:0000000000000000 [ +0.000005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000005] CR2: 0000000051d0f08b CR3: 00000002e6a20000 CR4: 0000000000350ef0 [ +0.000005] Call Trace: [ +0.000011] <TASK> [ +0.000010] ? __die_body.cold+0x19/0x27 [ +0.000012] ? page_fault_oops+0x15a/0x2d0 [ +0.000014] ? exc_page_fault+0x7e/0x180 [ +0.000009] ? asm_exc_page_fault+0x26/0x30 [ +0.000013] ? copy_stream_update_to_stream.isra.0+0x30d/0x750 [amdgpu] [ +0.000739] ? dc_commit_state_no_check+0xd6c/0xe70 [amdgpu] [ +0.000470] update_planes_and_stream_state+0x49b/0x4f0 [amdgpu] [ +0.000450] ? srso_return_thunk+0x5/0x5f [ +0.000009] ? commit_minimal_transition_state+0x239/0x3d0 [amdgpu] [ +0.000446] update_planes_and_stream_v2+0x24a/0x590 [amdgpu] [ +0.000464] ? srso_return_thunk+0x5/0x5f [ +0.000009] ? sort+0x31/0x50 [ +0.000007] ? amdgpu_dm_atomic_commit_tail+0x159f/0x3a30 [amdgpu] [ +0.000508] ? srso_return_thunk+0x5/0x5f [ +0.000009] ? amdgpu_crtc_get_scanout_position+0x28/0x40 [amdgpu] [ +0.000377] ? srso_return_thunk+0x5/0x5f [ +0.000009] ? drm_crtc_vblank_helper_get_vblank_timestamp_internal+0x160/0x390 [drm] [ +0.000058] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? dma_fence_default_wait+0x8c/0x260 [ +0.000010] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? wait_for_completion_timeout+0x13b/0x170 [ +0.000006] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? dma_fence_wait_timeout+0x108/0x140 [ +0.000010] ? commit_tail+0x94/0x130 [drm_kms_helper] [ +0.000024] ? process_one_work+0x177/0x330 [ +0.000008] ? worker_thread+0x266/0x3a0 [ +0.000006] ? __pfx_worker_thread+0x10/0x10 [ +0.000004] ? kthread+0xd2/0x100 [ +0.000006] ? __pfx_kthread+0x10/0x10 [ +0.000006] ? ret_from_fork+0x34/0x50 [ +0.000004] ? __pfx_kthread+0x10/0x10 [ +0.000005] ? ret_from_fork_asm+0x1a/0x30 [ +0.000011] </TASK> (cherry picked from commit 1c86c81a86c60f9b15d3e3f43af0363cf56063e7) | 2025-01-19 | not yet calculated | CVE-2024-57918 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix divide error in DM plane scale calcs dm_get_plane_scale doesn’t take into account plane scaled size equal to zero, leading to a kernel oops due to division by zero. Fix by setting out-scale size as zero when the dst size is zero, similar to what is done by drm_calc_scale(). This issue started with the introduction of cursor ovelay mode that uses this function to assess cursor mode changes via dm_crtc_get_cursor_mode() before checking plane state. [Dec17 17:14] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI [ +0.000018] CPU: 5 PID: 1660 Comm: surface-DP-1 Not tainted 6.10.0+ #231 [ +0.000007] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024 [ +0.000004] RIP: 0010:dm_get_plane_scale+0x3f/0x60 [amdgpu] [ +0.000553] Code: 44 0f b7 41 3a 44 0f b7 49 3e 83 e0 0f 48 0f a3 c2 73 21 69 41 28 e8 03 00 00 31 d2 41 f7 f1 31 d2 89 06 69 41 2c e8 03 00 00 <41> f7 f0 89 07 e9 d7 d8 7e e9 44 89 c8 45 89 c1 41 89 c0 eb d4 66 [ +0.000005] RSP: 0018:ffffa8df0de6b8a0 EFLAGS: 00010246 [ +0.000006] RAX: 00000000000003e8 RBX: ffff9ac65c1f6e00 RCX: ffff9ac65d055500 [ +0.000003] RDX: 0000000000000000 RSI: ffffa8df0de6b8b0 RDI: ffffa8df0de6b8b4 [ +0.000004] RBP: ffff9ac64e7a5800 R08: 0000000000000000 R09: 0000000000000a00 [ +0.000003] R10: 00000000000000ff R11: 0000000000000054 R12: ffff9ac6d0700010 [ +0.000003] R13: ffff9ac65d054f00 R14: ffff9ac65d055500 R15: ffff9ac64e7a60a0 [ +0.000004] FS: 00007f869ea00640(0000) GS:ffff9ac970080000(0000) knlGS:0000000000000000 [ +0.000004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000003] CR2: 000055ca701becd0 CR3: 000000010e7f2000 CR4: 0000000000350ef0 [ +0.000004] Call Trace: [ +0.000007] <TASK> [ +0.000006] ? __die_body.cold+0x19/0x27 [ +0.000009] ? die+0x2e/0x50 [ +0.000007] ? do_trap+0xca/0x110 [ +0.000007] ? do_error_trap+0x6a/0x90 [ +0.000006] ? dm_get_plane_scale+0x3f/0x60 [amdgpu] [ +0.000504] ? exc_divide_error+0x38/0x50 [ +0.000005] ? dm_get_plane_scale+0x3f/0x60 [amdgpu] [ +0.000488] ? asm_exc_divide_error+0x1a/0x20 [ +0.000011] ? dm_get_plane_scale+0x3f/0x60 [amdgpu] [ +0.000593] dm_crtc_get_cursor_mode+0x33f/0x430 [amdgpu] [ +0.000562] amdgpu_dm_atomic_check+0x2ef/0x1770 [amdgpu] [ +0.000501] drm_atomic_check_only+0x5e1/0xa30 [drm] [ +0.000047] drm_mode_atomic_ioctl+0x832/0xcb0 [drm] [ +0.000050] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [drm] [ +0.000047] drm_ioctl_kernel+0xb3/0x100 [drm] [ +0.000062] drm_ioctl+0x27a/0x4f0 [drm] [ +0.000049] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [drm] [ +0.000055] amdgpu_drm_ioctl+0x4e/0x90 [amdgpu] [ +0.000360] __x64_sys_ioctl+0x97/0xd0 [ +0.000010] do_syscall_64+0x82/0x190 [ +0.000008] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10 [drm] [ +0.000044] ? srso_return_thunk+0x5/0x5f [ +0.000006] ? drm_ioctl_kernel+0xb3/0x100 [drm] [ +0.000040] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? __check_object_size+0x50/0x220 [ +0.000007] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? drm_ioctl+0x2a4/0x4f0 [drm] [ +0.000039] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10 [drm] [ +0.000043] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? __pm_runtime_suspend+0x69/0xc0 [ +0.000006] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? amdgpu_drm_ioctl+0x71/0x90 [amdgpu] [ +0.000366] ? srso_return_thunk+0x5/0x5f [ +0.000006] ? syscall_exit_to_user_mode+0x77/0x210 [ +0.000007] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? do_syscall_64+0x8e/0x190 [ +0.000006] ? srso_return_thunk+0x5/0x5f [ +0.000006] ? do_syscall_64+0x8e/0x190 [ +0.000006] ? srso_return_thunk+0x5/0x5f [ +0.000007] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ +0.000008] RIP: 0033:0x55bb7cd962bc [ +0.000007] Code: 4c 89 6c 24 18 4c 89 64 24 20 4c 89 74 24 28 0f 57 c0 0f 11 44 24 30 89 c7 48 8d 54 24 08 b8 10 00 00 00 be bc 64 —truncated— | 2025-01-19 | not yet calculated | CVE-2024-57919 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: wq_release signals dma_fence only when available kfd_process_wq_release() signals eviction fence by dma_fence_signal() which wanrs if dma_fence is NULL. kfd_process->ef is initialized by kfd_process_device_init_vm() through ioctl. That means the fence is NULL for a new created kfd_process, and close a kfd_process right after open it will trigger the warning. This commit conditionally signals the eviction fence in kfd_process_wq_release() only when it is available. [ 503.660882] WARNING: CPU: 0 PID: 9 at drivers/dma-buf/dma-fence.c:467 dma_fence_signal+0x74/0xa0 [ 503.782940] Workqueue: kfd_process_wq kfd_process_wq_release [amdgpu] [ 503.789640] RIP: 0010:dma_fence_signal+0x74/0xa0 [ 503.877620] Call Trace: [ 503.880066] <TASK> [ 503.882168] ? __warn+0xcd/0x260 [ 503.885407] ? dma_fence_signal+0x74/0xa0 [ 503.889416] ? report_bug+0x288/0x2d0 [ 503.893089] ? handle_bug+0x53/0xa0 [ 503.896587] ? exc_invalid_op+0x14/0x50 [ 503.900424] ? asm_exc_invalid_op+0x16/0x20 [ 503.904616] ? dma_fence_signal+0x74/0xa0 [ 503.908626] kfd_process_wq_release+0x6b/0x370 [amdgpu] [ 503.914081] process_one_work+0x654/0x10a0 [ 503.918186] worker_thread+0x6c3/0xe70 [ 503.921943] ? srso_alias_return_thunk+0x5/0xfbef5 [ 503.926735] ? srso_alias_return_thunk+0x5/0xfbef5 [ 503.931527] ? __kthread_parkme+0x82/0x140 [ 503.935631] ? __pfx_worker_thread+0x10/0x10 [ 503.939904] kthread+0x2a8/0x380 [ 503.943132] ? __pfx_kthread+0x10/0x10 [ 503.946882] ret_from_fork+0x2d/0x70 [ 503.950458] ? __pfx_kthread+0x10/0x10 [ 503.954210] ret_from_fork_asm+0x1a/0x30 [ 503.958142] </TASK> [ 503.960328] —[ end trace 0000000000000000 ]— (cherry picked from commit 2774ef7625adb5fb9e9265c26a59dca7b8fd171e) | 2025-01-19 | not yet calculated | CVE-2024-57920 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add a lock when accessing the buddy trim function When running YouTube videos and Steam games simultaneously, the tester found a system hang / race condition issue with the multi-display configuration setting. Adding a lock to the buddy allocator’s trim function would be the solution. <log snip> [ 7197.250436] general protection fault, probably for non-canonical address 0xdead000000000108 [ 7197.250447] RIP: 0010:__alloc_range+0x8b/0x340 [amddrm_buddy] [ 7197.250470] Call Trace: [ 7197.250472] <TASK> [ 7197.250475] ? show_regs+0x6d/0x80 [ 7197.250481] ? die_addr+0x37/0xa0 [ 7197.250483] ? exc_general_protection+0x1db/0x480 [ 7197.250488] ? drm_suballoc_new+0x13c/0x93d [drm_suballoc_helper] [ 7197.250493] ? asm_exc_general_protection+0x27/0x30 [ 7197.250498] ? __alloc_range+0x8b/0x340 [amddrm_buddy] [ 7197.250501] ? __alloc_range+0x109/0x340 [amddrm_buddy] [ 7197.250506] amddrm_buddy_block_trim+0x1b5/0x260 [amddrm_buddy] [ 7197.250511] amdgpu_vram_mgr_new+0x4f5/0x590 [amdgpu] [ 7197.250682] amdttm_resource_alloc+0x46/0xb0 [amdttm] [ 7197.250689] ttm_bo_alloc_resource+0xe4/0x370 [amdttm] [ 7197.250696] amdttm_bo_validate+0x9d/0x180 [amdttm] [ 7197.250701] amdgpu_bo_pin+0x15a/0x2f0 [amdgpu] [ 7197.250831] amdgpu_dm_plane_helper_prepare_fb+0xb2/0x360 [amdgpu] [ 7197.251025] ? try_wait_for_completion+0x59/0x70 [ 7197.251030] drm_atomic_helper_prepare_planes.part.0+0x2f/0x1e0 [ 7197.251035] drm_atomic_helper_prepare_planes+0x5d/0x70 [ 7197.251037] drm_atomic_helper_commit+0x84/0x160 [ 