High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| aEnrich Technology–a+HRD |
The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 2025-01-20 | 9.8 | CVE-2025-0585 |
| aEnrich Technology–a+HRD |
The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution. | 2025-01-20 | 7.2 | CVE-2025-0586 |
| aipower — aipower |
The “AI Power: Complete AI Pack” plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form[‘post_content’] variable through the wpaicg_export_prompts function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2025-01-22 | 7.2 | CVE-2025-0428 |
| aipower — aipower |
The “AI Power: Complete AI Pack” plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form[‘post_content’] variable through the wpaicg_export_ai_forms() function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2025-01-22 | 7.2 | CVE-2025-0429 |
| AlaFalaki–a Gateway for Pasargad Bank on WooCommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AlaFalaki a Gateway for Pasargad Bank on WooCommerce allows Reflected XSS. This issue affects a Gateway for Pasargad Bank on WooCommerce: from n/a through 2.5.2. | 2025-01-22 | 7.1 | CVE-2025-23966 |
| Alessandro Benoit–WpDevTool |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alessandro Benoit WpDevTool allows Reflected XSS. This issue affects WpDevTool: from n/a through 0.1.1. | 2025-01-23 | 7.1 | CVE-2025-23624 |
| Andrea Dotta, Jacopo Campani, di xkoll.com–Social2Blog |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andrea Dotta, Jacopo Campani, di xkoll.com Social2Blog allows Reflected XSS. This issue affects Social2Blog: from n/a through 0.2.990. | 2025-01-21 | 7.1 | CVE-2025-23461 |
| Apache Software Foundation–Apache Ambari |
A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari. | 2025-01-21 | 8.8 | CVE-2024-51941 |
| Apache Software Foundation–Apache Ambari |
A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari. | 2025-01-21 | 8.8 | CVE-2025-23196 |
| Apache Software Foundation–Apache Ambari |
An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the `DocumentBuilderFactory` class without disabling external entity resolution. An attacker can exploit this vulnerability to read arbitrary files on the server or perform server-side request forgery (SSRF) attacks. The issue has been fixed in both Ambari 2.7.9 and the trunk branch. | 2025-01-21 | 7.5 | CVE-2025-23195 |
| Atarim–Atarim |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Atarim Atarim allows Stored XSS. This issue affects Atarim: from n/a through 4.0.8. | 2025-01-24 | 7.1 | CVE-2025-24570 |
| AWcode, PDSonline–Unique UX |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AWcode, PDSonline Unique UX allows Reflected XSS. This issue affects Unique UX: from n/a through 0.9.2. | 2025-01-22 | 7.1 | CVE-2025-23625 |
| AYS Pro Plugins–Quiz Maker Developer |
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ays_save_google_credentials’ function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This makes it possible for unauthenticated attackers to modify the Google Sheets integration credentials within the plugin’s settings. Because the ‘client_id’ parameter is not sanitized or escaped when used in output, this vulnerability could also be leveraged to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-26 | 7.2 | CVE-2024-10574 |
| AYS Pro Plugins–Quiz Maker Developer |
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-26 | 7.5 | CVE-2024-10628 |
| AYS Pro Plugins–Quiz Maker Developer |
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-01-26 | 7.3 | CVE-2024-10633 |
| basteln3rk–Save & Import Image from URL |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in basteln3rk Save & Import Image from URL allows Reflected XSS. This issue affects Save & Import Image from URL: from n/a through 0.7. | 2025-01-23 | 7.1 | CVE-2025-23960 |
| Beta10–Beta10 |
It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been identified at least in the file or path ‘/app/tools.html’. | 2025-01-23 | 9.8 | CVE-2025-0637 |
| Bilal TAS–Responsivity |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bilal TAS Responsivity allows Reflected XSS. This issue affects Responsivity: from n/a through 0.0.6. | 2025-01-22 | 7.1 | CVE-2025-23548 |
| Blrt–Blrt WP Embed |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blrt Blrt WP Embed allows Reflected XSS. This issue affects Blrt WP Embed: from n/a through 1.6.9. | 2025-01-22 | 7.1 | CVE-2025-23507 |
| Brian Messenlehner of WebDevStudios–WP-Announcements |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brian Messenlehner of WebDevStudios WP-Announcements allows Reflected XSS. This issue affects WP-Announcements: from n/a through 1.8. | 2025-01-21 | 7.1 | CVE-2025-23489 |
| Callum Richards–Admin Menu Organizer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Callum Richards Admin Menu Organizer allows Reflected XSS. This issue affects Admin Menu Organizer: from n/a through 1.0.1. | 2025-01-22 | 7.1 | CVE-2025-23686 |
| Camoo Sarl–CAMOO SMS |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Camoo Sarl CAMOO SMS allows Reflected XSS. This issue affects CAMOO SMS: from n/a through 3.0.1. | 2025-01-22 | 7.1 | CVE-2025-23607 |
| Cisco–Cisco BroadWorks |
A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover. | 2025-01-22 | 7.5 | CVE-2025-20165 |
| Cisco–Cisco Meeting Management |
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management. | 2025-01-22 | 9.9 | CVE-2025-20156 |
| clickandsell–REAL WordPress Sidebar |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in clickandsell REAL WordPress Sidebar allows Stored XSS. This issue affects REAL WordPress Sidebar: from n/a through 0.1. | 2025-01-22 | 7.1 | CVE-2025-23535 |
| CodePeople–Form Builder CP |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CodePeople Form Builder CP allows SQL Injection. This issue affects Form Builder CP: from n/a through 1.2.41. | 2025-01-24 | 8.5 | CVE-2025-24672 |
| coollabsio–coolify |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of IP / domain, port (most likely 22) and user (root) matches with the victim’s server configuration, then the attacker can use the `Terminal` feature and execute arbitrary commands on the victim’s server. Version 4.0.0-beta.361 fixes the issue. | 2025-01-24 | 10 | CVE-2025-22609 |
| coollabsio–coolify |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP / domain, port (most likely 22) and user (root) matches with the victim’s server configuration, then the attacker can execute arbitrary commands on the remote server. Version 4.0.0-beta.374 fixes the issue. | 2025-01-24 | 10 | CVE-2025-22612 |
| coollabsio–coolify |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He’s also able to kick every other member out of the team, including admins and owners. This allows the attacker to access the `Terminal` feature and execute remote commands. Version 4.0.0-beta.361 fixes the issue. | 2025-01-24 | 9.9 | CVE-2025-22611 |
| Deepin–dde-api-proxy |
An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don’t know about the proxy situation (they believe that root is asking them to do things). Consequently several proxied methods, that shouldn’t be accessible to non-root users, are accessible to non-root users. In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges. | 2025-01-24 | 8.4 | CVE-2025-23222 |
| Dimitar Atanasov–My Favorite Car |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dimitar Atanasov My Favorite Car allows Reflected XSS. This issue affects My Favorite Car: from n/a through 1.0. | 2025-01-23 | 7.1 | CVE-2025-23636 |
| Dovy Paukstys–Redux Converter |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dovy Paukstys Redux Converter allows Reflected XSS. This issue affects Redux Converter: from n/a through 1.1.3.1. | 2025-01-24 | 7.1 | CVE-2025-23427 |
| E4J s.r.l.–VikAppointments Services Booking Calendar |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in E4J s.r.l. VikAppointments Services Booking Calendar allows Stored XSS. This issue affects VikAppointments Services Booking Calendar: from n/a through 1.2.16. | 2025-01-21 | 7.1 | CVE-2025-22719 |
| e4jvikwp–VikBooking Hotel Booking Engine & PMS |
The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the ‘save’ function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-01-26 | 8.8 | CVE-2024-11641 |
| ECOVACS–DEEBOT X5 PRO PLUS |
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates. | 2025-01-23 | 7.4 | CVE-2024-52330 |
| ECOVACS–ECOVACS HOME |
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens. | 2025-01-23 | 7.4 | CVE-2024-52329 |
| ECOVACS–GOAT G1 |
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection. | 2025-01-23 | 9.6 | CVE-2024-52325 |
| ECOVACS–Unspecified robots |
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. | 2025-01-23 | 7.6 | CVE-2024-11147 |
| ECOVACS–Unspecified robots |
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. | 2025-01-23 | 7.5 | CVE-2024-52331 |
| edmon–Download, Downloads |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in edmon Download, Downloads allows Reflected XSS. This issue affects Download, Downloads : from n/a through 1.4.2. | 2025-01-23 | 7.1 | CVE-2025-23541 |
| Elastic–Fleet Server |
An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled. | 2025-01-23 | 9 | CVE-2024-52975 |
| Elastic–Kibana |
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions. | 2025-01-23 | 7.7 | CVE-2024-43707 |
| Eliott Robson–Mass Messaging in BuddyPress |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Eliott Robson Mass Messaging in BuddyPress allows Reflected XSS. This issue affects Mass Messaging in BuddyPress: from n/a through 2.2.1. | 2025-01-22 | 7.1 | CVE-2025-23798 |
| eminozlem–Bootstrap Ultimate |
The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If php://filter is enabled on the server, this issue may directly lead to Remote Code Execution. | 2025-01-24 | 9.8 | CVE-2024-13545 |
| Eniture Technology–Standard Box Sizes for WooCommerce |
Missing Authorization vulnerability in Eniture Technology Standard Box Sizes – for WooCommerce. This issue affects Standard Box Sizes – for WooCommerce: from n/a through 1.6.13. | 2025-01-21 | 7.5 | CVE-2025-22318 |
| envoyproxy–gateway |
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch. | 2025-01-23 | 7.1 | CVE-2025-24030 |
| Ericsson–CodeChecker |
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not limited to adding, removing or editing products. The attacker needs to know the ID of the available products to modify or delete them. The attacker cannot directly exfiltrate data (view) from CodeChecker, due to being limited to form-based CSRF. This issue affects CodeChecker: through 6.24.4. | 2025-01-21 | 8.2 | CVE-2024-53829 |
| Estatebud–Estatebud Properties & Listings |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Estatebud Estatebud – Properties & Listings allows Stored XSS. This issue affects Estatebud – Properties & Listings: from n/a through 5.5.0. | 2025-01-21 | 7.1 | CVE-2025-23994 |
| Explara–Explara Membership |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Explara Explara Membership allows Reflected XSS. This issue affects Explara Membership: from n/a through 0.0.7. | 2025-01-22 | 7.1 | CVE-2025-23583 |
| Faaiq Ahmed, Technial Architect,[email protected]–Simple Custom post type custom field |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Faaiq Ahmed, Technial Architect,[email protected] Simple Custom post type custom field allows Reflected XSS. This issue affects Simple Custom post type custom field: from n/a through 1.0.3. | 2025-01-22 | 7.1 | CVE-2025-23500 |
| fastify–fastify-multipart |
@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the `saveRequestFiles` function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use `saveRequestFiles`. | 2025-01-23 | 7.5 | CVE-2025-24033 |
| Fedora Repository–Fedora Repository |
Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives (“Zip Slip”). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23). | 2025-01-23 | 8.8 | CVE-2025-23011 |
| Fedora Repository–Fedora Repository |
Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23). | 2025-01-23 | 7.5 | CVE-2025-23012 |
| flashmaniac–Nature FlipBook |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in flashmaniac Nature FlipBook allows Reflected XSS. This issue affects Nature FlipBook: from n/a through 1.7. | 2025-01-21 | 7.1 | CVE-2025-23454 |
| fures–XTRA Settings |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in fures XTRA Settings allows Reflected XSS. This issue affects XTRA Settings: from n/a through 2.1.8. | 2025-01-23 | 7.1 | CVE-2025-23729 |
| G DATA CyberDefense AG–G DATA Management Server |
Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write. | 2025-01-25 | 7.8 | CVE-2025-0542 |
| G DATA CyberDefense AG–G DATA Security Client |
Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM. | 2025-01-25 | 7.8 | CVE-2025-0543 |
| gamipress — gamipress |
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-01-22 | 7.3 | CVE-2024-13495 |
| gamipress — gamipress |
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-22 | 7.5 | CVE-2024-13496 |
| gamipress — gamipress |
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-01-22 | 7.3 | CVE-2024-13499 |
| GitLab–GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting. | 2025-01-24 | 8.7 | CVE-2025-0314 |
| Google–Android |
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 9.8 | CVE-2024-49747 |
| Google–Android |
In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 9.8 | CVE-2024-49748 |
| Google–Android |
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 8.8 | CVE-2024-43096 |
| Google–Android |
In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 8.8 | CVE-2024-43770 |
| Google–Android |
In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 8.8 | CVE-2024-43771 |
| Google–Android |
In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 8.8 | CVE-2024-49749 |
| Google–Android |
In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2025-01-21 | 7.8 | CVE-2023-40132 |
| Google–Android |
In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 7.8 | CVE-2024-34730 |
| Google–Android |
In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2025-01-21 | 7.8 | CVE-2024-43095 |
| Google–Android |
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | 2025-01-21 | 7.8 | CVE-2024-43765 |
| Google–Android |
In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2025-01-21 | 7 | CVE-2024-49724 |
| Google–Android |
In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 7.8 | CVE-2024-49732 |
| Google–Android |
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 7.5 | CVE-2024-49734 |
| Google–Android |
In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 7.8 | CVE-2024-49735 |
| Google–Android |
In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 7.8 | CVE-2024-49736 |
| Google–Android |
In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 7.8 | CVE-2024-49737 |
| Google–Android |
In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 7.8 | CVE-2024-49738 |
| Google–Android |
In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2025-01-21 | 7.8 | CVE-2024-49742 |
| Google–Android |
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2025-01-21 | 7.8 | CVE-2024-49744 |
| Google–Android |
In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 7.8 | CVE-2024-49745 |
| Gradle–Enterprise |
Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 (in affected vulnerable versions) does not include the projects section of the configuration. This leads to all of the project settings being reset to their defaults when the old schema is loaded. In the case of projects.enabled, the default is false. Thus, using an enterprise config v8 results in Project level access control being disabled, even if it was previously enabled, and previously restricted project information disclosed. Most commonly, this occurs when a Develocity instance is upgraded from an earlier version. Specifically, this occurs if: Develocity 2023.3.X is upgraded to 2023.4.X; Develocity 2023.3.X is upgraded to 2024.1.X up to and including 2024.1.7; or Develocity 2023.4.X is upgraded to 2024.1.X up to and including 2024.1.7. The flaw does not occur when upgrading to a fixed version. An upgrade can only be triggered via administrator access, and cannot be forced by an external attacker. | 2025-01-26 | 7.1 | CVE-2024-46881 |