7197.251040] drm_atomic_nonblocking_commit+0x59/0x70 [ 7197.251043] drm_mode_atomic_ioctl+0x720/0x850 [ 7197.251047] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 7197.251049] drm_ioctl_kernel+0xb9/0x120 [ 7197.251053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 7197.251056] drm_ioctl+0x2d4/0x550 [ 7197.251058] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 7197.251063] amdgpu_drm_ioctl+0x4e/0x90 [amdgpu] [ 7197.251186] __x64_sys_ioctl+0xa0/0xf0 [ 7197.251190] x64_sys_call+0x143b/0x25c0 [ 7197.251193] do_syscall_64+0x7f/0x180 [ 7197.251197] ? srso_alias_return_thunk+0x5/0xfbef5 [ 7197.251199] ? amdgpu_display_user_framebuffer_create+0x215/0x320 [amdgpu] [ 7197.251329] ? drm_internal_framebuffer_create+0xb7/0x1a0 [ 7197.251332] ? srso_alias_return_thunk+0x5/0xfbef5 (cherry picked from commit 3318ba94e56b9183d0304577c74b33b6b01ce516) | 2025-01-19 | not yet calculated | CVE-2024-57921 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why] Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2() should check for granularity is non zero to avoid assert and divide-by-zero error in dcn_bw_ functions. [How] Add check for granularity 0. (cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec) | 2025-01-19 | not yet calculated | CVE-2024-57922 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path Since the input data length passed to zlib_compress_folios() can be arbitrary, always setting strm.avail_in to a multiple of PAGE_SIZE may cause read-in bytes to exceed the input range. Currently this triggers an assert in btrfs_compress_folios() on the debug kernel (see below). Fix strm.avail_in calculation for S390 hardware acceleration path. assertion failed: *total_in <= orig_len, in fs/btrfs/compression.c:1041 ————[ cut here ]———— kernel BUG at fs/btrfs/compression.c:1041! monitor event: 0040 ilc:2 [#1] PREEMPT SMP CPU: 16 UID: 0 PID: 325 Comm: kworker/u273:3 Not tainted 6.13.0-20241204.rc1.git6.fae3b21430ca.300.fc41.s390x+debug #1 Hardware name: IBM 3931 A01 703 (z/VM 7.4.0) Workqueue: btrfs-delalloc btrfs_work_helper Krnl PSW : 0704d00180000000 0000021761df6538 (btrfs_compress_folios+0x198/0x1a0) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 Krnl GPRS: 0000000080000000 0000000000000001 0000000000000047 0000000000000000 0000000000000006 ffffff01757bb000 000001976232fcc0 000000000000130c 000001976232fcd0 000001976232fcc8 00000118ff4a0e30 0000000000000001 00000111821ab400 0000011100000000 0000021761df6534 000001976232fb58 Krnl Code: 0000021761df6528: c020006f5ef4 larl %r2,0000021762be2310 0000021761df652e: c0e5ffbd09d5 brasl %r14,00000217615978d8 #0000021761df6534: af000000 mc 0,0 >0000021761df6538: 0707 bcr 0,%r7 0000021761df653a: 0707 bcr 0,%r7 0000021761df653c: 0707 bcr 0,%r7 0000021761df653e: 0707 bcr 0,%r7 0000021761df6540: c004004bb7ec brcl 0,000002176276d518 Call Trace: [<0000021761df6538>] btrfs_compress_folios+0x198/0x1a0 ([<0000021761df6534>] btrfs_compress_folios+0x194/0x1a0) [<0000021761d97788>] compress_file_range+0x3b8/0x6d0 [<0000021761dcee7c>] btrfs_work_helper+0x10c/0x160 [<0000021761645760>] process_one_work+0x2b0/0x5d0 [<000002176164637e>] worker_thread+0x20e/0x3e0 [<000002176165221a>] kthread+0x15a/0x170 [<00000217615b859c>] __ret_from_fork+0x3c/0x60 [<00000217626e72d2>] ret_from_fork+0xa/0x38 INFO: lockdep is turned off. Last Breaking-Event-Address: [<0000021761597924>] _printk+0x4c/0x58 Kernel panic – not syncing: Fatal exception: panic_on_oops | 2025-01-19 | not yet calculated | CVE-2024-57923 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encode_fh() fails. Relax those assertions because they are wrong. The second linked bug report states commit 16aac5ad1fa9 (“ovl: support encoding non-decodable file handles”) in v6.6 as the regressing commit, but this is not accurate. The aforementioned commit only increases the chances of the assertion and allows triggering the assertion with the reproducer using overlayfs, inotify and drop_caches. Triggering this assertion was always possible with other filesystems and other reasons of ->encode_fh() failures and more particularly, it was also possible with the exact same reproducer using overlayfs that is mounted with options index=on,nfs_export=on also on kernels < v6.6. Therefore, I am not listing the aforementioned commit as a Fixes commit. Backport hint: this patch will have a trivial conflict applying to v6.6.y, and other trivial conflicts applying to stable kernels < v6.6. | 2025-01-19 | not yet calculated | CVE-2024-57924 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix a missing return value check bug In the smb2_send_interim_resp(), if ksmbd_alloc_work_struct() fails to allocate a node, it returns a NULL pointer to the in_work pointer. This can lead to an illegal memory write of in_work->response_buf when allocate_interim_rsp_buf() attempts to perform a kzalloc() on it. To address this issue, incorporating a check for the return value of ksmbd_alloc_work_struct() ensures that the function returns immediately upon allocation failure, thereby preventing the aforementioned illegal memory access. | 2025-01-19 | not yet calculated | CVE-2024-57925 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err The pointer need to be set to NULL, otherwise KASAN complains about use-after-free. Because in mtk_drm_bind, all private’s drm are set as follows. private->all_drm_private[i]->drm = drm; And drm will be released by drm_dev_put in case mtk_drm_kms_init returns failure. However, the shutdown path still accesses the previous allocated memory in drm_atomic_helper_shutdown. [ 84.874820] watchdog: watchdog0: watchdog did not stop! [ 86.512054] ================================================================== [ 86.513162] BUG: KASAN: use-after-free in drm_atomic_helper_shutdown+0x33c/0x378 [ 86.514258] Read of size 8 at addr ffff0000d46fc068 by task shutdown/1 [ 86.515213] [ 86.515455] CPU: 1 UID: 0 PID: 1 Comm: shutdown Not tainted 6.13.0-rc1-mtk+gfa1a78e5d24b-dirty #55 [ 86.516752] Hardware name: Unknown Product/Unknown Product, BIOS 2022.10 10/01/2022 [ 86.517960] Call trace: [ 86.518333] show_stack+0x20/0x38 (C) [ 86.518891] dump_stack_lvl+0x90/0xd0 [ 86.519443] print_report+0xf8/0x5b0 [ 86.519985] kasan_report+0xb4/0x100 [ 86.520526] __asan_report_load8_noabort+0x20/0x30 [ 86.521240] drm_atomic_helper_shutdown+0x33c/0x378 [ 86.521966] mtk_drm_shutdown+0x54/0x80 [ 86.522546] platform_shutdown+0x64/0x90 [ 86.523137] device_shutdown+0x260/0x5b8 [ 86.523728] kernel_restart+0x78/0xf0 [ 86.524282] __do_sys_reboot+0x258/0x2f0 [ 86.524871] __arm64_sys_reboot+0x90/0xd8 [ 86.525473] invoke_syscall+0x74/0x268 [ 86.526041] el0_svc_common.constprop.0+0xb0/0x240 [ 86.526751] do_el0_svc+0x4c/0x70 [ 86.527251] el0_svc+0x4c/0xc0 [ 86.527719] el0t_64_sync_handler+0x144/0x168 [ 86.528367] el0t_64_sync+0x198/0x1a0 [ 86.528920] [ 86.529157] The buggy address belongs to the physical page: [ 86.529972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000d46fd4d0 pfn:0x1146fc [ 86.531319] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 86.532267] raw: 0bfffc0000000000 0000000000000000 dead000000000122 0000000000000000 [ 86.533390] raw: ffff0000d46fd4d0 0000000000000000 00000000ffffffff 0000000000000000 [ 86.534511] page dumped because: kasan: bad access detected [ 86.535323] [ 86.535559] Memory state around the buggy address: [ 86.536265] ffff0000d46fbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.537314] ffff0000d46fbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.538363] >ffff0000d46fc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.544733] ^ [ 86.551057] ffff0000d46fc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.557510] ffff0000d46fc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.563928] ================================================================== [ 86.571093] Disabling lock debugging due to kernel taint [ 86.577642] Unable to handle kernel paging request at virtual address e0e9c0920000000b [ 86.581834] KASAN: maybe wild-memory-access in range [0x0752049000000058-0x075204900000005f] … | 2025-01-19 | not yet calculated | CVE-2024-57926 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: nfs: Fix oops in nfs_netfs_init_request() when copying to cache When netfslib wants to copy some data that has just been read on behalf of nfs, it creates a new write request and calls nfs_netfs_init_request() to initialise it, but with a NULL file pointer. This causes nfs_file_open_context() to oops – however, we don’t actually need the nfs context as we’re only going to write to the cache. Fix this by just returning if we aren’t given a file pointer and emit a warning if the request was for something other than copy-to-cache. Further, fix nfs_netfs_free_request() so that it doesn’t try to free the context if the pointer is NULL. | 2025-01-19 | not yet calculated | CVE-2024-57927 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix enomem handling in buffered reads If netfs_read_to_pagecache() gets an error from either ->prepare_read() or from netfs_prepare_read_iterator(), it needs to decrement ->nr_outstanding, cancel the subrequest and break out of the issuing loop. Currently, it only does this for two of the cases, but there are two more that aren’t handled. Fix this by moving the handling to a common place and jumping to it from all four places. This is in preference to inserting a wrapper around netfs_prepare_read_iterator() as proposed by Dmitry Antipov[1]. | 2025-01-19 | not yet calculated | CVE-2024-57928 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller of dm_bm_read_lock() should not operate on this invalid dm_block pointer, or it will lead to undefined result. For example, the dm_array_cursor incorrectly caches the invalid pointer on reading a faulty array block, causing a double release in dm_array_cursor_end(), then hitting the BUG_ON in dm-bufio cache_put(). Reproduce steps: 1. initialize a cache device dmsetup create cmeta –table “0 8192 linear /dev/sdc 0” dmsetup create cdata –table “0 65536 linear /dev/sdc 8192” dmsetup create corig –table “0 524288 linear /dev/sdc $262144” dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 dmsetup create cache –table “0 524288 cache /dev/mapper/cmeta /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0” 2. wipe the second array block offline dmsteup remove cache cmeta cdata corig mapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 2>/dev/null | hexdump -e ‘1/8 “%un”‘) ablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) 2>/dev/null | hexdump -e ‘1/8 “%un”‘) dd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock 3. try reopen the cache device dmsetup create cmeta –table “0 8192 linear /dev/sdc 0” dmsetup create cdata –table “0 65536 linear /dev/sdc 8192” dmsetup create corig –table “0 524288 linear /dev/sdc $262144” dmsetup create cache –table “0 524288 cache /dev/mapper/cmeta /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0” Kernel logs: (snip) device-mapper: array: array_block_check failed: blocknr 0 != wanted 10 device-mapper: block manager: array validator check failed for block 10 device-mapper: array: get_ablock failed device-mapper: cache metadata: dm_array_cursor_next for mapping failed ————[ cut here ]———— kernel BUG at drivers/md/dm-bufio.c:638! Fix by setting the cached block pointer to NULL on errors. In addition to the reproducer described above, this fix can be verified using the “array_cursor/damaged” test in dm-unit: dm-unit run /pdata/array_cursor/damaged –kernel-dir <KERNEL_DIR> | 2025-01-19 | not yet calculated | CVE-2024-57929 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets The blamed commit disabled hardware offoad of IPv6 packets with extension headers on devices that advertise NETIF_F_IPV6_CSUM, based on the definition of that feature in skbuff.h: * * – %NETIF_F_IPV6_CSUM * – Driver (device) is only able to checksum plain * TCP or UDP packets over IPv6. These are specifically * unencapsulated packets of the form IPv6|TCP or * IPv6|UDP where the Next Header field in the IPv6 * header is either TCP or UDP. IPv6 extension headers * are not supported with this feature. This feature * cannot be set in features for a device with * NETIF_F_HW_CSUM also set. This feature is being * DEPRECATED (see below). The change causes skb_warn_bad_offload to fire for BIG TCP packets. [ 496.310233] WARNING: CPU: 13 PID: 23472 at net/core/dev.c:3129 skb_warn_bad_offload+0xc4/0xe0 [ 496.310297] ? skb_warn_bad_offload+0xc4/0xe0 [ 496.310300] skb_checksum_help+0x129/0x1f0 [ 496.310303] skb_csum_hwoffload_help+0x150/0x1b0 [ 496.310306] validate_xmit_skb+0x159/0x270 [ 496.310309] validate_xmit_skb_list+0x41/0x70 [ 496.310312] sch_direct_xmit+0x5c/0x250 [ 496.310317] __qdisc_run+0x388/0x620 BIG TCP introduced an IPV6_TLV_JUMBO IPv6 extension header to communicate packet length, as this is an IPv6 jumbogram. But, the feature is only enabled on devices that support BIG TCP TSO. The header is only present for PF_PACKET taps like tcpdump, and not transmitted by physical devices. For this specific case of extension headers that are not transmitted, return to the situation before the blamed commit and support hardware offload. ipv6_has_hopopt_jumbo() tests not only whether this header is present, but also that it is the only extension header before a terminal (L4) header. | 2025-01-15 | not yet calculated | CVE-2025-21629 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr ffff8881b57147d8 by task fsstress/232726 CPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106 print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364 print_report+0x3e/0x70 mm/kasan/report.c:475 kasan_report+0xb8/0xf0 mm/kasan/report.c:588 hlist_add_head include/linux/list.h:1023 [inline] bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958 bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271 bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323 blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660 blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143 __submit_bio+0xa0/0x6b0 block/blk-core.c:639 __submit_bio_noacct_mq block/blk-core.c:718 [inline] submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747 submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847 __ext4_read_bh fs/ext4/super.c:205 [inline] ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230 __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567 ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947 ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182 ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660 ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569 iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91 iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80 ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051 ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220 do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811 __do_sys_ioctl fs/ioctl.c:869 [inline] __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x78/0xe2 Allocated by task 232719: kasan_save_stack+0x22/0x50 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328 kasan_slab_alloc include/linux/kasan.h:188 [inline] slab_post_alloc_hook mm/slab.h:768 [inline] slab_alloc_node mm/slub.c:3492 [inline] kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537 bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869 bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776 bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938 bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271 bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323 blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660 blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143 __submit_bio+0xa0/0x6b0 block/blk-core.c:639 __submit_bio_noacct_mq block/blk-core.c:718 [inline] submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747 submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847 __ext4_read_bh fs/ext4/super.c:205 [inline] ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217 ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242 ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958 __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671 ext4_lookup_entry fs/ext4/namei.c:1774 [inline] ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842 ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839 __lookup_slow+0x257/0x480 fs/namei.c:1696 lookup_slow fs/namei.c:1713 [inline] walk_component+0x454/0x5c0 fs/namei.c:2004 link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331 link_path_walk fs/namei.c:3826 [inline] path_openat+0x1b9/0x520 fs/namei.c:3826 do_filp_open+0x1b7/0x400 fs/namei.c:3857 do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428 do_sys_open fs/open.c:1443 [inline] __do_sys_openat fs/open.c:1459 [inline] __se_sys_openat fs/open.c:1454 [inline] __x64_sys_openat+0x148/0x200 fs/open.c:1454 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_6 —truncated— | 2025-01-19 | not yet calculated | CVE-2025-21631 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure shadow stack is active before “getting” registers The x86 shadow stack support has its own set of registers. Those registers are XSAVE-managed, but they are “supervisor state components” which means that userspace can not touch them with XSAVE/XRSTOR. It also means that they are not accessible from the existing ptrace ABI for XSAVE state. Thus, there is a new ptrace get/set interface for it. The regset code that ptrace uses provides an ->active() handler in addition to the get/set ones. For shadow stack this ->active() handler verifies that shadow stack is enabled via the ARCH_SHSTK_SHSTK bit in the thread struct. The ->active() handler is checked from some call sites of the regset get/set handlers, but not the ptrace ones. This was not understood when shadow stack support was put in place. As a result, both the set/get handlers can be called with XFEATURE_CET_USER in its init state, which would cause get_xsave_addr() to return NULL and trigger a WARN_ON(). The ssp_set() handler luckily has an ssp_active() check to avoid surprising the kernel with shadow stack behavior when the kernel is not ready for it (ARCH_SHSTK_SHSTK==0). That check just happened to avoid the warning. But the ->get() side wasn’t so lucky. It can be called with shadow stacks disabled, triggering the warning in practice, as reported by Christina Schimpe: WARNING: CPU: 5 PID: 1773 at arch/x86/kernel/fpu/regset.c:198 