| HashiCorp–Shared library |
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. | 2025-01-21 | 7.5 | CVE-2025-0377 |
| heart5–StatPressCN |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in heart5 StatPressCN allows Reflected XSS. This issue affects StatPressCN: from n/a through 1.9.1. | 2025-01-23 | 7.1 | CVE-2025-23544 |
| Helmuth Lammer–Tagesteller |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Helmuth Lammer Tagesteller allows Reflected XSS. This issue affects Tagesteller: from n/a through v.1.1. | 2025-01-22 | 7.1 | CVE-2025-23609 |
| Hidetoshi Fukushima–Kumihimo |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hidetoshi Fukushima Kumihimo allows Reflected XSS. This issue affects Kumihimo: from n/a through 1.0.2. | 2025-01-23 | 7.1 | CVE-2025-23626 |
| HL7–fhir-ig-publisher |
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available. | 2025-01-24 | 8.6 | CVE-2024-52807 |
| humanmade limited, Joe Hoyle, Tom Wilmott, Matthew Haines-Young–HM Portfolio |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in humanmade limited, Joe Hoyle, Tom Wilmott, Matthew Haines-Young HM Portfolio allows Reflected XSS. This issue affects HM Portfolio: from n/a through 1.1.1. | 2025-01-24 | 7.1 | CVE-2025-23522 |
| I Thirteen Web Solution–Email Subscription Popup |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in I Thirteen Web Solution Email Subscription Popup allows Blind SQL Injection. This issue affects Email Subscription Popup: from n/a through 1.2.23. | 2025-01-24 | 7.6 | CVE-2025-24587 |
| IBM–Analytics Content Hub |
IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. | 2025-01-25 | 8.8 | CVE-2024-39750 |
| IBM–Cognos Dashboards on Cloud Pak for Data |
IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion. | 2025-01-24 | 8.8 | CVE-2024-41739 |
| IBM–Planning Analytics Local |
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. | 2025-01-24 | 8 | CVE-2024-25034 |
| IBM–Planning Analytics Local |
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | 2025-01-24 | 8 | CVE-2024-40693 |
| IBM–Sterling B2B Integrator Standard Edition |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 2025-01-22 | 8.8 | CVE-2024-31903 |
| Innovative Solutions–user files |
Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server. This issue affects user files: from n/a through 2.4.2. | 2025-01-22 | 10 | CVE-2025-23953 |
| instawp–String locator |
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the ‘recursive_unserialize_replace’ function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit. | 2025-01-21 | 8.8 | CVE-2024-10936 |
| iova.mihai–Social Pug: Author Box |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in iova.mihai Social Pug: Author Box allows Reflected XSS. This issue affects Social Pug: Author Box: from n/a through 1.0.0. | 2025-01-21 | 7.1 | CVE-2025-22706 |
| Iqonic Design–WPBookit |
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘WPB_Profile_controller::handle_image_upload’ function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-01-25 | 9.8 | CVE-2025-0357 |
| jannatqualitybacklinks.com–REDIRECTION PLUS |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in jannatqualitybacklinks.com REDIRECTION PLUS allows Reflected XSS. This issue affects REDIRECTION PLUS: from n/a through 2.0.0. | 2025-01-22 | 7.1 | CVE-2025-23681 |
| jcollings–Import WP Export and Import CSV and XML files to WordPress |
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/ directory which can contain information like imported or local user data and files. | 2025-01-25 | 7.5 | CVE-2024-13562 |
| Jenkins Project–Jenkins Bitbucket Server Integration Plugin |
Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | 2025-01-22 | 8.8 | CVE-2025-24398 |
| Jenkins Project–Jenkins OpenId Connect Authentication Plugin |
Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that differs only in letter case, potentially gaining administrator access to Jenkins. | 2025-01-22 | 8.8 | CVE-2025-24399 |
| JetBrains–YouTrack |
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration | 2025-01-21 | 7.1 | CVE-2025-24458 |
| Joe Dolson–My Tickets |
Missing Authorization vulnerability in Joe Dolson My Tickets allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects My Tickets: from n/a through 2.0.9. | 2025-01-21 | 7.5 | CVE-2025-22717 |
| Kiro G.–Formatted post |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kiro G. Formatted post allows Reflected XSS. This issue affects Formatted post: from n/a through 1.01. | 2025-01-22 | 7.1 | CVE-2025-23709 |
| Kolja Nolte–Flexible Blogtitle |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kolja Nolte Flexible Blogtitle allows Reflected XSS. This issue affects Flexible Blogtitle: from n/a through 0.1. | 2025-01-22 | 7.1 | CVE-2025-23846 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application’s database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10. | 2025-01-20 | 9.8 | CVE-2025-23219 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_especie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application’s database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10. | 2025-01-20 | 8.8 | CVE-2025-23218 |
| LabRedesCefetRJ–WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application’s database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10. | 2025-01-20 | 8.8 | CVE-2025-23220 |
| LamPD–Call To Action Popup |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LamPD Call To Action Popup allows Reflected XSS. This issue affects Call To Action Popup: from n/a through 1.0.2. | 2025-01-22 | 7.1 | CVE-2025-23605 |
| Laymance Technologies LLC–MachForm Shortcode |
Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode allows Stored XSS. This issue affects MachForm Shortcode: from n/a through 1.4.1. | 2025-01-24 | 7.1 | CVE-2025-24636 |
| Lexmark–various |
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. | 2025-01-21 | 8.6 | CVE-2023-50733 |
| LibVNC–LibVNCServer |
LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution. | 2025-01-24 | 8.8 | CVE-2019-15690 |
| Linus Lundahl–Good Old Gallery |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Linus Lundahl Good Old Gallery allows Reflected XSS. This issue affects Good Old Gallery: from n/a through 2.1.2. | 2025-01-22 | 7.1 | CVE-2025-23959 |
| linuxfoundation — magma |
Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service. | 2025-01-21 | 7.5 | CVE-2023-37029 |
| linuxfoundation — magma |
A Stack-based buffer overflow in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an oversized `Emergency Number List` Information Element. | 2025-01-21 | 7.5 | CVE-2023-37032 |
| linuxfoundation — magma |
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | 2025-01-21 | 7.5 | CVE-2024-24416 |
| linuxfoundation — magma |
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | 2025-01-21 | 7.5 | CVE-2024-24417 |
| linuxfoundation — magma |
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at /nas/ies/PdnAddress.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | 2025-01-21 | 7.5 | CVE-2024-24418 |
| linuxfoundation — magma |
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_traffic_flow_template_packet_filter function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | 2025-01-21 | 7.5 | CVE-2024-24419 |
| linuxfoundation — magma |
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | 2025-01-21 | 7.5 | CVE-2024-24422 |
| linuxfoundation — magma |
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at /nas/ies/EsmMessageContainer.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | 2025-01-21 | 7.5 | CVE-2024-24423 |
| lmfit–asteval |
ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval’s restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is rooted in how `asteval` performs handling of `FormattedValue` AST nodes. In particular, the `on_formattedvalue` value uses the dangerous format method of the str class. The code allows an attacker to manipulate the value of the string used in the dangerous call `fmt.format(__fstring__=val)`. This vulnerability can be exploited to access protected attributes by intentionally triggering an `AttributeError` exception. The attacker can then catch the exception and use its `obj` attribute to gain arbitrary access to sensitive or protected object properties. Version 1.0.6 fixes this issue. | 2025-01-24 | 8.4 | CVE-2025-24359 |
| matrix-org–mjolnir |
Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren’t operators of the bot to use the bot’s functions, including server administration components if enabled. Version 1.9.1 reverts the feature that introduced the bug, and version 1.9.2 reintroduces the feature safely. Downgrading to version 1.8.3 is recommended if upgrading to 1.9.1 or higher isn’t possible. | 2025-01-21 | 9.1 | CVE-2025-24024 |
| Matthew Blackford, LimeSquare Pty Ltd–Lime Developer Login |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matthew Blackford, LimeSquare Pty Ltd Lime Developer Login allows Reflected XSS. This issue affects Lime Developer Login: from n/a through 1.4.0. | 2025-01-22 | 7.1 | CVE-2025-23701 |
| Matthew Garvin–BizLibrary |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matthew Garvin BizLibrary allows Reflected XSS. This issue affects BizLibrary: from n/a through 1.1. | 2025-01-21 | 7.1 | CVE-2025-23580 |
| MDJM–MDJM Event Management |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MDJM MDJM Event Management allows Reflected XSS. This issue affects MDJM Event Management: from n/a through 1.7.5.5. | 2025-01-24 | 7.1 | CVE-2025-22714 |
| mgplugin–Roi Calculator |
Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator allows Stored XSS. This issue affects Roi Calculator: from n/a through 1.0. | 2025-01-24 | 7.1 | CVE-2025-24756 |
| Mihajlovic Nenad–Improved Sale Badges Free Version |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Mihajlovic Nenad Improved Sale Badges – Free Version allows PHP Local File Inclusion. This issue affects Improved Sale Badges – Free Version: from n/a through 1.0.1. | 2025-01-22 | 8.1 | CVE-2025-23949 |
| Mohsin khan–WP Front-end login and register |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mohsin khan WP Front-end login and register allows Reflected XSS. This issue affects WP Front-end login and register: from n/a through 2.1.0. | 2025-01-23 | 7.1 | CVE-2025-23540 |
| Moshiur Rahman Mehedi–FP RSS Category Excluder |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Moshiur Rahman Mehedi FP RSS Category Excluder allows Reflected XSS. This issue affects FP RSS Category Excluder: from n/a through 1.0.0. | 2025-01-22 | 7.1 | CVE-2025-23679 |
| Musing Studio–WriteFreely |
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini. | 2025-01-20 | 8.4 | CVE-2025-24337 |
| MVPThemes–Zox News |
The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ‘backup_options’ and ‘restore_options’ function in all versions up to, and including, 3.16.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-01-26 | 8.8 | CVE-2024-11936 |
| n/a–n/a |
pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php. | 2025-01-21 | 9.8 | CVE-2023-27112 |
| n/a–n/a |
pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php. | 2025-01-21 | 9.8 | CVE-2023-27113 |
| n/a–n/a |
A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet. | 2025-01-21 | 9.8 | CVE-2024-24421 |
| n/a–n/a |
The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message. | 2025-01-21 | 9.8 | CVE-2024-42936 |
| n/a–n/a |
An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injection in the form to upload media. | 2025-01-23 | 9.1 | CVE-2024-53923 |
| n/a–n/a |
The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. | 2025-01-21 | 9.1 | CVE-2024-54794 |
| n/a–n/a |
An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics. | 2025-01-23 | 9.1 | CVE-2024-55573 |
| n/a–n/a |
Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. | 2025-01-21 | 9.1 | CVE-2024-55959 |
| n/a–n/a |
A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access. | 2025-01-23 | 9.8 | CVE-2024-57328 |
| n/a–n/a |
In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow. | 2025-01-24 | 8.1 | CVE-2024-50697 |
| n/a–n/a |
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status. | 2025-01-21 | 8 | CVE-2024-57536 |
| n/a–n/a |
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the field id_email_check_btn. | 2025-01-21 | 8.8 | CVE-2024-57542 |
| n/a–n/a |
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns | 2025-01-24 | 7.8 | CVE-2022-47090 |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state and crash, leading to denial of service. | 2025-01-22 | 7.3 | CVE-2023-37013 |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | 7.5 | CVE-2023-37014 |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service. | 2025-01-22 | 7.5 | CVE-2023-37022 |
| n/a–n/a |
A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an `Emergency Number List` Information Element. | 2025-01-21 | 7.5 | CVE-2023-37024 |
| n/a–n/a |
A reachable assertion in the decode_linked_ti_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | 2025-01-21 | 7.5 | CVE-2024-24420 |
| n/a–n/a |
A reachable assertion in the decode_access_point_name_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | 2025-01-21 | 7.5 | CVE-2024-24424 |
| n/a–n/a |
A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | 2025-01-22 | 7.5 | CVE-2024-24430 |
| n/a–n/a |
A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP message. | 2025-01-21 | 7.5 | CVE-2024-24442 |
| n/a–n/a |
A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface. | 2025-01-21 | 7.5 | CVE-2024-24451 |
| n/a–n/a |
A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path ProgramDataiTop VPNDownloadervpn6. | 2025-01-23 | 7.8 | CVE-2024-53588 |
| n/a–n/a |
In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems. | 2025-01-22 | 7.8 | CVE-2024-55957 |
| n/a–n/a |
A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts. | 2025-01-22 | 7.3 | CVE-2024-56924 |
| n/a–n/a |
https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: `nm –without-symbol-version` function. | 2025-01-21 | 7.7 | CVE-2024-57360 |
| n/a–n/a |
lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovg_surface_create. | 2025-01-23 | 7.5 | CVE-2024-57722 |
| n/a–Shiprocket Module |
A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-20 | 7.3 | CVE-2025-0579 |
| n/a–ThemeREX Addons |
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the ‘trx_sc_reviews’ shortcode ‘type’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. | 2025-01-25 | 8.8 | CVE-2025-0682 |
| Navnish Bhardwaj–WP Social Broadcast |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Navnish Bhardwaj WP Social Broadcast allows Reflected XSS. This issue affects WP Social Broadcast: from n/a through 1.0.0. | 2025-01-23 | 7.1 | CVE-2025-23545 |
| New Media One–GeoDigs |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in New Media One GeoDigs allows Reflected XSS. This issue affects GeoDigs: from n/a through 3.4.1. | 2025-01-23 | 7.1 | CVE-2025-23628 |
| NgocCode–WP Load Gallery |
Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server. This issue affects WP Load Gallery: from n/a through 2.1.6. | 2025-01-22 | 9.1 | CVE-2025-23942 |
| NLnet Labs–Routinator |
The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator. | 2025-01-22 | 7.5 | CVE-2025-0638 |
| NotFound–ARPrice |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3. | 2025-01-21 | 9.3 | CVE-2024-49655 |
| NotFound–ARPrice |
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3. | 2025-01-21 | 9.8 | CVE-2024-49688 |
| NotFound–ARPrice |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3. | 2025-01-21 | 8.5 | CVE-2024-49666 |
| NotFound–ARPrice |
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3. | 2025-01-21 | 8.8 | CVE-2024-49699 |
| NotFound–ARPrice |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound ARPrice allows Reflected XSS. This issue affects ARPrice: from n/a through 4.0.3. | 2025-01-21 | 7.1 | CVE-2024-49700 |
| NotFound–AZ Content Finder |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound AZ Content Finder allows Reflected XSS. This issue affects AZ Content Finder: from n/a through 0.1. | 2025-01-23 | 7.1 | CVE-2025-23727 |
| NotFound–Bauernregeln |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Bauernregeln allows Reflected XSS. This issue affects Bauernregeln: from n/a through 1.0.1. | 2025-01-24 | 7.1 | CVE-2025-23838 |
| NotFound–Bit.ly linker |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Bit.ly linker allows Reflected XSS. This issue affects Bit.ly linker: from n/a through 1.1. | 2025-01-22 | 7.1 | CVE-2025-23674 |
| NotFound–Blue Wrench Video Widget |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Blue Wrench Video Widget allows Reflected XSS. This issue affects Blue Wrench Video Widget: from n/a through 2.1.0. | 2025-01-22 | 7.1 | CVE-2025-23809 |
| NotFound–Brizy Pro |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1. | 2025-01-21 | 7.1 | CVE-2025-22763 |
| NotFound–Calendi |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Calendi allows Reflected XSS. This issue affects Calendi: from n/a through 1.1.1. | 2025-01-22 | 7.1 | CVE-2025-23606 |
| NotFound–Causes Donation Plugin |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Causes – Donation Plugin allows Reflected XSS. This issue affects Causes – Donation Plugin: from n/a through 1.0.01. | 2025-01-24 | 7.1 | CVE-2025-23621 |
| NotFound–CBX Accounting & Bookkeeping |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound CBX Accounting & Bookkeeping allows Reflected XSS. This issue affects CBX Accounting & Bookkeeping: from n/a through 1.3.14. | 2025-01-24 | 7.1 | CVE-2025-23622 |
| NotFound–CMC MIGRATE |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound CMC MIGRATE allows Reflected XSS. This issue affects CMC MIGRATE: from n/a through 0.0.3. | 2025-01-22 | 7.1 | CVE-2025-23746 |
| NotFound–Contact Form 7 Round Robin Lead Distribution |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Contact Form 7 Round Robin Lead Distribution allows SQL Injection. This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through 1.2.1. | 2025-01-22 | 7.6 | CVE-2025-23784 |
| NotFound–Contact Form 7 Round Robin Lead Distribution |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Contact Form 7 Round Robin Lead Distribution allows Reflected XSS. This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through 1.2.1. | 2025-01-22 | 7.1 | CVE-2025-23812 |
| NotFound–Content Mirror |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Content Mirror allows Reflected XSS. This issue affects Content Mirror: from n/a through 1.2. | 2025-01-22 | 7.1 | CVE-2025-23769 |
| NotFound–Content Planner |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Content Planner allows Reflected XSS. This issue affects Content Planner: from n/a through 1.0. | 2025-01-22 | 7.1 | CVE-2025-23631 |
| NotFound–ContentOptin Lite |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound ContentOptin Lite allows Reflected XSS. This issue affects ContentOptin Lite: from n/a through 1.1. | 2025-01-22 | 7.1 | CVE-2025-23589 |
| NotFound–CtyGrid Hyp3rL0cal Search |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound CtyGrid Hyp3rL0cal Search allows Reflected XSS. This issue affects CtyGrid Hyp3rL0cal Search: from n/a through 0.1.1.1. | 2025-01-22 | 7.1 | CVE-2025-23695 |
| NotFound–Custom CSS Addons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Custom CSS Addons allows Reflected XSS. This issue affects Custom CSS Addons: from n/a through 1.9.1. | 2025-01-22 | 7.1 | CVE-2025-23578 |
| NotFound–Custom Page Extensions |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Custom Page Extensions allows Reflected XSS. This issue affects Custom Page Extensions: from n/a through 0.6. | 2025-01-24 | 7.1 | CVE-2025-23888 |
| NotFound–Customizable Captcha and Contact Us |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Customizable Captcha and Contact Us allows Reflected XSS. This issue affects Customizable Captcha and Contact Us: from n/a through 1.0.2. | 2025-01-22 | 7.1 | CVE-2025-23503 |
| NotFound–Cyber Slider |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Cyber Slider allows Reflected XSS. This issue affects Cyber Slider: from n/a through 1.1. | 2025-01-22 | 7.1 | CVE-2025-23630 |
| NotFound–dForms |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound dForms allows Reflected XSS. This issue affects dForms: from n/a through 1.0. | 2025-01-22 | 7.1 | CVE-2025-23592 |
| NotFound–Easy Filtering |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Easy Filtering allows Reflected XSS. This issue affects Easy Filtering: from n/a through 2.5.0. | 2025-01-22 | 7.1 | CVE-2025-23732 |
| NotFound–Easy Real Estate |
Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6. | 2025-01-21 | 9.8 | CVE-2024-32555 |
| NotFound–EELV Newsletter |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound EELV Newsletter allows Reflected XSS. This issue affects EELV Newsletter: from n/a through 4.8.2. | 2025-01-22 | 7.1 | CVE-2025-23602 |
| NotFound–EU DSGVO Helper |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound EU DSGVO Helper allows Reflected XSS. This issue affects EU DSGVO Helper: from n/a through 1.0.6.1. | 2025-01-22 | 7.1 | CVE-2025-23866 |
| NotFound–Fancy Product Designer |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3. | 2025-01-21 | 9.3 | CVE-2024-51818 |
| NotFound–Fancy Product Designer |
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3. | 2025-01-21 | 9 | CVE-2024-51919 |
| NotFound–Fast Tube |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Fast Tube allows Reflected XSS. This issue affects Fast Tube: from n/a through 2.3.1. | 2025-01-22 | 7.1 | CVE-2025-23770 |
| NotFound–FLX Dashboard Groups |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound FLX Dashboard Groups allows Reflected XSS. This issue affects FLX Dashboard Groups: from n/a through 0.0.7. | 2025-01-23 | 7.1 | CVE-2025-23730 |
| NotFound–FooGallery Captions |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound FooGallery Captions allows Reflected XSS. This issue affects FooGallery Captions: from n/a through 1.0.2. | 2025-01-24 | 7.1 | CVE-2025-23889 |
| NotFound–FWD Slider |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound FWD Slider allows Reflected XSS. This issue affects FWD Slider: from n/a through 1.0. | 2025-01-22 | 7.1 | CVE-2025-23462 |
| NotFound–Gigaom Sphinx |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Gigaom Sphinx allows Reflected XSS. This issue affects Gigaom Sphinx: from n/a through 0.1. | 2025-01-24 | 7.1 | CVE-2025-23734 |
| NotFound–Group category creator |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Group category creator allows Reflected XSS. This issue affects Group category creator: from n/a through 1.3.0.3. | 2025-01-22 | 7.1 | CVE-2025-23603 |
| NotFound–Hero Mega Menu – Responsive WordPress Menu Plugin |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Hero Mega Menu – Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu – Responsive WordPress Menu Plugin: from n/a through 1.16.5. | 2025-01-21 | 8.5 | CVE-2024-49303 |
| NotFound–Hero Mega Menu – Responsive WordPress Menu Plugin |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Hero Mega Menu – Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu – Responsive WordPress Menu Plugin: from n/a through 1.16.5. | 2025-01-21 | 8.5 | CVE-2024-49333 |
| NotFound–Hero Mega Menu – Responsive WordPress Menu Plugin |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Hero Mega Menu – Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu – Responsive WordPress Menu Plugin: from n/a through 1.16.5. | 2025-01-21 | 7.1 | CVE-2024-49300 |
| NotFound–History timeline |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound History timeline allows Reflected XSS. This issue affects History timeline: from n/a through 0.7.2. | 2025-01-22 | 7.1 | CVE-2025-23475 |
| NotFound–Homey Login Register |
Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0. | 2025-01-21 | 9.8 | CVE-2024-51888 |
| NotFound–HyperComments |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound HyperComments allows Reflected XSS. This issue affects HyperComments: from n/a through 0.9.6. | 2025-01-22 | 7.1 | CVE-2025-23509 |
| NotFound–Image Gallery Box by CRUDLab |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in NotFound Image Gallery Box by CRUDLab allows PHP Local File Inclusion. This issue affects Image Gallery Box by CRUDLab: from n/a through 1.0.3. | 2025-01-22 | 7.5 | CVE-2025-23938 |
| NotFound–InFunding |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound InFunding allows Reflected XSS. This issue affects InFunding: from n/a through 1.0. | 2025-01-22 | 7.1 | CVE-2025-23768 |
| NotFound–Instant Appointment |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Instant Appointment allows Reflected XSS. This issue affects Instant Appointment: from n/a through 1.2. | 2025-01-22 | 7.1 | CVE-2025-23672 |
| NotFound–Jet Skinner for BuddyPress |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Jet Skinner for BuddyPress allows Reflected XSS. This issue affects Jet Skinner for BuddyPress: from n/a through 1.2.5. | 2025-01-22 | 7.1 | CVE-2025-23706 |
| NotFound–Legal + |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Legal + allows Reflected XSS. This issue affects Legal +: from n/a through 1.0. | 2025-01-23 | 7.1 | CVE-2025-23835 |
| NotFound–LH Email |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound LH Email allows Reflected XSS. This issue affects LH Email: from n/a through 1.12. | 2025-01-22 | 7.1 | CVE-2025-23676 |
| NotFound–Links/Problem Reporter |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Links/Problem Reporter allows Reflected XSS. This issue affects Links/Problem Reporter: from n/a through 2.6.0. | 2025-01-23 | 7.1 | CVE-2025-23834 |
| NotFound–LocalGrid |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound LocalGrid allows Reflected XSS. This issue affects LocalGrid: from n/a through 1.0.1. | 2025-01-22 | 7.1 | CVE-2025-23678 |
| NotFound–MACME |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound MACME allows Reflected XSS. This issue affects MACME: from n/a through 1.2. | 2025-01-22 | 7.1 | CVE-2025-23683 |
| NotFound–Mapbox for WP Advanced |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Mapbox for WP Advanced allows Reflected XSS. This issue affects Mapbox for WP Advanced: from n/a through 1.0.0. | 2025-01-22 | 7.1 | CVE-2025-22772 |
| NotFound–Menus Plus+ |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Menus Plus+ allows SQL Injection. This issue affects Menus Plus+: from n/a through 1.9.6. | 2025-01-22 | 8.5 | CVE-2025-23910 |
| NotFound–Mind3doM RyeBread Widgets |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Mind3doM RyeBread Widgets allows Reflected XSS. This issue affects Mind3doM RyeBread Widgets: from n/a through 1.0. | 2025-01-23 | 7.1 | CVE-2025-23722 |
| NotFound–MJ Contact us |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound MJ Contact us allows Reflected XSS. This issue affects MJ Contact us: from n/a through 5.2.3. | 2025-01-24 | 7.1 | CVE-2025-23885 |
| NotFound–Multi Uploader for Gravity Forms |
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Multi Uploader for Gravity Forms allows Upload a Web Shell to a Web Server. This issue affects Multi Uploader for Gravity Forms: from n/a through 1.1.3. | 2025-01-22 | 9 | CVE-2025-23921 |
| NotFound–Multiple Carousel |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Multiple Carousel allows SQL Injection. This issue affects Multiple Carousel: from n/a through 2.0. | 2025-01-21 | 9.3 | CVE-2025-22553 |
| NotFound–Muzaara Google Ads Report |
Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows Object Injection. This issue affects Muzaara Google Ads Report: from n/a through 3.1. | 2025-01-22 | 9.8 | CVE-2025-23914 |
| NotFound–Network-Favorites |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Network-Favorites allows Reflected XSS. This issue affects Network-Favorites: from n/a through 1.1. | 2025-01-24 | 7.1 | CVE-2025-23737 |
| NotFound–One Backend Language |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound One Backend Language allows Reflected XSS. This issue affects One Backend Language: from n/a through 1.0. | 2025-01-24 | 7.1 | CVE-2025-23837 |
| NotFound–Pootle button |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Pootle button allows Reflected XSS. This issue affects Pootle button: from n/a through 1.2.0. | 2025-01-22 | 7.1 | CVE-2025-23758 |
| NotFound–Preloader Quotes |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Preloader Quotes allows Reflected XSS. This issue affects Preloader Quotes: from n/a through 1.0.0. | 2025-01-22 | 7.1 | CVE-2025-23682 |
| NotFound–Private Messages for UserPro |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in NotFound Private Messages for UserPro. This issue affects Private Messages for UserPro: from n/a through 4.10.0. | 2025-01-21 | 7.5 | CVE-2025-22311 |
| NotFound–Private Messages for UserPro |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Private Messages for UserPro allows Reflected XSS. This issue affects Private Messages for UserPro: from n/a through 4.10.0. | 2025-01-21 | 7.1 | CVE-2025-22322 |
| NotFound–Quick Count |
Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection. This issue affects Quick Count: from n/a through 3.00. | 2025-01-22 | 9.8 | CVE-2025-23932 |
| NotFound–Quote me |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Quote me allows Reflected XSS. This issue affects Quote me: from n/a through 1.0. | 2025-01-24 | 7.1 | CVE-2025-23711 |
| NotFound–ReadMe Creator |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound ReadMe Creator allows Reflected XSS. This issue affects ReadMe Creator: from n/a through 1.0. | 2025-01-22 | 7.1 | CVE-2025-23643 |
| NotFound–Rezdy Reloaded |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Rezdy Reloaded allows Stored XSS. This issue affects Rezdy Reloaded: from n/a through 1.0.1. | 2025-01-22 | 7.1 | CVE-2025-23604 |
| NotFound–Simple shortcode buttons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Simple shortcode buttons allows Reflected XSS. This issue affects Simple shortcode buttons: from n/a through 1.3.2. | 2025-01-22 | 7.1 | CVE-2025-23449 |
| NotFound–Smallerik File Browser |
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Smallerik File Browser allows Upload a Web Shell to a Web Server. This issue affects Smallerik File Browser: from n/a through 1.1. | 2025-01-22 | 9.9 | CVE-2025-23918 |
| NotFound–Staging CDN |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Staging CDN allows Reflected XSS. This issue affects Staging CDN: from n/a through 1.0.0. | 2025-01-22 | 7.1 | CVE-2025-23696 |
| NotFound–Sticky Button |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Sticky Button allows Stored XSS. This issue affects Sticky Button: from n/a through 1.0. | 2025-01-24 | 7.1 | CVE-2025-23839 |
| NotFound–Store Locator |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in NotFound Store Locator allows PHP Local File Inclusion. This issue affects Store Locator: from n/a through 3.98.10. | 2025-01-24 | 7.5 | CVE-2025-23422 |
| NotFound–Tab My Content |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Tab My Content allows Reflected XSS. This issue affects Tab My Content: from n/a through 1.0.0. | 2025-01-22 | 7.1 | CVE-2025-23601 |
| NotFound–Translation.Pro |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Translation.Pro allows Reflected XSS. This issue affects Translation.Pro: from n/a through 1.0.0. | 2025-01-22 | 7.1 | CVE-2025-23498 |
| NotFound–Ultimate Events |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Ultimate Events allows Reflected XSS. This issue affects Ultimate Events: from n/a through 1.3.3. | 2025-01-22 | 7.1 | CVE-2025-23610 |
| NotFound–WH Cache & Security |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WH Cache & Security allows Reflected XSS. This issue affects WH Cache & Security: from n/a through 1.1.2. | 2025-01-22 | 7.1 | CVE-2025-23611 |
| NotFound–WM Options Import Export |
Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WM Options Import Export allows Retrieve Embedded Sensitive Data. This issue affects WM Options Import Export: from n/a through 1.0.1. | 2025-01-22 | 7.5 | CVE-2025-23781 |
| NotFound–WooCommerce Order Search |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WooCommerce Order Search allows Reflected XSS. This issue affects WooCommerce Order Search: from n/a through 1.1.0. | 2025-01-22 | 7.1 | CVE-2025-23495 |