ssp_get+0x89/0xa0 […] Call Trace: <TASK> ? show_regs+0x6e/0x80 ? ssp_get+0x89/0xa0 ? __warn+0x91/0x150 ? ssp_get+0x89/0xa0 ? report_bug+0x19d/0x1b0 ? handle_bug+0x46/0x80 ? exc_invalid_op+0x1d/0x80 ? asm_exc_invalid_op+0x1f/0x30 ? __pfx_ssp_get+0x10/0x10 ? ssp_get+0x89/0xa0 ? ssp_get+0x52/0xa0 __regset_get+0xad/0xf0 copy_regset_to_user+0x52/0xc0 ptrace_regset+0x119/0x140 ptrace_request+0x13c/0x850 ? wait_task_inactive+0x142/0x1d0 ? do_syscall_64+0x6d/0x90 arch_ptrace+0x102/0x300 […] Ensure that shadow stacks are active in a thread before looking them up in the XSAVE buffer. Since ARCH_SHSTK_SHSTK and user_ssp[SHSTK_EN] are set at the same time, the active check ensures that there will be something to find in the XSAVE buffer. [ dhansen: changelog/subject tweaks ] | 2025-01-19 | not yet calculated | CVE-2025-21632 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: zero sqd->thread on tctx errors Syzkeller reports: BUG: KASAN: slab-use-after-free in thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341 Read of size 8 at addr ffff88803578c510 by task syz.2.3223/27552 Call Trace: <TASK> … kasan_report+0x143/0x180 mm/kasan/report.c:602 thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341 thread_group_cputime_adjusted+0xa6/0x340 kernel/sched/cputime.c:639 getrusage+0x1000/0x1340 kernel/sys.c:1863 io_uring_show_fdinfo+0xdfe/0x1770 io_uring/fdinfo.c:197 seq_show+0x608/0x770 fs/proc/fd.c:68 … That’s due to sqd->task not being cleared properly in cases where SQPOLL task tctx setup fails, which can essentially only happen with fault injection to insert allocation errors. | 2025-01-19 | not yet calculated | CVE-2025-21633 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: remove kernfs active break A warning was found: WARNING: CPU: 10 PID: 3486953 at fs/kernfs/file.c:828 CPU: 10 PID: 3486953 Comm: rmdir Kdump: loaded Tainted: G RIP: 0010:kernfs_should_drain_open_files+0x1a1/0x1b0 RSP: 0018:ffff8881107ef9e0 EFLAGS: 00010202 RAX: 0000000080000002 RBX: ffff888154738c00 RCX: dffffc0000000000 RDX: 0000000000000007 RSI: 0000000000000004 RDI: ffff888154738c04 RBP: ffff888154738c04 R08: ffffffffaf27fa15 R09: ffffed102a8e7180 R10: ffff888154738c07 R11: 0000000000000000 R12: ffff888154738c08 R13: ffff888750f8c000 R14: ffff888750f8c0e8 R15: ffff888154738ca0 FS: 00007f84cd0be740(0000) GS:ffff8887ddc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555f9fbe00c8 CR3: 0000000153eec001 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kernfs_drain+0x15e/0x2f0 __kernfs_remove+0x165/0x300 kernfs_remove_by_name_ns+0x7b/0xc0 cgroup_rm_file+0x154/0x1c0 cgroup_addrm_files+0x1c2/0x1f0 css_clear_dir+0x77/0x110 kill_css+0x4c/0x1b0 cgroup_destroy_locked+0x194/0x380 cgroup_rmdir+0x2a/0x140 It can be explained by: rmdir echo 1 > cpuset.cpus kernfs_fop_write_iter // active=0 cgroup_rm_file kernfs_remove_by_name_ns kernfs_get_active // active=1 __kernfs_remove // active=0x80000002 kernfs_drain cpuset_write_resmask wait_event //waiting (active == 0x80000001) kernfs_break_active_protection // active = 0x80000001 // continue kernfs_unbreak_active_protection // active = 0x80000002 … kernfs_should_drain_open_files // warning occurs kernfs_put_active This warning is caused by ‘kernfs_break_active_protection’ when it is writing to cpuset.cpus, and the cgroup is removed concurrently. The commit 3a5a6d0c2b03 (“cpuset: don’t nest cgroup_mutex inside get_online_cpus()”) made cpuset_hotplug_workfn asynchronous, This change involves calling flush_work(), which can create a multiple processes circular locking dependency that involve cgroup_mutex, potentially leading to a deadlock. To avoid deadlock. the commit 76bb5ab8f6e3 (“cpuset: break kernfs active protection in cpuset_write_resmask()”) added ‘kernfs_break_active_protection’ in the cpuset_write_resmask. This could lead to this warning. After the commit 2125c0034c5d (“cgroup/cpuset: Make cpuset hotplug processing synchronous”), the cpuset_write_resmask no longer needs to wait the hotplug to finish, which means that concurrent hotplug and cpuset operations are no longer possible. Therefore, the deadlock doesn’t exist anymore and it does not have to ‘break active protection’ now. To fix this warning, just remove kernfs_break_active_protection operation in the ‘cpuset_write_resmask’. | 2025-01-19 | not yet calculated | CVE-2025-21634 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy As mentioned in a previous commit of this series, using the ‘net’ structure via ‘current’ is not recommended for different reasons: – Inconsistency: getting info from the reader’s/writer’s netns vs only from the opener’s netns. – current->nsproxy can be NULL in some cases, resulting in an ‘Oops’ (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The per-netns structure can be obtained from the table->data using container_of(), then the ‘net’ one can be retrieved from the listen socket (if available). | 2025-01-19 | not yet calculated | CVE-2025-21635 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy As mentioned in a previous commit of this series, using the ‘net’ structure via ‘current’ is not recommended for different reasons: – Inconsistency: getting info from the reader’s/writer’s netns vs only from the opener’s netns. – current->nsproxy can be NULL in some cases, resulting in an ‘Oops’ (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The ‘net’ structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the ‘net’ structure, but that would increase the size of this fix, to use ‘*data’ everywhere ‘net->sctp.probe_interval’ is used. | 2025-01-19 | not yet calculated | CVE-2025-21636 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udp_port: avoid using current->nsproxy As mentioned in a previous commit of this series, using the ‘net’ structure via ‘current’ is not recommended for different reasons: – Inconsistency: getting info from the reader’s/writer’s netns vs only from the opener’s netns. – current->nsproxy can be NULL in some cases, resulting in an ‘Oops’ (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The ‘net’ structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, but that would increase the size of this fix, while ‘sctp.ctl_sock’ still needs to be retrieved from ‘net’ structure. | 2025-01-19 | not yet calculated | CVE-2025-21637 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the ‘net’ structure via ‘current’ is not recommended for different reasons: – Inconsistency: getting info from the reader’s/writer’s netns vs only from the opener’s netns. – current->nsproxy can be NULL in some cases, resulting in an ‘Oops’ (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The ‘net’ structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, but that would increase the size of this fix, while ‘sctp.ctl_sock’ still needs to be retrieved from ‘net’ structure. | 2025-01-19 | not yet calculated | CVE-2025-21638 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the ‘net’ structure via ‘current’ is not recommended for different reasons: – Inconsistency: getting info from the reader’s/writer’s netns vs only from the opener’s netns. – current->nsproxy can be NULL in some cases, resulting in an ‘Oops’ (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The ‘net’ structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the ‘net’ structure, but that would increase the size of this fix, to use ‘*data’ everywhere ‘net->sctp.rto_min/max’ is used. | 2025-01-19 | not yet calculated | CVE-2025-21639 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the ‘net’ structure via ‘current’ is not recommended for different reasons: – Inconsistency: getting info from the reader’s/writer’s netns vs only from the opener’s netns. – current->nsproxy can be NULL in some cases, resulting in an ‘Oops’ (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The ‘net’ structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the ‘net’ structure, but that would increase the size of this fix, to use ‘*data’ everywhere ‘net->sctp.sctp_hmac_alg’ is used. | 2025-01-19 | not yet calculated | CVE-2025-21640 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: blackhole timeout: avoid using current->nsproxy As mentioned in the previous commit, using the ‘net’ structure via ‘current’ is not recommended for different reasons: – Inconsistency: getting info from the reader’s/writer’s netns vs only from the opener’s netns. – current->nsproxy can be NULL in some cases, resulting in an ‘Oops’ (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The ‘pernet’ structure can be obtained from the table->data using container_of(). | 2025-01-19 | not yet calculated | CVE-2025-21641 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: sched: avoid using current->nsproxy Using the ‘net’ structure via ‘current’ is not recommended for different reasons. First, if the goal is to use it to read or write per-netns data, this is inconsistent with how the “generic” sysctl entries are doing: directly by only using pointers set to the table entry, e.g. table->data. Linked to that, the per-netns data should always be obtained from the table linked to the netns it had been created for, which may not coincide with the reader’s or writer’s netns. Another reason is that access to current->nsproxy->netns can oops if attempted when current->nsproxy had been dropped when the current task is exiting. This is what syzbot found, when using acct(2): Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] CPU: 1 UID: 0 PID: 5924 Comm: syz-executor Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125 Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cc 02 00 00 4d 8b 7c 24 28 48 8d 84 24 c8 00 00 RSP: 0018:ffffc900034774e8 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 1ffff9200068ee9e RCX: ffffc90003477620 RDX: 0000000000000005 RSI: ffffffff8b08f91e RDI: 0000000000000028 RBP: 0000000000000001 R08: ffffc90003477710 R09: 0000000000000040 R10: 0000000000000040 R11: 00000000726f7475 R12: 0000000000000000 R13: ffffc90003477620 R14: ffffc90003477710 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fee3cd452d8 CR3: 000000007d116000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> proc_sys_call_handler+0x403/0x5d0 fs/proc/proc_sysctl.c:601 __kernel_write_iter+0x318/0xa80 fs/read_write.c:612 __kernel_write+0xf6/0x140 fs/read_write.c:632 do_acct_process+0xcb0/0x14a0 kernel/acct.c:539 acct_pin_kill+0x2d/0x100 kernel/acct.c:192 pin_kill+0x194/0x7c0 fs/fs_pin.c:44 mnt_pin_kill+0x61/0x1e0 fs/fs_pin.c:81 cleanup_mnt+0x3ac/0x450 fs/namespace.c:1366 task_work_run+0x14e/0x250 kernel/task_work.c:239 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0xad8/0x2d70 kernel/exit.c:938 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087 get_signal+0x2576/0x2610 kernel/signal.c:3017 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fee3cb87a6a Code: Unable to access opcode bytes at 0x7fee3cb87a40. RSP: 002b:00007fffcccac688 EFLAGS: 00000202 ORIG_RAX: 0000000000000037 RAX: 0000000000000000 RBX: 00007fffcccac710 RCX: 00007fee3cb87a6a RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000003 R08: 00007fffcccac6ac R09: 00007fffcccacac7 R10: 00007fffcccac710 R11: 0000000000000202 R12: 00007fee3cd49500 R13: 00007fffcccac6ac R14: 0000000000000000 R15: 00007fee3cd4b000 </TASK> Modules linked in: —[ end trace 0000000000000000 ]— RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125 Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 00 00 00 00 00 fc —truncated— | 2025-01-19 | not yet calculated | CVE-2025-21642 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel async DIO Netfslib needs to be able to handle kernel-initiated asynchronous DIO that is supplied with a bio_vec[] array. Currently, because of the async flag, this gets passed to netfs_extract_user_iter() which throws a warning and fails because it only handles IOVEC and UBUF iterators. This can be triggered through a combination of cifs and a loopback blockdev with something like: mount //my/cifs/share /foo dd if=/dev/zero of=/foo/m0 bs=4K count=1K losetup –sector-size 4096 –direct-io=on /dev/loop2046 /foo/m0 echo hello >/dev/loop2046 This causes the following to appear in syslog: WARNING: CPU: 2 PID: 109 at fs/netfs/iterator.c:50 netfs_extract_user_iter+0x170/0x250 [netfs] and the write to fail. Fix this by removing the check in netfs_unbuffered_write_iter_locked() that causes async kernel DIO writes to be handled as userspace writes. Note that this change relies on the kernel caller maintaining the existence of the bio_vec array (or kvec[] or folio_queue) until the op is complete. | 2025-01-19 | not yet calculated | CVE-2025-21643 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix tlb invalidation when wedging If GuC fails to load, the driver wedges, but in the process it tries to do stuff that may not be initialized yet. This moves the xe_gt_tlb_invalidation_init() to be done earlier: as its own doc says, it’s a software-only initialization and should had been named with the _early() suffix. Move it to be called by xe_gt_init_early(), so the locks and seqno are initialized, avoiding a NULL ptr deref when wedging: xe 0000:03:00.0: [drm] *ERROR* GT0: load failed: status: Reset = 0, BootROM = 0x50, UKernel = 0x00, MIA = 0x00, Auth = 0x01 xe 0000:03:00.0: [drm] *ERROR* GT0: firmware signature verification failed xe 0000:03:00.0: [drm] *ERROR* CRITICAL: Xe has declared device 0000:03:00.0 as wedged. … BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) – not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 UID: 0 PID: 3908 Comm: modprobe Tainted: G U W 6.13.0-rc4-xe+ #3 Tainted: [U]=USER, [W]=WARN Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-S ADP-S DDR5 UDIMM CRB, BIOS ADLSFWI1.R00.3275.A00.2207010640 07/01/2022 RIP: 0010:xe_gt_tlb_invalidation_reset+0x75/0x110 [xe] This can be easily triggered by poking the GuC binary to force a signature failure. There will still be an extra message, xe 0000:03:00.0: [drm] *ERROR* GT0: GuC mmio request 0x4100: no reply 0x4100 but that’s better than a NULL ptr deref. (cherry picked from commit 5001ef3af8f2c972d6fd9c5221a8457556f8bea6) | 2025-01-19 | not yet calculated | CVE-2025-21644 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it Wakeup for IRQ1 should be disabled only in cases where i8042 had actually enabled it, otherwise “wake_depth” for this IRQ will try to drop below zero and there will be an unpleasant WARN() logged: kernel: atkbd serio0: Disabling IRQ1 wakeup source to avoid platform firmware bug kernel: ————[ cut here ]———— kernel: Unbalanced IRQ 1 wake disable kernel: WARNING: CPU: 10 PID: 6431 at kernel/irq/manage.c:920 irq_set_irq_wake+0x147/0x1a0 The PMC driver uses DEFINE_SIMPLE_DEV_PM_OPS() to define its dev_pm_ops which sets amd_pmc_suspend_handler() to the .suspend, .freeze, and .poweroff handlers. i8042_pm_suspend(), however, is only set as the .suspend handler. Fix the issue by call PMC suspend handler only from the same set of dev_pm_ops handlers as i8042_pm_suspend(), which currently means just the .suspend handler. To reproduce this issue try hibernating (S4) the machine after a fresh boot without putting it into s2idle first. [ij: edited the commit message.] | 2025-01-19 | not yet calculated | CVE-2025-21645 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs if someone actually does that: kafs tries to create a directory under /proc/net/afs/ with the name of the cell, but that fails with a warning: WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:405 because procfs limits the maximum filename length to 255. However, the DNS limits the maximum lookup length and, by extension, the maximum cell name, to 255 less two (length count and trailing NUL). Fix this by limiting the maximum acceptable cellname length to 253. This also allows us to be sure we can create the “/afs/.<cell>/” mountpoint too. Further, split the YFS VL record cell name maximum to be the 256 allowed by the protocol and ignore the record retrieved by YFSVL.GetCellName if it exceeds 253. | 2025-01-19 | not yet calculated | CVE-2025-21646 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out of bounds memory access. To avoid any such logic errors causing out of bounds memory accesses, this commit factors out all accesses to the per-host bulk flow counters to a series of helpers that perform bounds-checking before any increments and decrements. This also has the benefit of improving readability by moving the conditional checks for the flow mode into these helpers, instead of having them spread out throughout the code (which was the cause of the original logic error). As part of this change, the flow quantum calculation is consolidated into a helper function, which means that the dithering applied to the ost load scaling is now applied both in the DRR rotation and when a sparse flow’s quantum is first initiated. The only user-visible effect of this is that the maximum packet size that can be sent while a flow stays sparse will now vary with +/- one byte in some cases. This should not make a noticeable difference in practice, and thus it’s not worth complicating the code to preserve the old behaviour. | 2025-01-19 | not yet calculated | CVE-2025-21647 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See: 0708a0afe291 (“mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls”) Note: hashtable resize is only possible from init_netns. | 2025-01-19 | not yet calculated | CVE-2025-21648 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices Currently, HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL. But the tx process would still try to set hardware time stamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash. [ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 … [ 128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.286600] lr : hclge_ptp_set_tx_info+0x20/0x140 [hclge] [ 128.292938] sp : ffff800059b93140 [ 128.297200] x29: ffff800059b93140 x28: 0000000000003280 [ 128.303455] x27: ffff800020d48280 x26: ffff0cb9dc814080 [ 128.309715] x25: ffff0cb9cde93fa0 x24: 0000000000000001 [ 128.315969] x23: 0000000000000000 x22: 0000000000000194 [ 128.322219] x21: ffff0cd94f986000 x20: 0000000000000000 [ 128.328462] x19: ffff0cb9d2a166c0 x18: 0000000000000000 [ 128.334698] x17: 0000000000000000 x16: ffffcf1fc523ed24 [ 128.340934] x15: 0000ffffd530a518 x14: 0000000000000000 [ 128.347162] x13: ffff0cd6bdb31310 x12: 0000000000000368 [ 128.353388] x11: ffff0cb9cfbc7070 x10: ffff2cf55dd11e02 [ 128.359606] x9 : ffffcf1f85a212b4 