| NotFound–WordPress File Search |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WordPress File Search allows Reflected XSS. This issue affects WordPress File Search: from n/a through 1.2. | 2025-01-22 | 7.1 | CVE-2025-23867 |
| NotFound–WordPress Local SEO |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound WordPress Local SEO allows Blind SQL Injection. This issue affects WordPress Local SEO: from n/a through 2.3. | 2025-01-22 | 9.3 | CVE-2025-23931 |
| NotFound–WP Block Pack |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP Block Pack allows Reflected XSS. This issue affects WP Block Pack: from n/a through 1.1.6. | 2025-01-22 | 7.1 | CVE-2025-23874 |
| NotFound–WP Download Codes |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP Download Codes allows Reflected XSS. This issue affects WP Download Codes: from n/a through 2.5.4. | 2025-01-22 | 7.1 | CVE-2025-23882 |
| NotFound–WP IMAP Auth |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP IMAP Auth allows Reflected XSS. This issue affects WP IMAP Auth: from n/a through 4.0.1. | 2025-01-22 | 7.1 | CVE-2025-23506 |
| NotFound–WP2APP |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP2APP allows Reflected XSS. This issue affects WP2APP: from n/a through 2.6.2. | 2025-01-22 | 7.1 | CVE-2025-23811 |
| NotFound–WPDB to Sql |
Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WPDB to Sql allows Retrieve Embedded Sensitive Data. This issue affects WPDB to Sql: from n/a through 1.2. | 2025-01-22 | 7.5 | CVE-2025-23774 |
| NotFound–Youtube Video Grid |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Youtube Video Grid allows Reflected XSS. This issue affects Youtube Video Grid: from n/a through 1.9. | 2025-01-23 | 7.1 | CVE-2025-23634 |
| Oleksandr Ustymenko–University Quizzes Online |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Oleksandr Ustymenko University Quizzes Online allows Reflected XSS. This issue affects University Quizzes Online: from n/a through 1.4. | 2025-01-23 | 7.1 | CVE-2025-23724 |
| OneIdentity–Identity Manager |
In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected. | 2025-01-24 | 9.9 | CVE-2024-56404 |
| open5gs — open5gs |
A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | 2025-01-21 | 7.5 | CVE-2024-24427 |
| open5gs — open5gs |
A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. | 2025-01-21 | 7.5 | CVE-2024-24428 |
| Optimal Access Inc.–KBucket |
Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access Inc. KBucket allows Stored XSS. This issue affects KBucket: from n/a through 4.1.6. | 2025-01-24 | 7.1 | CVE-2025-24562 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2025-01-21 | 9.8 | CVE-2025-21524 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 2025-01-21 | 8.8 | CVE-2025-21515 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2025-01-21 | 7.5 | CVE-2025-21510 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2025-01-21 | 7.5 | CVE-2025-21511 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 7.5 | CVE-2025-21521 |
| Oracle Corporation–Oracle Agile PLM Framework |
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. While the vulnerability is in Oracle Agile PLM Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM Framework. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | 2025-01-21 | 9.9 | CVE-2025-21556 |
| Oracle Corporation–Oracle Agile PLM Framework |
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM Framework. CVSS 3.1 Base Score 8.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). | 2025-01-21 | 8.1 | CVE-2025-21564 |
| Oracle Corporation–Oracle Agile PLM Framework |
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Install). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2025-01-21 | 7.5 | CVE-2025-21565 |
| Oracle Corporation–Oracle Analytics Desktop |
Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 2025-01-21 | 7.8 | CVE-2025-21532 |
| Oracle Corporation–Oracle Customer Care |
Vulnerability in the Oracle Customer Care product of Oracle E-Business Suite (component: Service Requests). Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Customer Care. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customer Care accessible data as well as unauthorized access to critical data or complete access to all Oracle Customer Care accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2025-01-21 | 8.1 | CVE-2025-21516 |
| Oracle Corporation–Oracle Hospitality OPERA 5 |
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and 5.6.27.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality OPERA 5. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). | 2025-01-21 | 9.1 | CVE-2025-21547 |
| Oracle Corporation–Oracle Project Foundation |
Vulnerability in the Oracle Project Foundation product of Oracle E-Business Suite (component: Technology Foundation). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Project Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle Project Foundation accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2025-01-21 | 8.1 | CVE-2025-21506 |
| Oracle Corporation–Oracle VM VirtualBox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L). | 2025-01-21 | 7.3 | CVE-2025-21571 |
| Oracle Corporation–Oracle WebLogic Server |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2025-01-21 | 9.8 | CVE-2025-21535 |
| Oracle Corporation–Oracle WebLogic Server |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 7.5 | CVE-2025-21549 |
| Oracle Corporation–PeopleSoft Enterprise PeopleTools |
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch). Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 7.5 | CVE-2025-21545 |
| otrok7–BMLT Meeting Map |
The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the ‘bmlt_meeting_map’ shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2025-01-23 | 7.5 | CVE-2024-13593 |
| P. Razvan–SexBundle |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in P. Razvan SexBundle allows Reflected XSS. This issue affects SexBundle: from n/a through 1.4. | 2025-01-21 | 7.1 | CVE-2025-23551 |
| Plestar Inc–Plestar Directory Listing |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Plestar Inc Plestar Directory Listing allows Reflected XSS. This issue affects Plestar Directory Listing: from n/a through 1.0. | 2025-01-23 | 7.1 | CVE-2025-23723 |
| PPO Vit Nam (ppo.vn)–PPO Call To Actions |
Cross-Site Request Forgery (CSRF) vulnerability in PPO Việt Nam (ppo.vn) PPO Call To Actions allows Cross Site Request Forgery. This issue affects PPO Call To Actions: from n/a through 0.1.3. | 2025-01-21 | 7.1 | CVE-2025-24001 |
| PQINA–Snippy |
Cross-Site Request Forgery (CSRF) vulnerability in PQINA Snippy allows Reflected XSS. This issue affects Snippy: from n/a through 1.4.1. | 2025-01-22 | 7.1 | CVE-2025-23803 |
| Qwerty23–Rocket Media Library Mime Type |
Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows Stored XSS. This issue affects Rocket Media Library Mime Type: from n/a through 2.1.0. | 2025-01-23 | 7.1 | CVE-2025-22768 |
| Rara Theme–UltraLight |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rara Theme UltraLight allows Reflected XSS. This issue affects UltraLight: from n/a through 1.2. | 2025-01-21 | 7.1 | CVE-2025-23998 |
| Realty Workstation–Realty Workstation |
Missing Authorization vulnerability in Realty Workstation Realty Workstation allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Realty Workstation: from n/a through 1.0.45. | 2025-01-21 | 8.2 | CVE-2025-23477 |
| Red Hat–Fast Datapath for RHEL 7 |
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network. | 2025-01-23 | 8.1 | CVE-2025-0650 |
| Red Hat–Red Hat Enterprise Linux 8 |
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using –jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host. | 2025-01-22 | 8.6 | CVE-2024-11218 |
| ReviewsTap–ReviewsTap |
Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsTap allows Stored XSS. This issue affects ReviewsTap: from n/a through 1.1.2. | 2025-01-24 | 7.1 | CVE-2025-24561 |
| Riosis Private Limited–Rio Photo Gallery |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Riosis Private Limited Rio Photo Gallery allows Reflected XSS. This issue affects Rio Photo Gallery: from n/a through 0.1. | 2025-01-22 | 7.1 | CVE-2025-23597 |
| Rise Group–Rise Mode Temp CPU |
A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. It has been classified as critical. This affects an unknown part in the library CRYPTBASE.dll of the component Startup. The manipulation leads to untrusted search path. The attack needs to be approached locally. | 2025-01-24 | 7.8 | CVE-2025-0707 |
| sayocode–SC Simple Zazzle |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sayocode SC Simple Zazzle allows Reflected XSS. This issue affects SC Simple Zazzle: from n/a through 1.1.6. | 2025-01-23 | 7.1 | CVE-2025-23733 |
| scriptsbundle — adforest |
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user’s identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by phone number. | 2025-01-22 | 9.8 | CVE-2024-12857 |
| SERPed–SERPed.net |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in SERPed SERPed.net allows SQL Injection. This issue affects SERPed.net: from n/a through 4.4. | 2025-01-24 | 8.5 | CVE-2025-24669 |
| silabs.com–Configuration Wizard 2 |
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | 2025-01-24 | 8.6 | CVE-2024-9491 |
| silabs.com–CP210 VCP Win 2k |
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | 2025-01-24 | 8.6 | CVE-2024-9494 |
| silabs.com–CP210x VCP Windows |
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | 2025-01-24 | 8.6 | CVE-2024-9495 |
| silabs.com–Flash Programming Utility |
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | 2025-01-24 | 8.6 | CVE-2024-9492 |
| silabs.com–Silicon Labs IDE (8-bit) |
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | 2025-01-24 | 8.6 | CVE-2024-9490 |
| silabs.com–ToolStick |
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | 2025-01-24 | 8.6 | CVE-2024-9493 |
| silabs.com–USBXpress 4 SDK |
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | 2025-01-24 | 8.6 | CVE-2024-9497 |
| silabs.com–USBXpress Dev Kit |
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | 2025-01-24 | 8.6 | CVE-2024-9496 |
| silabs.com–USBXpress SDK |
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | 2025-01-24 | 8.6 | CVE-2024-9498 |
| silabs.com–USBXpress Win 98SE Dev Kit |
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | 2025-01-24 | 8.6 | CVE-2024-9499 |
| skyverge–Custom Product Tabs Lite for WooCommerce |
The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the ‘frs_woo_product_tabs’ parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2025-01-25 | 7.2 | CVE-2024-12600 |
| Soft8Soft LLC–Verge3D |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.8.0. | 2025-01-21 | 7.1 | CVE-2025-22709 |
| SonicWall–SMA1000 |
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. | 2025-01-23 | 9.8 | CVE-2025-23006 |
| StoreApps–Smart Manager |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in StoreApps Smart Manager allows Blind SQL Injection. This issue affects Smart Manager: from n/a through 8.52.0. | 2025-01-21 | 7.6 | CVE-2025-22710 |
| Subhasis Laha–Gallerio |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Subhasis Laha Gallerio allows Reflected XSS. This issue affects Gallerio: from n/a through 1.0.1. | 2025-01-23 | 7.1 | CVE-2025-23629 |
| SubscriptionDNA.com–Subscription DNA |
Cross-Site Request Forgery (CSRF) vulnerability in SubscriptionDNA.com Subscription DNA allows Stored XSS. This issue affects Subscription DNA: from n/a through 2.1. | 2025-01-24 | 7.1 | CVE-2025-24555 |
| SuryaBhan–Custom Coming Soon |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SuryaBhan Custom Coming Soon allows Reflected XSS. This issue affects Custom Coming Soon: from n/a through 2.2. | 2025-01-23 | 7.1 | CVE-2025-23836 |
| Tarak Patel–WP Query Creator |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tarak Patel WP Query Creator allows Reflected XSS. This issue affects WP Query Creator: from n/a through 1.0. | 2025-01-23 | 7.1 | CVE-2025-22264 |
| Taskbuilder Team–Taskbuilder |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Taskbuilder Team Taskbuilder allows SQL Injection. This issue affects Taskbuilder: from n/a through 3.0.6. | 2025-01-21 | 8.5 | CVE-2025-22716 |
| TaskMeister–Accessibility Task Manager |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TaskMeister Accessibility Task Manager allows Reflected XSS. This issue affects Accessibility Task Manager: from n/a through 1.2.1. | 2025-01-23 | 7.1 | CVE-2025-23725 |
| Tatsuya Fukata, Alexander Ovsov–wp-flickr-press |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tatsuya Fukata, Alexander Ovsov wp-flickr-press allows Reflected XSS. This issue affects wp-flickr-press: from n/a through 2.6.4. | 2025-01-23 | 7.1 | CVE-2025-23894 |
| TaxoPress–WordPress Tag Cloud Plugin Tag Groups |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups allows Reflected XSS. This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.4. | 2025-01-21 | 7.1 | CVE-2025-22735 |
| Team118GROUP–Team 118GROUP Agent |
Missing Authorization vulnerability in Team118GROUP Team 118GROUP Agent allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team 118GROUP Agent: from n/a through 1.6.0. | 2025-01-22 | 7.5 | CVE-2025-23512 |
| TECNO–com.transsion.carlcare |
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk. | 2025-01-20 | 7.5 | CVE-2025-0590 |
| ThemeFarmer–Ultimate Subscribe |
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimate Subscribe allows Reflected XSS. This issue affects Ultimate Subscribe: from n/a through 1.3. | 2025-01-22 | 7.1 | CVE-2025-23806 |
| Themefic–Tourfic |
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3. | 2025-01-24 | 9.1 | CVE-2025-24650 |
| Thomas Maier–Image Source Control |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Thomas Maier Image Source Control allows Reflected XSS. This issue affects Image Source Control: from n/a through 2.29.0. | 2025-01-21 | 7.1 | CVE-2025-22711 |
| Tips and Tricks HQ, Ruhul Amin, Josh Lobe–Simple Download Monitor |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tips and Tricks HQ, Ruhul Amin, Josh Lobe Simple Download Monitor allows Blind SQL Injection. This issue affects Simple Download Monitor: from n/a through 3.9.25. | 2025-01-24 | 7.6 | CVE-2025-24663 |
| UkrSolution–Barcode Scanner with Inventory & Order Manager |
Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Upload a Web Shell to a Web Server. This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.7. | 2025-01-21 | 9.1 | CVE-2025-22723 |
| WebArea–Background animation blocks |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WebArea Background animation blocks allows PHP Local File Inclusion. This issue affects Background animation blocks: from n/a through 2.1.5. | 2025-01-22 | 8.1 | CVE-2025-23948 |
| WebDeal s.r.o.–Podlnkov inzerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebDeal s.r.o. PodÄlánková inzerce allows Reflected XSS. This issue affects PodÄlánková inzerce: from n/a through 2.4.0. | 2025-01-22 | 7.1 | CVE-2025-23697 |
| woobewoo–Product Table by WBW |
The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the ‘additionalCondition’ parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-23 | 7.5 | CVE-2024-13234 |
| WOOEXIM.COM–WOOEXIM |
Deserialization of Untrusted Data vulnerability in WOOEXIM.COM WOOEXIM allows Object Injection. This issue affects WOOEXIM: from n/a through 5.0.0. | 2025-01-22 | 8.8 | CVE-2025-23944 |
| WordPress Download Manager–Premium Packages |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WordPress Download Manager Premium Packages allows Blind SQL Injection. This issue affects Premium Packages: from n/a through 5.9.6. | 2025-01-24 | 7.6 | CVE-2025-24659 |
| wpbot — wpot |
The WPBot Pro WordPress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘qcld_wpcfb_file_upload’ function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin. | 2025-01-22 | 9.8 | CVE-2024-13091 |
| WPChill–RSVP and Event Management Plugin |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPChill RSVP and Event Management Plugin allows SQL Injection. This issue affects RSVP and Event Management Plugin: from n/a through 2.7.14. | 2025-01-24 | 7.6 | CVE-2025-24683 |
| WPHocus–My auctions allegro |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPHocus My auctions allegro allows Reflected XSS. This issue affects My auctions allegro: from n/a through 3.6.18. | 2025-01-21 | 7.1 | CVE-2025-22733 |