x8 : ffff0cd7cf27dab0 [ 128.365831] x7 : 0000000000000a20 x6 : ffff0cd7cf27d000 [ 128.372040] x5 : 0000000000000000 x4 : 000000000000ffff [ 128.378243] x3 : 0000000000000400 x2 : ffffcf1f85a21294 [ 128.384437] x1 : ffff0cb9db520080 x0 : ffff0cb9db500080 [ 128.390626] Call trace: [ 128.393964] hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.399893] hns3_nic_net_xmit+0x39c/0x4c4 [hns3] [ 128.405468] xmit_one.constprop.0+0xc4/0x200 [ 128.410600] dev_hard_start_xmit+0x54/0xf0 [ 128.415556] sch_direct_xmit+0xe8/0x634 [ 128.420246] __dev_queue_xmit+0x224/0xc70 [ 128.425101] dev_queue_xmit+0x1c/0x40 [ 128.429608] ovs_vport_send+0xac/0x1a0 [openvswitch] [ 128.435409] do_output+0x60/0x17c [openvswitch] [ 128.440770] do_execute_actions+0x898/0x8c4 [openvswitch] [ 128.446993] ovs_execute_actions+0x64/0xf0 [openvswitch] [ 128.453129] ovs_dp_process_packet+0xa0/0x224 [openvswitch] [ 128.459530] ovs_vport_receive+0x7c/0xfc [openvswitch] [ 128.465497] internal_dev_xmit+0x34/0xb0 [openvswitch] [ 128.471460] xmit_one.constprop.0+0xc4/0x200 [ 128.476561] dev_hard_start_xmit+0x54/0xf0 [ 128.481489] __dev_queue_xmit+0x968/0xc70 [ 128.486330] dev_queue_xmit+0x1c/0x40 [ 128.490856] ip_finish_output2+0x250/0x570 [ 128.495810] __ip_finish_output+0x170/0x1e0 [ 128.500832] ip_finish_output+0x3c/0xf0 [ 128.505504] ip_output+0xbc/0x160 [ 128.509654] ip_send_skb+0x58/0xd4 [ 128.513892] udp_send_skb+0x12c/0x354 [ 128.518387] udp_sendmsg+0x7a8/0x9c0 [ 128.522793] inet_sendmsg+0x4c/0x8c [ 128.527116] __sock_sendmsg+0x48/0x80 [ 128.531609] __sys_sendto+0x124/0x164 [ 128.536099] __arm64_sys_sendto+0x30/0x5c [ 128.540935] invoke_syscall+0x50/0x130 [ 128.545508] el0_svc_common.constprop.0+0x10c/0x124 [ 128.551205] do_el0_svc+0x34/0xdc [ 128.555347] el0_svc+0x20/0x30 [ 128.559227] el0_sync_handler+0xb8/0xc0 [ 128.563883] el0_sync+0x160/0x180 | 2025-01-19 | not yet calculated | CVE-2025-21649 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue The TQP BAR space is divided into two segments. TQPs 0-1023 and TQPs 1024-1279 are in different BAR space addresses. However, hclge_fetch_pf_reg does not distinguish the tqp space information when reading the tqp space information. When the number of TQPs is greater than 1024, access bar space overwriting occurs. The problem of different segments has been considered during the initialization of tqp.io_base. Therefore, tqp.io_base is directly used when the queue is read in hclge_fetch_pf_reg. The error message: Unable to handle kernel paging request at virtual address ffff800037200000 pc : hclge_fetch_pf_reg+0x138/0x250 [hclge] lr : hclge_get_regs+0x84/0x1d0 [hclge] Call trace: hclge_fetch_pf_reg+0x138/0x250 [hclge] hclge_get_regs+0x84/0x1d0 [hclge] hns3_get_regs+0x2c/0x50 [hns3] ethtool_get_regs+0xf4/0x270 dev_ethtool+0x674/0x8a0 dev_ioctl+0x270/0x36c sock_do_ioctl+0x110/0x2a0 sock_ioctl+0x2ac/0x530 __arm64_sys_ioctl+0xa8/0x100 invoke_syscall+0x4c/0x124 el0_svc_common.constprop.0+0x140/0x15c do_el0_svc+0x30/0xd0 el0_svc+0x1c/0x2c el0_sync_handler+0xb0/0xb4 el0_sync+0x168/0x180 | 2025-01-19 | not yet calculated | CVE-2025-21650 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: hns3: don’t auto enable misc vector Currently, there is a time window between misc irq enabled and service task inited. If an interrupte is reported at this time, it will cause warning like below: [ 16.324639] Call trace: [ 16.324641] __queue_delayed_work+0xb8/0xe0 [ 16.324643] mod_delayed_work_on+0x78/0xd0 [ 16.324655] hclge_errhand_task_schedule+0x58/0x90 [hclge] [ 16.324662] hclge_misc_irq_handle+0x168/0x240 [hclge] [ 16.324666] __handle_irq_event_percpu+0x64/0x1e0 [ 16.324667] handle_irq_event+0x80/0x170 [ 16.324670] handle_fasteoi_edge_irq+0x110/0x2bc [ 16.324671] __handle_domain_irq+0x84/0xfc [ 16.324673] gic_handle_irq+0x88/0x2c0 [ 16.324674] el1_irq+0xb8/0x140 [ 16.324677] arch_cpu_idle+0x18/0x40 [ 16.324679] default_idle_call+0x5c/0x1bc [ 16.324682] cpuidle_idle_call+0x18c/0x1c4 [ 16.324684] do_idle+0x174/0x17c [ 16.324685] cpu_startup_entry+0x30/0x6c [ 16.324687] secondary_start_kernel+0x1a4/0x280 [ 16.324688] —[ end trace 6aa0bff672a964aa ]— So don’t auto enable misc vector when request irq.. | 2025-01-19 | not yet calculated | CVE-2025-21651 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is triggered for the ipvlan dev, the lower dev might have already been freed, resulting in UAF of ipvlan->phy_dev in ipvlan_get_iflink(). We can delay the lower dev unregistration like vlan and macvlan by holding the lower dev’s refcnt in dev->netdev_ops->ndo_init() and releasing it in dev->priv_destructor(). Jakub pointed out calling .ndo_XXX after unregister_netdevice() has returned is error prone and suggested [1] addressing this UAF in the core by taking commit 750e51603395 (“net: avoid potential UAF in default_operstate()”) further. Let’s assume unregistering devices DOWN and use RCU protection in default_operstate() not to race with the device unregistration. [0]: BUG: KASAN: slab-use-after-free in ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353 Read of size 4 at addr ffff0000d768c0e0 by task kworker/u8:35/6944 CPU: 0 UID: 0 PID: 6944 Comm: kworker/u8:35 Not tainted 6.13.0-rc2-g9bc5c9515b48 #12 4c3cb9e8b4565456f6a355f312ff91f4f29b3c47 Hardware name: linux,dummy-virt (DT) Workqueue: events_unbound linkwatch_event Call trace: show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:484 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x16c/0x6f0 mm/kasan/report.c:489 kasan_report+0xc0/0x120 mm/kasan/report.c:602 __asan_report_load4_noabort+0x20/0x30 mm/kasan/report_generic.c:380 ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353 dev_get_iflink+0x7c/0xd8 net/core/dev.c:674 default_operstate net/core/link_watch.c:45 [inline] rfc2863_policy+0x144/0x360 net/core/link_watch.c:72 linkwatch_do_dev+0x60/0x228 net/core/link_watch.c:175 __linkwatch_run_queue+0x2f4/0x5b8 net/core/link_watch.c:239 linkwatch_event+0x64/0xa8 net/core/link_watch.c:282 process_one_work+0x700/0x1398 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x8c4/0xe10 kernel/workqueue.c:3391 kthread+0x2b0/0x360 kernel/kthread.c:389 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862 Allocated by task 9303: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x30/0x68 mm/kasan/common.c:68 kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4283 [inline] __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4289 __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:650 alloc_netdev_mqs+0xb4/0x1118 net/core/dev.c:11209 rtnl_create_link+0x2b8/0xb60 net/core/rtnetlink.c:3595 rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3771 __rtnl_newlink net/core/rtnetlink.c:3896 [inline] rtnl_newlink+0x122c/0x15c0 net/core/rtnetlink.c:4011 rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6901 netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2542 rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6928 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] __sys_sendto+0x2ec/0x438 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __arm64_sys_sendto+0xe4/0x110 net/socket.c:2200 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151 el —truncated— | 2025-01-19 | not yet calculated | CVE-2025-21652 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23 shift exponent 9445 is too large for 32-bit type ‘u32’ (aka ‘unsigned int’) CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 flow_classify+0x24d5/0x25b0 net/sched/cls_flow.c:329 tc_classify include/net/tc_wrapper.h:197 [inline] __tcf_classify net/sched/cls_api.c:1771 [inline] tcf_classify+0x420/0x1160 net/sched/cls_api.c:1867 sfb_classify net/sched/sch_sfb.c:260 [inline] sfb_enqueue+0x3ad/0x18b0 net/sched/sch_sfb.c:318 dev_qdisc_enqueue+0x4b/0x290 net/core/dev.c:3793 __dev_xmit_skb net/core/dev.c:3889 [inline] __dev_queue_xmit+0xf0e/0x3f50 net/core/dev.c:4400 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_hh_output include/net/neighbour.h:523 [inline] neigh_output include/net/neighbour.h:537 [inline] ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 iptunnel_xmit+0x55d/0x9b0 net/ipv4/ip_tunnel_core.c:82 udp_tunnel_xmit_skb+0x262/0x3b0 net/ipv4/udp_tunnel_core.c:173 geneve_xmit_skb drivers/net/geneve.c:916 [inline] geneve_xmit+0x21dc/0x2d00 drivers/net/geneve.c:1039 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606 __dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434 | 2025-01-19 | not yet calculated | CVE-2025-21653 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ovl: support encoding fid from inode with no alias Dmitry Safonov reported that a WARN_ON() assertion can be trigered by userspace when calling inotify_show_fdinfo() for an overlayfs watched inode, whose dentry aliases were discarded with drop_caches. The WARN_ON() assertion in inotify_show_fdinfo() was removed, because it is possible for encoding file handle to fail for other reason, but the impact of failing to encode an overlayfs file handle goes beyond this assertion. As shown in the LTP test case mentioned in the link below, failure to encode an overlayfs file handle from a non-aliased inode also leads to failure to report an fid with FAN_DELETE_SELF fanotify events. As Dmitry notes in his analyzis of the problem, ovl_encode_fh() fails if it cannot find an alias for the inode, but this failure can be fixed. ovl_encode_fh() seldom uses the alias and in the case of non-decodable file handles, as is often the case with fanotify fid info, ovl_encode_fh() never needs to use the alias to encode a file handle. Defer finding an alias until it is actually needed so ovl_encode_fh() will not fail in the common case of FAN_DELETE_SELF fanotify events. | 2025-01-19 | not yet calculated | CVE-2025-21654 |