| wpwax–Post Grid, Slider & Carousel Ultimate with Shortcode, Gutenberg Block & Elementor Widget |
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the ‘theme’ attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included. | 2025-01-24 | 7.5 | CVE-2024-13408 |
| wpwax–Post Grid, Slider & Carousel Ultimate with Shortcode, Gutenberg Block & Elementor Widget |
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the ‘theme’ parameter of the post_type_ajax_handler() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2025-01-24 | 7.5 | CVE-2024-13409 |
| xmlsoft–libxml2 |
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. | 2025-01-26 | 8.1 | CVE-2022-49043 |
| Yannick Lefebvre–Bug Library |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Yannick Lefebvre Bug Library allows Blind SQL Injection. This issue affects Bug Library: from n/a through 2.1.4. | 2025-01-24 | 8.5 | CVE-2025-24728 |
| YesWiki–yeswiki |
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki’s pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn’t exist, the tag is reflected on the page and isn’t properly sanitized on the server side which allows a malicious user to generate a link that will trigger an XSS on the client’s side when clicked. This vulnerability allows any user to generate a malicious link that will trigger an account takeover when clicked, therefore allowing a user to steal other accounts, modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue. | 2025-01-21 | 7.6 | CVE-2025-24017 |
| YesWiki–yeswiki |
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the content edition feature and more specifically of the `{{attach}}` component allowing users to attach files/medias to a page. When a file is attached using the `{{attach}}` component, if the resource contained in the `file` attribute doesn’t exist, then the server will generate a file upload button containing the filename. This vulnerability allows any malicious authenticated user that has the right to create a comment or edit a page to be able to steal accounts and therefore modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue. | 2025-01-21 | 7.6 | CVE-2025-24018 |
| YesWiki–yeswiki |
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager (FPM) on the host without any limitation on the filesystem’s scope. This vulnerability allows any authenticated user to arbitrarily remove content from the Wiki resulting in partial loss of data and defacement/deterioration of the website. In the context of a container installation of YesWiki without any modification, the `yeswiki` files (for example .php) are not owned by the same user (root) as the one running the FPM process (www-data). However in a standard installation, www-data may also be the owner of the PHP files, allowing a malicious user to completely cut the access to the wiki by deleting all important PHP files (like index.php or core files of YesWiki). Version 4.5.0 contains a patch for this issue. | 2025-01-21 | 7.1 | CVE-2025-24019 |
| Yonatan Reinberg–yCyclista |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Yonatan Reinberg yCyclista allows Reflected XSS. This issue affects yCyclista: from n/a through 1.2.3. | 2025-01-22 | 7.1 | CVE-2025-23700 |
| zopefoundation–RestrictedPython |
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except*` clauses. No known workarounds are available. | 2025-01-23 | 7.9 | CVE-2025-22153 |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 8blocks–1003 Mortgage Application |
The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2025-01-21 | 5.3 | CVE-2024-13536 |
| add-ons.org–PDF Invoices for WooCommerce + Drag and Drop Template Builder |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template Builder allows Stored XSS. This issue affects PDF Invoices for WooCommerce + Drag and Drop Template Builder: from n/a through 4.6.0. | 2025-01-24 | 6.5 | CVE-2025-24755 |
| AddonMaster–Post Grid Master |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in AddonMaster Post Grid Master allows PHP Local File Inclusion. This issue affects Post Grid Master: from n/a through 3.4.12. | 2025-01-24 | 6.5 | CVE-2025-24733 |
| Admiral–Ad Blocking Detector |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Admiral Ad Blocking Detector allows Stored XSS. This issue affects Ad Blocking Detector: from n/a through 3.6.0. | 2025-01-21 | 6.5 | CVE-2025-22732 |
| aEnrich Technology–a+HRD |
The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user’s browser through phishing attacks. | 2025-01-20 | 6.1 | CVE-2025-0583 |
| aEnrich Technology–a+HRD |
The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network. | 2025-01-20 | 5.3 | CVE-2025-0584 |
| aipower — aipower |
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload image files and embed shortcode attributes in the image_alt value that will execute when sending a POST request to the attachment page. | 2025-01-22 | 6.3 | CVE-2024-13361 |
| aipower — aipower |
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2025-01-22 | 5.4 | CVE-2024-13360 |
| Aleksandar Uroevi–Easy YouTube Gallery |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aleksandar UroÅ¡ević Easy YouTube Gallery allows Stored XSS. This issue affects Easy YouTube Gallery: from n/a through 1.0.4. | 2025-01-24 | 6.5 | CVE-2025-24721 |
| alexmoss–FireCask Like & Share Button |
The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-21 | 6.4 | CVE-2024-11226 |
| anyroad.com–AnyRoad |
Cross-Site Request Forgery (CSRF) vulnerability in anyroad.com AnyRoad allows Cross Site Request Forgery. This issue affects AnyRoad: from n/a through 1.3.2. | 2025-01-21 | 4.3 | CVE-2025-23996 |
| Apache Software Foundation–Apache CXF |
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients). | 2025-01-21 | 5.9 | CVE-2025-23184 |
| Apache Software Foundation–Apache Ranger |
Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. | 2025-01-21 | 4.8 | CVE-2024-45478 |
| Arshid–WooCommerce Quick View |
Missing Authorization vulnerability in Arshid WooCommerce Quick View allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Quick View: from n/a through 1.1.1. | 2025-01-24 | 5.3 | CVE-2025-24705 |
| arunbasillal–Ask Me Anything (Anonymously) |
The Ask Me Anything (Anonymously) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘askmeanythingpeople’ shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2024-12512 |
| Astoundify–Jobify – Job Board WordPress Theme |
The Jobify – Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the ‘download_image_via_ai’ and ‘generate_image_via_ai’ functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application to upload files in an image format, and to generate AI images using the site’s OpenAI key. | 2025-01-24 | 6.5 | CVE-2024-13698 |
| AWS–AWS Sign-in IAM Login Flow |
Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account. | 2025-01-23 | 5.3 | CVE-2025-0693 |
| ayecode — ketchup_shortcodes |
The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘spacer’ shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-22 | 6.4 | CVE-2024-13590 |
| AyeCode Ltd–Ketchup Shortcodes |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AyeCode Ltd Ketchup Shortcodes allows Stored XSS. This issue affects Ketchup Shortcodes: from n/a through 0.1.2. | 2025-01-24 | 6.5 | CVE-2025-24673 |
| AYS Pro Plugins–Quiz Maker Developer |
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-26 | 6.1 | CVE-2024-10636 |
| ays-pro–Survey Maker |
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-26 | 5.5 | CVE-2024-13505 |
| badhonrocks–Carousel Maker for Divi |
The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2025-0350 |
| bdthemes–Prime Slider Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) |
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social_link_title’ parameter of the ‘blog’ widget in all versions up to, and including, 3.16.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-23 | 6.4 | CVE-2024-12043 |
| Booking & Appointment – Repute Infosystems–BookingPress |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Booking & Appointment – Repute Infosystems BookingPress allows DOM-Based XSS. This issue affects BookingPress: from n/a through 1.1.25. | 2025-01-24 | 6.5 | CVE-2025-24732 |
| bPlugins–All Embed Elementor Addons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins All Embed – Elementor Addons allows Stored XSS. This issue affects All Embed – Elementor Addons: from n/a through 1.1.3. | 2025-01-24 | 6.5 | CVE-2025-24595 |
| Brainstorm Force–Starter Templates |
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates allows Cross Site Request Forgery. This issue affects Starter Templates: from n/a through 4.4.9. | 2025-01-24 | 4.3 | CVE-2025-24568 |
| Brave–Desktop Browser |
On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site’s origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect. | 2025-01-21 | 6.1 | CVE-2025-23086 |
| broadstreetads–Broadstreet |
The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘zone’ parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2024-11825 |
| brodosnet–brodos.net Onlineshop Plugin |
The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘BrodosCategory’ shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2024-12529 |
| Bruce Wampler–Weaver Themes Shortcode Compatibility |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bruce Wampler Weaver Themes Shortcode Compatibility allows Stored XSS. This issue affects Weaver Themes Shortcode Compatibility: from n/a through 1.0.4. | 2025-01-21 | 6.5 | CVE-2025-22267 |
| buddydev–Activity Plus Reloaded for BuddyPress |
The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the ‘ajax_preview_link’ function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2025-01-24 | 5.4 | CVE-2024-11913 |
| Christian Leuenberg, L.net Web Solutions–Restrict Anonymous Access |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Christian Leuenberg, L.net Web Solutions Restrict Anonymous Access allows Stored XSS. This issue affects Restrict Anonymous Access: from n/a through 1.2. | 2025-01-24 | 6.5 | CVE-2025-24610 |
| cilium–cilium |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default `Access-Control-Allow-Origin` header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who deploy Hubble UI using either Cilium CLI or via the Cilium Helm chart. A user with access to a Hubble UI instance affected by this issue could leak configuration details about the Kubernetes cluster which Hubble UI is monitoring, including node names, IP addresses, and other metadata about workloads and the cluster networking configuration. In order for this vulnerability to be exploited, a victim would have to first visit a malicious page. This issue is fixed in Cilium v1.14.18, v1.15.12, and v1.16.5. As a workaround, users who deploy Hubble UI using the Cilium Helm chart directly can remove the CORS headers from the Helm template as shown in the patch from commit a3489f190ba6e87b5336ee685fb6c80b1270d06d. | 2025-01-22 | 6.5 | CVE-2025-23047 |
| cilium–cilium |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an attacker can crash Cilium agents by sending a crafted DNS response to workloads from outside the cluster. For traffic that is allowed but without using DNS-based policy, the dataplane will continue to pass traffic as configured at the time of the DoS. For workloads that have DNS-based policy configured, existing connections may continue to operate, and new connections made without relying on DNS resolution may continue to be established, but new connections which rely on DNS resolution may be disrupted. Any configuration changes that affect the impacted agent may not be applied until the agent is able to restart. This issue is fixed in Cilium v1.14.18, v1.15.12, and v1.16.5. No known workarounds are available. | 2025-01-22 | 5.3 | CVE-2025-23028 |
| Cisco–Cisco Secure Endpoint |
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2025-01-22 | 5.3 | CVE-2025-20128 |
| cliptakes–Cliptakes |
The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘cliptakes_input_email’ shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-23 | 6.4 | CVE-2024-13389 |
| Code for Recovery–12 Step Meeting List |
Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 12 Step Meeting List: from n/a through 3.16.5. | 2025-01-24 | 6.5 | CVE-2025-24580 |
| Code for Recovery–12 Step Meeting List |
Insertion of Sensitive Information Into Sent Data vulnerability in Code for Recovery 12 Step Meeting List allows Retrieve Embedded Sensitive Data. This issue affects 12 Step Meeting List: from n/a through 3.16.5. | 2025-01-24 | 5.3 | CVE-2025-24582 |
| codeigniter4–CodeIgniter4 |
CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed requests might lead to a DoS scenario if a remote service’s web application firewall interprets them as malicious and blocks further communication with the application. This vulnerability is fixed in 4.5.8. | 2025-01-20 | 5.3 | CVE-2025-24013 |
| CodePeople–Booking Calendar Contact Form |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodePeople Booking Calendar Contact Form allows Stored XSS. This issue affects Booking Calendar Contact Form: from n/a through 1.2.55. | 2025-01-24 | 5.9 | CVE-2025-24723 |
| CodePeople–Contact Form Email |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodePeople Contact Form Email allows Stored XSS. This issue affects Contact Form Email: from n/a through 1.3.52. | 2025-01-24 | 5.9 | CVE-2025-24727 |
| codepeople–Form Builder CP |
The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter of the ‘CP_EASY_FORM_WILL_APPEAR_HERE’ shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-24 | 6.5 | CVE-2024-13680 |
| codexpert–WC Affiliate A Complete WooCommerce Affiliate Plugin |
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-26 | 6.1 | CVE-2024-12334 |
| compose-spec–compose-go |
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included | 2025-01-23 | 5.9 | CVE-2024-10846 |
| coollabsio–coolify |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID, resulting in a Denial-of-Service attack (DOS). Version 4.0.0-beta.361 fixes the issue. | 2025-01-24 | 6.5 | CVE-2025-22608 |
| coollabsio–coolify |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to cross-site scripting. Version 4.0.0-beta.380 fixes the issue. | 2025-01-24 | 6.1 | CVE-2025-24025 |
| coreymcollins–Etsy Importer |
The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘product_link’ shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2024-12817 |
| Crocoblock–JetElements |
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-21 | 6.4 | CVE-2025-0371 |
| cyberchimps–Responsive Addons for Elementor Free Elementor Addons Plugin and Elementor Templates |
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-24 | 6.4 | CVE-2024-13354 |
| dahlia–fedify |
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover, this issue can also be maneuvered into performing a Blind SSRF attack. This vulnerability is fixed in 1.0.14, 1.1.11, 1.2.11, and 1.3.4. | 2025-01-20 | 5.4 | CVE-2025-23221 |
| datafeedr.com–WooCommerce Cloak Affiliate Links |
Cross-Site Request Forgery (CSRF) vulnerability in datafeedr.com WooCommerce Cloak Affiliate Links allows Cross Site Request Forgery. This issue affects WooCommerce Cloak Affiliate Links: from n/a through 1.0.35. | 2025-01-24 | 5.4 | CVE-2025-24647 |
| David de Boer–Paytium |
Generation of Error Message Containing Sensitive Information vulnerability in David de Boer Paytium allows Retrieve Embedded Sensitive Data. This issue affects Paytium: from n/a through 4.4.11. | 2025-01-24 | 5.3 | CVE-2025-24552 |
| [email protected]–Tamara Checkout |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in [email protected] Tamara Checkout allows Stored XSS. This issue affects Tamara Checkout: from n/a through 1.9.8. | 2025-01-21 | 6.5 | CVE-2025-23997 |
| directus–directus |
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instances that are impacted are those that use the share feature and have specific roles hierarchy and fields that are not visible for certain roles. Version 11.2.0 contains a patch the issue. | 2025-01-23 | 5 | CVE-2025-24353 |
| DLX Plugins–Comment Edit Core Simple Comment Editing |
Server-Side Request Forgery (SSRF) vulnerability in DLX Plugins Comment Edit Core – Simple Comment Editing allows Server Side Request Forgery. This issue affects Comment Edit Core – Simple Comment Editing: from n/a through 3.0.33. | 2025-01-24 | 4.4 | CVE-2025-24703 |
| dotrex–Power Ups for Elementor |
The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘magic-button’ shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2024-13548 |
| ECOVACS–ECOVACS HOME |
The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed. | 2025-01-23 | 6.5 | CVE-2024-52327 |
| ECOVACS–Unspecified robots |
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key. | 2025-01-23 | 6.3 | CVE-2024-12078 |
| Elastic–Elastic Defend |
Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend to crash which in turn will prevent it from quarantining the file and/or killing the process. | 2025-01-21 | 5.5 | CVE-2024-37284 |
| Elastic–Elasticsearch |
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function. | 2025-01-21 | 6.5 | CVE-2024-43709 |
| Elastic–Kibana |
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana. | 2025-01-23 | 6.5 | CVE-2024-43708 |
| Elastic–Kibana |
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana. | 2025-01-23 | 6.5 | CVE-2024-52972 |
| Elastic–Kibana |
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana. | 2025-01-21 | 6.5 | CVE-2024-52973 |
| Elastic–Kibana |
A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that return JSON could be accessed. This can be carried out by users with read access to Fleet. | 2025-01-23 | 4.3 | CVE-2024-43710 |
| ElementInvader–ElementInvader Addons for Elementor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ElementInvader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.0. | 2025-01-24 | 6.5 | CVE-2025-24578 |
| ElementInvader–ElementInvader Addons for Elementor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3. | 2025-01-24 | 6.5 | CVE-2025-24729 |
| ElementInvader–ElementInvader Addons for Elementor |
Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1. | 2025-01-24 | 4.3 | CVE-2025-24618 |
| Enguerran Weiss–Related Post Shortcode |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Enguerran Weiss Related Post Shortcode allows Stored XSS. This issue affects Related Post Shortcode: from n/a through 1.2. | 2025-01-21 | 5.9 | CVE-2025-22276 |
| Epsiloncool–WP Fast Total Search |
Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.78.258. | 2025-01-24 | 6.5 | CVE-2025-24572 |
| Epsiloncool–WP Fast Total Search |
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.78.258. | 2025-01-24 | 5.4 | CVE-2025-24571 |
| Eugen Bobrowski–Debug Tool |
Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2. | 2025-01-22 | 4.3 | CVE-2025-23684 |
| ExactMetrics–ExactMetrics |
Missing Authorization vulnerability in ExactMetrics ExactMetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ExactMetrics: from n/a through 8.1.0. | 2025-01-24 | 5.4 | CVE-2025-24750 |
| F.A.Q Builder Team–FAQ Builder AYS |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in F.A.Q Builder Team FAQ Builder AYS allows Stored XSS. This issue affects FAQ Builder AYS: from n/a through 1.7.3. | 2025-01-24 | 5.9 | CVE-2025-24722 |
| Farhan Noor–ApplyOnline Application Form Builder and Manager |
Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.6.7.1. | 2025-01-21 | 4.3 | CVE-2025-22721 |
| flexmls–Flexmls IDX Plugin |
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and ‘api_secret’ parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 3.14.25. | 2025-01-25 | 6.4 | CVE-2024-10552 |
| FluentSMTP & WPManageNinja Team–FluentSMTP |
Cross-Site Request Forgery (CSRF) vulnerability in FluentSMTP & WPManageNinja Team FluentSMTP allows Cross Site Request Forgery. This issue affects FluentSMTP: from n/a through 2.2.80. | 2025-01-24 | 4.3 | CVE-2025-24739 |
| Foliovision–FV Thoughtful Comments |
Missing Authorization vulnerability in Foliovision FV Thoughtful Comments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FV Thoughtful Comments: from n/a through 0.3.5. | 2025-01-24 | 4.3 | CVE-2025-24613 |
| Fortinet–FortiTester |
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver | 2025-01-22 | 4.7 | CVE-2022-23439 |
| G5Theme–Essential Real Estate |
Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross Site Request Forgery. This issue affects Essential Real Estate: from n/a through 5.1.8. | 2025-01-24 | 4.3 | CVE-2025-24698 |
| Gagan Sandhu , Enej Bajgoric , CTLT DEV, UBC–People Lists |
Missing Authorization vulnerability in Gagan Sandhu , Enej Bajgoric , CTLT DEV, UBC People Lists allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects People Lists: from n/a through 1.3.10. | 2025-01-24 | 4.3 | CVE-2025-24691 |
| gambit — stackable |
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter of the Button block in all versions up to, and including, 3.13.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-22 | 6.4 | CVE-2024-12117 |
| GitLab–GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint. | 2025-01-24 | 6.4 | CVE-2024-11931 |
| GitoxideLabs–gitoxide |
gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some situations. This vulnerability is fixed in 0.17.0. | 2025-01-20 | 5 | CVE-2025-22620 |
| GoDaddy–CoBlocks |
Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoBlocks: from n/a through 3.1.13. | 2025-01-24 | 4.3 | CVE-2025-24751 |
| Google–Android |
In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 6.5 | CVE-2024-43763 |
| Google–Android |
In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 5.5 | CVE-2023-40108 |
| Google–Android |
In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-21 | 5.5 | CVE-2024-49733 |
| HasThemes–Extensions For CF7 |
Server-Side Request Forgery (SSRF) vulnerability in HasThemes Extensions For CF7 allows Server Side Request Forgery. This issue affects Extensions For CF7: from n/a through 3.2.0. | 2025-01-24 | 4.4 | CVE-2025-24695 |
| HCL Software–BigFix Patch Management Download Plug-ins |
BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks. | 2025-01-23 | 5.3 | CVE-2024-42187 |
| HelloAsso–HelloAsso |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HelloAsso HelloAsso allows Stored XSS. This issue affects HelloAsso: from n/a through 1.1.11. | 2025-01-24 | 6.5 | CVE-2025-24575 |
| hk1993–WP Contact Form7 Email Spam Blocker |
The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-25 | 6.1 | CVE-2024-13467 |
| HL7–fhir-ig-publisher |
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username and credential. This does not impact users that clone public repos without credentials, such as those using the auto-ig-build continuous integration infrastructure. This problem has been patched in release 1.8.9. Some workarounds are available. Users should ensure the IG repo they are publishing does not have username or credentials included in the `origin` URL. Running the command `git remote origin url` should return a URL that contains no username, password, or token; or users should run the IG Publisher CLI with the `-repo` parameter and specify a URL that contains no username, password, or token. | 2025-01-24 | 4.2 | CVE-2025-24363 |
| HT Plugins–HT Conctact Form 7 |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HT Plugins HT Conctact Form 7 allows Stored XSS. This issue affects HT Conctact Form 7: from n/a through 1.2.1. | 2025-01-24 | 6.5 | CVE-2025-24726 |
| IBM–Analytics Content Hub |
IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-01-25 | 5.3 | CVE-2024-35134 |
| IBM–Automation Decision Services |
IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system. | 2025-01-26 | 6.2 | CVE-2024-31906 |
| IBM–Cloud Pak System |
IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. | 2025-01-25 | 5.3 | CVE-2023-38012 |
| IBM–Cloud Pak System |
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system. | 2025-01-25 | 5.3 | CVE-2023-38013 |
| IBM–Cloud Pak System |
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1Â could disclose sensitive information about the system that could aid in further attacks against the system. | 2025-01-25 | 5.3 | CVE-2023-38713 |
| IBM–Cloud Pak System |
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1Â could disclose sensitive information about the system that could aid in further attacks against the system. | 2025-01-25 | 5.3 | CVE-2023-38714 |
| IBM–Cloud Pak System |
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system. | 2025-01-25 | 5.3 | CVE-2023-38716 |
| IBM–Cloud Pak System |
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1Â could allow an authenticated user to obtain sensitive information from log files. | 2025-01-25 | 4.3 | CVE-2023-38271 |
| IBM–Cognos Analytics Mobile |
IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. | 2025-01-26 | 4.2 | CVE-2023-38009 |
| IBM–Common Licensing |
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. | 2025-01-26 | 6.2 | CVE-2023-50945 |
| IBM–Common Licensing |
IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. | 2025-01-26 | 6.5 | CVE-2023-50946 |
| IBM–Concert Software |
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | 2025-01-24 | 5.9 | CVE-2024-41757 |
| IBM–Control Center |
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-01-25 | 5.4 | CVE-2024-35112 |
| IBM–Control Center |
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. | 2025-01-25 | 5.3 | CVE-2024-35114 |
| IBM–Control Center |
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-01-25 | 4.3 | CVE-2024-35111 |
| IBM–Control Center |
IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. | 2025-01-25 | 4.3 | CVE-2024-35113 |
| IBM–InfoSphere Information Server |
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system. | 2025-01-24 | 5.3 | CVE-2024-40706 |
| IBM–Maximo Application Suite |
IBM Maximo Application Suite 9.0.0 – Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-25 | 6.1 | CVE-2024-35145 |
| IBM–Maximo Application Suite |
IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 – Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | 2025-01-25 | 6.3 | CVE-2024-35148 |
| IBM–Maximo Application Suite |
IBM Maximo Application Suite 8.10, 8.11, and 9.0 – Monitor Component stores source code on the web server that could aid in further attacks against the system. | 2025-01-25 | 5.3 | CVE-2024-35144 |
| IBM–Maximo Application Suite |
IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 – Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. | 2025-01-25 | 5.3 | CVE-2024-35150 |
| IBM–Maximo Asset Management |
IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system. | 2025-01-24 | 6.5 | CVE-2024-45077 |
| IBM–Robotic Process Automation for Cloud Pak |
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-22 | 4.4 | CVE-2024-51457 |
| IBM–Security Verify Access |
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password. | 2025-01-20 | 5.6 | CVE-2024-45647 |
| IBM–Security Verify Bridge |
IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service. | 2025-01-23 | 6 | CVE-2024-45672 |
| IBM–Sterling B2B Integrator Standard Edition |
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0Â is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-23 | 6.4 | CVE-2023-50309 |
| IBM–Sterling B2B Integrator Standard Edition |
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-23 | 4.6 | CVE-2023-32340 |
| IBM–Tivoli Application Dependency Discovery Manager |
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-23 | 6.4 | CVE-2025-23227 |
| IBM–UrbanCode Deploy |
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. | 2025-01-21 | 6.2 | CVE-2024-45091 |
| IBM–UrbanCode Velocity |
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 2025-01-20 | 5.9 | CVE-2024-22347 |
| IBM–UrbanCode Velocity |
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | 2025-01-20 | 5.3 | CVE-2024-22348 |
| IBM–UrbanCode Velocity |
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system. | 2025-01-20 | 4 | CVE-2024-22349 |
| ibsofts–Boom Fest |
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘bf_admin_action’ function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings that change the appearance of the website. | 2025-01-25 | 5.3 | CVE-2024-13449 |
| icegram–Icegram |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in icegram Icegram allows Stored XSS. This issue affects Icegram: from n/a through 3.1.31. | 2025-01-24 | 6.5 | CVE-2025-24542 |
| icopydoc — xml_for_google_merchant_center |
The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘feed_id’ parameter in all versions up to, and including, 3.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-22 | 6.1 | CVE-2024-13406 |
| imdr–Masy Gallery |
The Masy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘justified-gallery’ shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2024-13586 |
| IP2Location–Download IP2Location Country Blocker |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in IP2Location Download IP2Location Country Blocker allows Stored XSS. This issue affects Download IP2Location Country Blocker: from n/a through 2.38.3. | 2025-01-24 | 5.9 | CVE-2025-24731 |
| Itechscripts–School Management Software |
A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-26 | 6.3 | CVE-2017-20196 |
| itsourcecode–Farm Management System |
A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigphoto leads to unrestricted upload. The attack can be initiated remotely. | 2025-01-20 | 4.7 | CVE-2025-0582 |
| jackdewey–Bilingual Linker |
The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2024-13441 |
| jackdewey–Link Library |
The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘searchll’ parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-21 | 6.1 | CVE-2024-13404 |
| Jenkins Project–Jenkins Azure Service Fabric Plugin |
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs obtained through another method. | 2025-01-22 | 4.3 | CVE-2025-24402 |
| Jenkins Project–Jenkins Azure Service Fabric Plugin |
A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins. | 2025-01-22 | 4.3 | CVE-2025-24403 |
| Jenkins Project–Jenkins Eiffel Broadcaster Plugin |
Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with the legitimate credentials. | 2025-01-22 | 4.3 | CVE-2025-24400 |
| Jenkins Project–Jenkins Folder-based Authorization Strategy Plugin |
Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they’re no longer entitled to. | 2025-01-22 | 6.8 | CVE-2025-24401 |
| Jenkins Project–Jenkins GitLab Plugin |
An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credential IDs of GitLab API token and Secret text credentials stored in Jenkins. | 2025-01-22 | 4.3 | CVE-2025-24397 |
| JetBrains–Hub |
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping | 2025-01-21 | 6.7 | CVE-2025-24456 |
| JetBrains–TeamCity |
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint | 2025-01-21 | 6.5 | CVE-2025-24461 |
| JetBrains–TeamCity |
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page | 2025-01-21 | 4.6 | CVE-2025-24459 |
| JetBrains–TeamCity |
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool | 2025-01-21 | 4.3 | CVE-2025-24460 |
| JetBrains–YouTrack |
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs | 2025-01-21 | 5.5 | CVE-2025-24457 |
| jitendra742744–Simple Gallery with Filter |
The Simple Gallery with Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘c2tw_sgwf’ shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-24 | 6.4 | CVE-2024-13583 |
| Joe Hawes–Auction Nudge Your eBay on Your Site |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Joe Hawes Auction Nudge – Your eBay on Your Site allows Stored XSS. This issue affects Auction Nudge – Your eBay on Your Site: from n/a through 7.2.0. | 2025-01-24 | 5.9 | CVE-2025-24658 |
| JoeyBling–bootplus |
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been classified as critical. Affected is an unknown function of the file /admin/sys/menu/list. The manipulation of the argument sort/order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | 2025-01-24 | 6.3 | CVE-2025-0698 |
| JoeyBling–bootplus |
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sys/role/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | 2025-01-24 | 6.3 | CVE-2025-0699 |
| JoeyBling–bootplus |
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/sys/log/list. The manipulation of the argument logId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | 2025-01-24 | 6.3 | CVE-2025-0700 |
| JoeyBling–bootplus |