| Luxion–KeyShot Viewer |
Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22139. | 2025-01-13 | not yet calculated | CVE-2025-0412 |
| Moxa–EDS-508A Series |
Moxa’s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device. | 2025-01-15 | not yet calculated | CVE-2024-12297 |
| Moxa–MGate 5121 Series |
A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the “Login Message” functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions or other impacts, depending on the user’s privileges. | 2025-01-15 | not yet calculated | CVE-2025-0193 |
| n/a–n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function. | 2025-01-13 | not yet calculated | CVE-2023-42225 |
| n/a–n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function. | 2025-01-13 | not yet calculated | CVE-2023-42226 |
| n/a–n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function. | 2025-01-13 | not yet calculated | CVE-2023-42227 |
| n/a–n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the “AclList/SaveAclRules” administrative function. | 2025-01-13 | not yet calculated | CVE-2023-42228 |
| n/a–n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service. | 2025-01-13 | not yet calculated | CVE-2023-42229 |
| n/a–n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the “WSCView/Delete” function. | 2025-01-13 | not yet calculated | CVE-2023-42231 |
| n/a–n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function. | 2025-01-13 | not yet calculated | CVE-2023-42232 |
| n/a–n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function. | 2025-01-13 | not yet calculated | CVE-2023-42234 |
| n/a–n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php. | 2025-01-13 | not yet calculated | CVE-2023-42235 |
| n/a–n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php. | 2025-01-13 | not yet calculated | CVE-2023-42236 |
| n/a–n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php. | 2025-01-13 | not yet calculated | CVE-2023-42237 |
| n/a–n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php. | 2025-01-13 | not yet calculated | CVE-2023-42238 |
| n/a–n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php. | 2025-01-13 | not yet calculated | CVE-2023-42239 |
| n/a–n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php. | 2025-01-13 | not yet calculated | CVE-2023-42240 |
| n/a–n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php. | 2025-01-13 | not yet calculated | CVE-2023-42241 |
| n/a–n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php. | 2025-01-13 | not yet calculated | CVE-2023-42242 |
| n/a–n/a |
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries. | 2025-01-13 | not yet calculated | CVE-2023-42243 |
| n/a–n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page “common/vam_Sql.php”. | 2025-01-13 | not yet calculated | CVE-2023-42248 |
| n/a–n/a |
An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service (ReDoS) via a crafted URL. | 2025-01-15 | not yet calculated | CVE-2024-36751 |
| n/a–n/a |
Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command. | 2025-01-15 | not yet calculated | CVE-2024-39967 |
| n/a–n/a |
An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function. | 2025-01-16 | not yet calculated | CVE-2024-40513 |
| n/a–n/a |
Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. | 2025-01-16 | not yet calculated | CVE-2024-40514 |
| n/a–n/a |
An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file. | 2025-01-15 | not yet calculated | CVE-2024-41454 |
| n/a–n/a |
ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability. | 2025-01-14 | not yet calculated | CVE-2024-42911 |
| n/a–n/a |
Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request. | 2025-01-16 | not yet calculated | CVE-2024-46450 |
| n/a–n/a |
An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of service (battery-drain attack). | 2025-01-13 | not yet calculated | CVE-2024-46921 |
| n/a–n/a |
The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. This allows attackers to possibly gain access to sensitive information via a man-in-the-middle attack. | 2025-01-15 | not yet calculated | CVE-2024-48121 |
| n/a–n/a |
Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges. | 2025-01-15 | not yet calculated | CVE-2024-48122 |
| n/a–n/a |
An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device. | 2025-01-15 | not yet calculated | CVE-2024-48123 |
| n/a–n/a |
An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails. | 2025-01-16 | not yet calculated | CVE-2024-48460 |
| n/a–n/a |
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution. | 2025-01-14 | not yet calculated | CVE-2024-48760 |
| n/a–n/a |
The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information. | 2025-01-17 | not yet calculated | CVE-2024-50967 |
| n/a–n/a |
Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file. | 2025-01-15 | not yet calculated | CVE-2024-52783 |
| n/a–n/a |
An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests. | 2025-01-16 | not yet calculated | CVE-2024-53553 |
| n/a–n/a |
A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request. | 2025-01-14 | not yet calculated | CVE-2024-53561 |
| n/a–n/a |
A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This could lead to remote code execution. JNDI injection is possible via the JDBC connection property krbJAASFile for the Java Authentication and Authorization Service (JAAS). Using untrusted parameters in the krbJAASFile and/or remote host can trigger JNDI injection in the JDBC URL through the krbJAASFile. | 2025-01-16 | not yet calculated | CVE-2024-54660 |
| n/a–n/a |
A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows an attacker to elevate their privileges via executing a specially crafted executable. | 2025-01-16 | not yet calculated | CVE-2024-55511 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “week” parameter in setWiFiScheduleCfg. | 2025-01-15 | not yet calculated | CVE-2024-57023 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “eMinute” parameter in setWiFiScheduleCfg. | 2025-01-15 | not yet calculated | CVE-2024-57024 |
| n/a–n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the “desc” parameter in setWiFiScheduleCfg. | 2025-01-15 | not yet calculated | CVE-2024-57025 |
| n/a–n/a |
WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter. | 2025-01-17 | not yet calculated | CVE-2024-57031 |
| n/a–n/a |
WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field. | 2025-01-17 | not yet calculated | CVE-2024-57032 |
| n/a–n/a |
WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo parameter of documentos_funcionario.php. | 2025-01-17 | not yet calculated | CVE-2024-57033 |
| n/a–n/a |
WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter. | 2025-01-17 | not yet calculated | CVE-2024-57034 |
| n/a–n/a |
WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php. | 2025-01-17 | not yet calculated | CVE-2024-57035 |
| n/a–n/a |
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html. | 2025-01-16 | not yet calculated | CVE-2024-57159 |
| n/a–n/a |
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html. | 2025-01-16 | not yet calculated | CVE-2024-57160 |
| n/a–n/a |
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html | 2025-01-16 | not yet calculated | CVE-2024-57161 |
| n/a–n/a |
Clickjacking vulnerability in typecho v1.2.1. | 2025-01-17 | not yet calculated | CVE-2024-57369 |
| n/a–n/a |
Cross Site Scripting vulnerability in sunnygkp10 Online Exam System master version allows a remote attacker to obtain sensitive information via the w parameter. | 2025-01-17 | not yet calculated | CVE-2024-57370 |
| n/a–n/a |
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | 2025-01-14 | not yet calculated | CVE-2024-57471 |
| n/a–n/a |
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | 2025-01-14 | not yet calculated | CVE-2024-57482 |
| n/a–n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | 2025-01-16 | not yet calculated | CVE-2024-57575 |
| n/a–n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | 2025-01-16 | not yet calculated | CVE-2024-57583 |
| n/a–n/a |
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId. | 2025-01-16 | not yet calculated | CVE-2024-57611 |
| n/a–n/a |
An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | not yet calculated | CVE-2024-57662 |
| n/a–n/a |
An issue in the sqlg_place_dpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | not yet calculated | CVE-2024-57663 |
| n/a–n/a |
An issue in the sqlg_group_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | not yet calculated | CVE-2024-57664 |
| n/a–n/a |
An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57676 |
| n/a–n/a |
An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57677 |
| n/a–n/a |
An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57678 |