A vulnerability classified as critical has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This affects an unknown part of the file /admin/sys/user/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | 2025-01-24 | 6.3 | CVE-2025-0701 |
| JoeyBling–bootplus |
A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | 2025-01-24 | 6.3 | CVE-2025-0702 |
| JoeyBling–bootplus |
A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Affected is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument w/h leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | 2025-01-24 | 5.3 | CVE-2025-0704 |
| JoeyBling–bootplus |
A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | 2025-01-24 | 4.3 | CVE-2025-0703 |
| JoeyBling–bootplus |
A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this vulnerability is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument text leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | 2025-01-24 | 4.3 | CVE-2025-0705 |
| JS Morisset–JSM Show Post Metadata |
Missing Authorization vulnerability in JS Morisset JSM Show Post Metadata allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JSM Show Post Metadata: from n/a through 4.6.0. | 2025-01-24 | 4.3 | CVE-2025-24589 |
| Kadence WP–Gutenberg Blocks by Kadence Blocks |
Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.3.1. | 2025-01-24 | 4.3 | CVE-2025-24753 |
| Kiboko Labs–Chained Quiz |
Server-Side Request Forgery (SSRF) vulnerability in Kiboko Labs Chained Quiz allows Server Side Request Forgery. This issue affects Chained Quiz: from n/a through 1.3.2.9. | 2025-01-24 | 4.4 | CVE-2025-24701 |
| Kyle Phillips–Nested Pages |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kyle Phillips Nested Pages allows Stored XSS. This issue affects Nested Pages: from n/a through 3.2.9. | 2025-01-24 | 5.9 | CVE-2025-24579 |
| Lars Wallenborn–Show/Hide Shortcode |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lars Wallenborn Show/Hide Shortcode allows Stored XSS. This issue affects Show/Hide Shortcode: from n/a through 1.0.0. | 2025-01-24 | 6.5 | CVE-2025-24687 |
| Leetoo–Toocheke Companion |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leetoo Toocheke Companion allows Stored XSS. This issue affects Toocheke Companion: from n/a through 1.166. | 2025-01-22 | 5.9 | CVE-2025-23992 |
| leogermani–Tainacan |
The Tainacan plugin for WordPress is vulnerable to SQL Injection via the ‘collection_id’ parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-23 | 6.5 | CVE-2024-13236 |
| linearoy–Linear |
The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the ‘linear-debug’. This makes it possible for unauthenticated attackers to reset the plugin’s cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-25 | 4.3 | CVE-2024-13709 |
| Linnea Huxford, LinSoftware–Blur Text |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Linnea Huxford, LinSoftware Blur Text allows Stored XSS. This issue affects Blur Text: from n/a through 1.0.0. | 2025-01-24 | 6.5 | CVE-2025-24627 |
| linux — linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one may set net.sctp.max_autoclose to UINT_MAX. There is code in sctp_association_init() that can consequently trigger overflow. | 2025-01-21 | 5.5 | CVE-2024-57938 |
| linux — linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, ‘dentry’ will not be incremented, causing condition ‘dentry < max_dentries’ unable to prevent an infinite loop. This infinite loop causes s_lock not to be released, and other tasks will hang, such as exfat_sync_fs(). This commit stops traversing the cluster chain when there is unused directory entry in the cluster to avoid this infinite loop. | 2025-01-21 | 5.5 | CVE-2024-57940 |
| linux — linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1298: Add NULL check in ads1298_init devm_kasprintf() can return a NULL pointer on failure. A check on the return value of such a call in ads1298_init() is missing. Add it. | 2025-01-21 | 5.5 | CVE-2024-57944 |
| linux — linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid extent tree [BUG] Syzbot reported a crash with the following call trace: BTRFS info (device loop0): scrub: started on devid 1 BUG: kernel NULL pointer dereference, address: 0000000000000208 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) – not-present page PGD 106e70067 P4D 106e70067 PUD 107143067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 UID: 0 PID: 689 Comm: repro Kdump: loaded Tainted: G O 6.13.0-rc4-custom+ #206 Tainted: [O]=OOT_MODULE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022 RIP: 0010:find_first_extent_item+0x26/0x1f0 [btrfs] Call Trace: <TASK> scrub_find_fill_first_stripe+0x13d/0x3b0 [btrfs] scrub_simple_mirror+0x175/0x260 [btrfs] scrub_stripe+0x5d4/0x6c0 [btrfs] scrub_chunk+0xbb/0x170 [btrfs] scrub_enumerate_chunks+0x2f4/0x5f0 [btrfs] btrfs_scrub_dev+0x240/0x600 [btrfs] btrfs_ioctl+0x1dc8/0x2fa0 [btrfs] ? do_sys_openat2+0xa5/0xf0 __x64_sys_ioctl+0x97/0xc0 do_syscall_64+0x4f/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> [CAUSE] The reproducer is using a corrupted image where extent tree root is corrupted, thus forcing to use “rescue=all,ro” mount option to mount the image. Then it triggered a scrub, but since scrub relies on extent tree to find where the data/metadata extents are, scrub_find_fill_first_stripe() relies on an non-empty extent root. But unfortunately scrub_find_fill_first_stripe() doesn’t really expect an NULL pointer for extent root, it use extent_root to grab fs_info and triggered a NULL pointer dereference. [FIX] Add an extra check for a valid extent root at the beginning of scrub_find_fill_first_stripe(). The new error path is introduced by 42437a6386ff (“btrfs: introduce mount option rescue=ignorebadroots”), but that’s pretty old, and later commit b979547513ff (“btrfs: scrub: introduce helper to find and fill sector info for a scrub_stripe”) changed how we do scrub. So for kernels older than 6.6, the fix will need manual backport. | 2025-01-21 | 5.5 | CVE-2025-21658 |
| linuxfoundation — magma |
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `eNB_UE_S1AP_ID` field. | 2025-01-21 | 6.5 | CVE-2023-37030 |
| linuxfoundation — magma |
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `eNB Configuration Transfer` packet missing its required `Target eNB ID` field. | 2025-01-21 | 6.5 | CVE-2023-37031 |
| linuxfoundation — magma |
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `EUTRAN_CGI` field. | 2025-01-21 | 6.5 | CVE-2023-37033 |
| linuxfoundation — magma |
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `TAI` field. | 2025-01-21 | 6.5 | CVE-2023-37034 |
| linuxfoundation — magma |
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `ENB_UE_S1AP_ID` field. | 2025-01-21 | 6.5 | CVE-2023-37036 |
| linuxfoundation — magma |
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Supported TAs` field. | 2025-01-21 | 6.5 | CVE-2023-37037 |
| linuxfoundation — magma |
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `MME_UE_S1AP_ID` field. | 2025-01-21 | 6.5 | CVE-2023-37038 |
| Listamester–Listamester |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Listamester Listamester allows Stored XSS. This issue affects Listamester: from n/a through 2.3.4. | 2025-01-24 | 6.5 | CVE-2025-24678 |
| listamester–Listamester |
The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘listamester’ shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-24 | 6.4 | CVE-2024-13659 |
| Marco Almeida | Webdados–Taxonomy/Term and Role based Discounts for WooCommerce |
Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/a through 5.1. | 2025-01-24 | 4.3 | CVE-2025-24625 |
| mastowkir–NOTICE BOARD BY TOWKIR |
The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘notice-board’ shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2024-12816 |
| Matthias Wagner – FALKEmedia–Caching Compatible Cookie Opt-In and JavaScript |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matthias Wagner – FALKEmedia Caching Compatible Cookie Opt-In and JavaScript allows Stored XSS. This issue affects Caching Compatible Cookie Opt-In and JavaScript: from n/a through 0.0.10. | 2025-01-24 | 6.5 | CVE-2025-24547 |
| Metaphor Creations–Post Duplicator |
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35. | 2025-01-24 | 4.3 | CVE-2025-24736 |
| Microsoft–Microsoft Edge (Chromium-based) |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2025-01-24 | 5.4 | CVE-2025-21262 |
| mikemmx–Super Block Slider |
Missing Authorization vulnerability in mikemmx Super Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Block Slider: from n/a through 2.7.9. | 2025-01-24 | 4.3 | CVE-2025-24682 |
| Mobotix–M15 |
A vulnerability was found in Mobotix M15 4.3.4.83 and classified as problematic. This issue affects some unknown processing of the file /control/player?center&eventlist&pda&dummy_for_reload=1736177631&p_evt. The manipulation of the argument p_qual leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-20 | 4.3 | CVE-2025-0576 |
| MuffinGroup–Betheme |
The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-21 | 6.4 | CVE-2025-0450 |
| MultiVendorX–WC Marketplace |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MultiVendorX WC Marketplace allows Stored XSS. This issue affects WC Marketplace: from n/a through 4.2.13. | 2025-01-24 | 6.5 | CVE-2025-24706 |
| N.O.U.S. Open Useful and Simple–Event post |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS. This issue affects Event post: from n/a through 5.9.7. | 2025-01-24 | 6.5 | CVE-2025-24585 |
| n/a–n/a |
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Reset` packet missing an expected `ResetType` field. | 2025-01-21 | 6.5 | CVE-2023-37025 |
| n/a–n/a |
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Release Response` packet missing an expected `MME_UE_S1AP_ID` field. | 2025-01-21 | 6.5 | CVE-2023-37026 |
| n/a–n/a |
Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Modification Indication` packet missing an expected `eNB_UE_S1AP_ID` field. | 2025-01-21 | 6.5 | CVE-2023-37027 |
| n/a–n/a |
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Modification Indication` packet missing an expected `eNB_UE_S1AP_ID` field. | 2025-01-21 | 6.5 | CVE-2023-37028 |
| n/a–n/a |
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Global eNB ID` field. | 2025-01-21 | 6.5 | CVE-2023-37035 |
| n/a–n/a |
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allow network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `RRC Establishment Clause` field. | 2025-01-22 | 6.5 | CVE-2023-37039 |
| n/a–n/a |
Homarr before v0.14.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notebook widget. | 2025-01-21 | 6.1 | CVE-2023-45908 |
| n/a–n/a |
An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response. | 2025-01-21 | 6.5 | CVE-2024-24443 |
| n/a–n/a |
OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is received that is unsupported, OAI indexes into a null function pointer and subsequently dereferences it. | 2025-01-21 | 6.5 | CVE-2024-24445 |
| n/a–n/a |
A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editing or deleting users. | 2025-01-21 | 6.1 | CVE-2024-54792 |
| n/a–n/a |
OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h. | 2025-01-23 | 6.5 | CVE-2024-55193 |
| n/a–n/a |
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter. | 2025-01-23 | 6.1 | CVE-2024-57326 |
| n/a–n/a |
Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function. | 2025-01-23 | 6.1 | CVE-2024-57386 |
| n/a–n/a |
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (page) is copied to the stack without length verification. | 2025-01-21 | 6.3 | CVE-2024-57537 |
| n/a–n/a |
Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component | 2025-01-23 | 6.1 | CVE-2024-57556 |
| n/a–n/a |
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component blend_transformed_tiled_argb.isra.0. | 2025-01-23 | 6.5 | CVE-2024-57719 |
| n/a–n/a |
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_blend. | 2025-01-23 | 6.5 | CVE-2024-57720 |
| n/a–n/a |
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path. | 2025-01-23 | 6.5 | CVE-2024-57721 |
| n/a–n/a |
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component composition_source_over. | 2025-01-23 | 6.5 | CVE-2024-57723 |
| n/a–n/a |
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component gray_record_cell. | 2025-01-23 | 6.5 | CVE-2024-57724 |
| n/a–n/a |
OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover. | 2025-01-21 | 5.4 | CVE-2024-48392 |
| n/a–n/a |
SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function. | 2025-01-21 | 5.4 | CVE-2024-54795 |
| n/a–n/a |
D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp. | 2025-01-22 | 5.7 | CVE-2024-56914 |
| n/a–n/a |
Stored Cross-Site Scripting (XSS) in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription. | 2025-01-22 | 5.4 | CVE-2024-56923 |
| n/a–n/a |
An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file. | 2025-01-24 | 5.5 | CVE-2024-57184 |
| n/a–n/a |
HortusFox v3.9 contains a stored XSS vulnerability in the “Add Plant” function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads. | 2025-01-23 | 5.4 | CVE-2024-57329 |
| n/a–n/a |
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (ipv6_protect_status) is copied to the stack without length verification. | 2025-01-21 | 5.5 | CVE-2024-57541 |
| n/a–n/a |
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (dhcpstart_ip) is copied to the stack without length verification. | 2025-01-21 | 5.5 | CVE-2024-57543 |
| n/a–n/a |
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (lan_ipaddr) is copied to the stack without length verification. | 2025-01-21 | 5.5 | CVE-2024-57544 |
| n/a–n/a |
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (hidden_dhcp_num) is copied to the stack without length verification. | 2025-01-21 | 5.5 | CVE-2024-57545 |
| n/a–n/a |
KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function. | 2025-01-23 | 4.3 | CVE-2023-46400 |
| n/a–n/a |
Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6. | 2025-01-21 | 4.8 | CVE-2024-55958 |
| n/a–n/a |
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the ‘Email’ parameter. | 2025-01-21 | 4.2 | CVE-2024-56997 |
| n/a–n/a |
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address. | 2025-01-21 | 4.2 | CVE-2024-56998 |
| n/a–Shiprocket Module |
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/rest_api&action=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to incorrect authorization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-20 | 5.6 | CVE-2025-0580 |
| NEC Corporation–WebSAM DeploymentManager |
NEC Corporation’s WebSAM DeploymentManager v6.0 to v6.80 allows an attacker to reset configurations or restart products via network with X-FRAME-OPTIONS is not specified. | 2025-01-21 | 5.3 | CVE-2024-6466 |
| neofix–Simple Downloads List |
The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the ‘category’ attribute of the ‘neofix_sdl’ shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-24 | 6.5 | CVE-2024-13594 |
| nfusionsolutions–Precious Metals Charts and Widgets for WordPress |
The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘nfusion-widget’ shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-24 | 6.4 | CVE-2024-13572 |
| NinjaTeam–GDPR CCPA Compliance Support |
Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1. | 2025-01-24 | 4.3 | CVE-2025-24591 |
| nmedia–GoHero Store Customizer for WooCommerce |
The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings. | 2025-01-25 | 4.3 | CVE-2024-12826 |
| nodejs–undici |
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers. | 2025-01-21 | 6.8 | CVE-2025-22150 |
| NotFound–Bonjour Bar |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Bonjour Bar allows Stored XSS. This issue affects Bonjour Bar: from n/a through 1.0.0. | 2025-01-21 | 5.9 | CVE-2025-22262 |
| NotFound–Database Sync |
Missing Authorization vulnerability in NotFound Database Sync allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Database Sync: from n/a through 0.5.1. | 2025-01-22 | 6.5 | CVE-2025-23486 |
| NotFound–XLSXviewer |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in NotFound XLSXviewer allows Path Traversal. This issue affects XLSXviewer: from n/a through 2.1.1. | 2025-01-22 | 5.8 | CVE-2025-23562 |
| NowButtons.com–Call Now Button |