| n/a–n/a |
An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57679 |
| n/a–n/a |
An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57680 |
| n/a–n/a |
An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57681 |
| n/a–n/a |
An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57682 |
| n/a–n/a |
An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57683 |
| n/a–n/a |
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. | 2025-01-16 | not yet calculated | CVE-2024-57703 |
| n/a–n/a |
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow. | 2025-01-16 | not yet calculated | CVE-2024-57704 |
| n/a–n/a |
JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava. | 2025-01-15 | not yet calculated | CVE-2024-57757 |
| n/a–n/a |
JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java. | 2025-01-15 | not yet calculated | CVE-2024-57760 |
| n/a–n/a |
An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file. | 2025-01-15 | not yet calculated | CVE-2024-57761 |
| n/a–n/a |
MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file. | 2025-01-15 | not yet calculated | CVE-2024-57762 |
| n/a–n/a |
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField. | 2025-01-15 | not yet calculated | CVE-2024-57763 |
| n/a–n/a |
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add. | 2025-01-15 | not yet calculated | CVE-2024-57764 |
| n/a–n/a |
MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list. | 2025-01-15 | not yet calculated | CVE-2024-57765 |
| n/a–n/a |
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField. | 2025-01-15 | not yet calculated | CVE-2024-57766 |
| n/a–n/a |
MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. | 2025-01-15 | not yet calculated | CVE-2024-57767 |
| n/a–n/a |
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser. | 2025-01-16 | not yet calculated | CVE-2024-57769 |
| n/a–n/a |
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id. | 2025-01-16 | not yet calculated | CVE-2024-57770 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-16 | not yet calculated | CVE-2024-57771 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-16 | not yet calculated | CVE-2024-57772 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-16 | not yet calculated | CVE-2024-57773 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-16 | not yet calculated | CVE-2024-57774 |
| n/a–n/a |
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid. | 2025-01-16 | not yet calculated | CVE-2024-57775 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-16 | not yet calculated | CVE-2024-57776 |
| n/a–n/a |
An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal. | 2025-01-16 | not yet calculated | CVE-2024-57784 |
| n/a–n/a |
Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php. | 2025-01-16 | not yet calculated | CVE-2024-57785 |
| n/a–n/a |
SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN Interactive) DDSN Interactive cm3 Acora CMS 10.1.1 allows an attacker to execute arbitrary code via the table parameter. | 2025-01-15 | not yet calculated | CVE-2025-22964 |
| n/a–n/a |
SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the “checkOrder.php” shopId module. | 2025-01-15 | not yet calculated | CVE-2025-22976 |
| n/a–n/a |
An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. | 2025-01-14 | not yet calculated | CVE-2025-22983 |
| n/a–n/a |
An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. | 2025-01-14 | not yet calculated | CVE-2025-22984 |
| NamelessMC–Nameless |
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user’s profile on staff panel. As a result an attacker can execute javascript code on the staffer’s computer. This issue has been addressed in version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22142 |
| NamelessMC–Nameless |
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when the account is manually validated by a user with admincp.core.emails or admincp.users.edit permissions then the reset_code will no longer be NULL but empty. An attacker can request http://localhost/nameless/index.php?route=/forgot_password/&c= and reset the password. As a result an attacker may compromise another users password and take over their account. This issue has been addressed in release version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22144 |
| Newtec/iDirect–NTC2218, NTC2250, NTC2299 |
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The `commit_multicast` page used to configure multicasts in the modem’s web administration interface uses improperly parses incoming data from the request before passing it to an `eval` statement in a bash script. This allows attackers to inject arbitrary shell commands. | 2025-01-17 | not yet calculated | CVE-2024-13502 |
| Newtec/iDirect–NTC2218, NTC2250, NTC2299 |
Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclusion. This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The issue is both present on the PowerPC versions of the modem and the ARM versions. A stack buffer buffer overflow in the swdownload binary allows attackers to execute arbitrary code. The parse_INFO function uses an unrestricted `sscanf` to read a string of an incoming network packet into a statically sized buffer. | 2025-01-17 | not yet calculated | CVE-2024-13503 |
| openfga–openfga |
OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 (Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2) are vulnerable to authorization bypass under the following conditions: 1. calling Check API or ListObjects with a model that uses [conditions](https://openfga.dev/docs/modeling/conditions), and 2. calling Check API or ListObjects API with [contextual tuples](https://openfga.dev/docs/concepts#what-are-contextual-tuples) that include conditions and 3. OpenFGA is configured with caching enabled (`OPENFGA_CHECK_QUERY_CACHE_ENABLED`). Users are advised to upgrade to v1.8.3. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2024-56323 |
| OpenText–Solutions Business Manager (SBM) |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in OpenTextâ„¢ Solutions Business Manager (SBM) allows Stored XSS. The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutions Business Manager (SBM): through 12.2.1. | 2025-01-15 | not yet calculated | CVE-2024-7085 |
| Roche Diagnostics–Algorithm Suite |
A vulnerability exists in Algo Edge up to 2.1.1 – a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify® Algorithm Suite are not affected. | 2025-01-17 | not yet calculated | CVE-2024-13026 |
| Schneider Electric–EcoStruxure Power Build Rapsody |
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to exploit these issues to potentially execute arbitrary code when opening a malicious project file. | 2025-01-17 | not yet calculated | CVE-2024-11139 |
| The Dimensional Gate Co.–Linux Ratfor |
Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier. When the software processes a file which is specially crafted by an attacker, arbitrary code may be executed. As a result, the attacker may obtain or alter information of the user environment or cause the user environment to become unusable. | 2025-01-15 | not yet calculated | CVE-2024-55577 |
| Unknown–List category posts |
The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-01-18 | not yet calculated | CVE-2024-9020 |
| Veeam–Backup for Microsoft Azure |
Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 2025-01-14 | not yet calculated | CVE-2025-23082 |
| vyperlang–vyper |
Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be incorrect. Based on EVM’s rules, after the failed precompile the remaining code has only 1/64 of the pre-call-gas left (as 63/64 were forwarded and spent). Hence, only fairly simple executions can follow the failed precompile calls. Therefore, we found no significantly impacted real-world contracts. None the less an advisory has been made out of an abundance of caution. There are no actions for users to take. | 2025-01-14 | not yet calculated | CVE-2025-21607 |
| Wikimedia Foundation–Mediawiki – GlobalBlocking Extension |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki – GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension. | 2025-01-14 | not yet calculated | CVE-2025-23073 |
| Wikimedia Foundation–Mediawiki – RefreshSpecial Extension |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki – RefreshSpecial Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki – RefreshSpecial Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 2025-01-14 | not yet calculated | CVE-2025-23072 |
| Wikimedia Foundation–Mediawiki – SocialProfile Extension |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki – SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki – SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 2025-01-14 | not yet calculated | CVE-2025-23074 |
| Yubico–pam-u2f |
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user’s password. | 2025-01-15 | not yet calculated | CVE-2025-23013 |
| zulip–zulip |
Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email address is in use by a user. Zulip Server 9.4 resolves the issue, as does the `main` branch of Zulip Server. Users are advised to upgrade. There are no known workarounds for this issue. | 2025-01-16 | not yet calculated | CVE-2024-56136 |