Cross-Site Request Forgery (CSRF) vulnerability in NowButtons.com Call Now Button allows Cross Site Request Forgery. This issue affects Call Now Button: from n/a through 1.4.13. | 2025-01-24 | 4.3 | CVE-2025-24738 |
| nuxt–nuxt |
Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite builder may get the source code stolen by malicious websites. Version 3.15.3 fixes the vulnerability. | 2025-01-25 | 5.3 | CVE-2025-24360 |
| nuxt–nuxt |
Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject a malicious script in their site and run the script. By using `Function::toString` against the values in `window.webpackChunknuxt_app`, the attacker can get the source code. Version 3.15.13 of Nuxt patches this issue. | 2025-01-25 | 5.3 | CVE-2025-24361 |
| obsproject–OBS Studio |
A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. The vendor disagrees that this issue is “something worth reporting, as every attack surface requires privileged access/user compromise”. | 2025-01-20 | 4.5 | CVE-2024-13524 |
| OpenVPN–Easy-RSA |
Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3 | 2025-01-20 | 5.3 | CVE-2024-13454 |
| Oracle Corporation–JD Edwards EnterpriseOne Orchestrator |
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 2025-01-21 | 6.5 | CVE-2025-21552 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 6.5 | CVE-2025-21508 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 6.5 | CVE-2025-21509 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 6.1 | CVE-2025-21512 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 6.1 | CVE-2025-21513 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 6.1 | CVE-2025-21527 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 6.1 | CVE-2025-21538 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 5.4 | CVE-2024-21245 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 5.4 | CVE-2025-21507 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 2025-01-21 | 5.3 | CVE-2025-21514 |
| Oracle Corporation–JD Edwards EnterpriseOne Tools |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | 2025-01-21 | 4.3 | CVE-2025-21517 |
| Oracle Corporation–MySQL Cluster |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 6.5 | CVE-2025-21518 |
| Oracle Corporation–MySQL Cluster |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21531 |
| Oracle Corporation–MySQL Cluster |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21543 |
| Oracle Corporation–MySQL Connectors |
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H). | 2025-01-21 | 6.4 | CVE-2025-21548 |
| Oracle Corporation–MySQL Enterprise Firewall |
Vulnerability in the MySQL Enterprise Firewall product of Oracle MySQL (component: Firewall). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Firewall. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Firewall. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.4 | CVE-2025-21495 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 6.5 | CVE-2025-21500 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 6.5 | CVE-2025-21501 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 6.5 | CVE-2025-21522 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 6.5 | CVE-2025-21566 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 2025-01-21 | 5.5 | CVE-2025-21497 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | 2025-01-21 | 5.4 | CVE-2025-21540 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 2025-01-21 | 5.5 | CVE-2025-21555 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 2025-01-21 | 5.5 | CVE-2025-21559 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21490 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21491 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21492 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.4 | CVE-2025-21493 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.1 | CVE-2025-21494 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21499 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21503 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21504 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21505 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.4 | CVE-2025-21519 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21523 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21525 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21529 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Performance Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21534 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-01-21 | 4.9 | CVE-2025-21536 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2025-01-21 | 4.3 | CVE-2025-21567 |
| Oracle Corporation–Oracle Advanced Outbound Telephony |
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data as well as unauthorized read access to a subset of Oracle Advanced Outbound Telephony accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 6.1 | CVE-2025-21489 |
| Oracle Corporation–Oracle Agile PLM Framework |
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: SDK-Software Development Kit). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 2025-01-21 | 6.5 | CVE-2025-21560 |
| Oracle Corporation–Oracle Application Express |
Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 5.4 | CVE-2025-21557 |
| Oracle Corporation–Oracle Communications Order and Service Management |
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | 2025-01-21 | 6.3 | CVE-2025-21542 |
| Oracle Corporation–Oracle Communications Order and Service Management |
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order and Service Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 5.4 | CVE-2025-21544 |
| Oracle Corporation–Oracle Communications Order and Service Management |
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 2025-01-21 | 5.3 | CVE-2025-21554 |
| Oracle Corporation–Oracle Database Server |
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data as well as unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). | 2025-01-21 | 4.2 | CVE-2025-21553 |
| Oracle Corporation–Oracle Financial Services Behavior Detection Platform |
Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Web UI). Supported versions that are affected are 8.0.8.1, 8.1.2.7 and 8.1.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Behavior Detection Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Behavior Detection Platform accessible data as well as unauthorized read access to a subset of Oracle Financial Services Behavior Detection Platform accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 6.1 | CVE-2025-21550 |
| Oracle Corporation–Oracle HTTP Server |
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 2025-01-21 | 5.3 | CVE-2025-21498 |
| Oracle Corporation–Oracle Hyperion Data Relationship Management |
Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Services). The supported version that is affected is 11.2.19.0.000. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Data Relationship Management. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Data Relationship Management. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). | 2025-01-21 | 6.6 | CVE-2025-21569 |
| Oracle Corporation–Oracle Hyperion Data Relationship Management |
Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security). The supported version that is affected is 11.2.19.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Data Relationship Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Data Relationship Management accessible data. CVSS 3.1 Base Score 4.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N). | 2025-01-21 | 4.5 | CVE-2025-21568 |
| Oracle Corporation–Oracle Java SE |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | 2025-01-21 | 4.8 | CVE-2025-21502 |
| Oracle Corporation–Oracle Life Sciences Argus Safety |
Vulnerability in the Oracle Life Sciences Argus Safety product of Oracle Health Sciences Applications (component: Login). The supported version that is affected is 8.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences Argus Safety. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Life Sciences Argus Safety, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Life Sciences Argus Safety accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 6.1 | CVE-2025-21570 |
| Oracle Corporation–Oracle Solaris |
Vulnerability in the Oracle Solaris product of Oracle Systems (component: File system). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). | 2025-01-21 | 6 | CVE-2025-21551 |
| Oracle Corporation–Oracle VM VirtualBox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 2025-01-21 | 5.5 | CVE-2025-21533 |
| Oracle Corporation–Oracle Workflow |
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data as well as unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | 2025-01-21 | 5.4 | CVE-2025-21541 |
| Oracle Corporation–PeopleSoft Enterprise CC Common Application Objects |
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Run Control Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2025-01-21 | 4.3 | CVE-2025-21562 |
| Oracle Corporation–PeopleSoft Enterprise CC Common Application Objects |
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Run Control Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | 2025-01-21 | 4.3 | CVE-2025-21563 |
| Oracle Corporation–PeopleSoft Enterprise FIN Cash Management |
Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Cash Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Cash Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Cash Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Cash Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | 2025-01-21 | 5.4 | CVE-2025-21537 |
| Oracle Corporation–PeopleSoft Enterprise FIN eSettlements |
Vulnerability in the PeopleSoft Enterprise FIN eSettlements product of Oracle PeopleSoft (component: eSettlements). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN eSettlements. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN eSettlements accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN eSettlements accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | 2025-01-21 | 5.4 | CVE-2025-21539 |
| Oracle Corporation–PeopleSoft Enterprise PeopleTools |
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2025-01-21 | 4.3 | CVE-2025-21530 |
| Oracle Corporation–PeopleSoft Enterprise SCM Purchasing |
Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM Purchasing accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise SCM Purchasing accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | 2025-01-21 | 5.4 | CVE-2025-21561 |
| Oracle Corporation–Primavera P6 Enterprise Project Portfolio Management |
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 and 23.12.1.0-23.12.10.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 5.4 | CVE-2025-21526 |
| Oracle Corporation–Primavera P6 Enterprise Project Portfolio Management |
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and 22.12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2025-01-21 | 5.4 | CVE-2025-21558 |
| Oracle Corporation–Primavera P6 Enterprise Project Portfolio Management |
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 and 23.12.1.0-23.12.10.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). | 2025-01-21 | 4.3 | CVE-2025-21528 |
| osamaesh–WP Visitor Statistics (Real Time Traffic) |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.2. | 2025-01-24 | 6.5 | CVE-2025-24675 |
| otrok7–BMLT Meeting Map |
The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘bmlt_meeting_map’ shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-24 | 6.4 | CVE-2024-12494 |
| Pagelayer Team–PageLayer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pagelayer Team PageLayer allows DOM-Based XSS. This issue affects PageLayer: from n/a through 1.9.4. | 2025-01-24 | 6.5 | CVE-2025-24573 |
| pagup–WP Google Street View (with 360 virtual tour) & Google maps + Local SEO |
The WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wpgsv’ shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-24 | 6.4 | CVE-2024-13542 |
| Patreon–Patreon WordPress |
Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1. | 2025-01-24 | 6.5 | CVE-2025-24588 |
| paulrosen–ABC Notation |
The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the ‘file’ attribute of the ‘abcjs’ shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-01-25 | 6.5 | CVE-2024-13550 |
| paulrosen–ABC Notation |
The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘abcjs’ shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2024-13551 |
| Pete Dring–Create with Code |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pete Dring Create with Code allows DOM-Based XSS. This issue affects Create with Code: from n/a through 1.4. | 2025-01-24 | 6.5 | CVE-2025-24638 |
| phpMyAdmin–phpMyAdmin |
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab. | 2025-01-23 | 6.4 | CVE-2025-24529 |
| phpMyAdmin–phpMyAdmin |
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS. | 2025-01-23 | 6.4 | CVE-2025-24530 |
| PickPlugins–Job Board Manager |
Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Board Manager allows Cross Site Request Forgery. This issue affects Job Board Manager: from n/a through 2.1.59. | 2025-01-24 | 5.4 | CVE-2025-24622 |
| Plethora Plugins–Plethora Plugins Tabs + Accordions |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Plethora Plugins Plethora Plugins Tabs + Accordions allows Stored XSS. This issue affects Plethora Plugins Tabs + Accordions: from n/a through 1.1.5. | 2025-01-24 | 6.5 | CVE-2025-24709 |
| plethoraplugins–Plethora Plugins Tabs + Accordions |
The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2024-13721 |
| PluginOps–MailChimp Subscribe Forms |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS. This issue affects MailChimp Subscribe Forms : from n/a through 4.1. | 2025-01-21 | 6.5 | CVE-2025-22727 |
| Poll Maker Team–Poll Maker |
Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a. | 2025-01-21 | 5.3 | CVE-2024-56277 |
| Popup Maker–Popup Maker |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2. | 2025-01-24 | 6.5 | CVE-2025-24746 |
| PrestaShop–ps_contactinfo |
ps_contactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting (XSS) vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if the shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored cross-site scripting in formatting objects. Commit d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39 keeps formatted addresses from displaying a XSS stored in the database, and the fix is expected to be available in version 3.3.3. No workarounds are available aside from applying the fix and keeping all modules maintained and update. | 2025-01-22 | 6.2 | CVE-2025-24027 |
| pwndoc–pwndoc |
PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user’s behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit 14acb704891245bf1703ce6296d62112e85aa995 patches the issue. | 2025-01-20 | 6.8 | CVE-2025-23044 |
| qchantelnotice–WordPress SEO Friendly Accordion FAQ with AI assisted content generation |
The WordPress SEO Friendly Accordion FAQ with AI assisted content generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘noticefaq’ shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2024-13458 |
| Qualifio–Wheel of fortune |
Input validation vulnerability in Qualifio’s Wheel of Fortune. This vulnerability could allow an attacker to modify a single email to contain upper and lower case characters in order to access the application and win prizes as many times as wanted. | 2025-01-21 | 5.3 | CVE-2025-0614 |
| Qualifio–Wheel of fortune |
Input validation vulnerability in Qualifio’s Wheel of Fortune. This vulnerability allows an attacker to modify an email to contain the ‘+’ symbol to access the application and win prizes as many times as wanted. | 2025-01-21 | 5.3 | CVE-2025-0615 |
| quantumcloud — wpot |
The WPBot Pro WordPress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘qc_wp_latest_update_check_pro’ function in all versions up to, and including, 13.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create Simple Text Responses to chat queries. | 2025-01-22 | 4.3 | CVE-2024-12879 |
| RadiusTheme–Radius Blocks |
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Radius Blocks allows Cross Site Request Forgery. This issue affects Radius Blocks: from n/a through 2.1.2. | 2025-01-24 | 5.4 | CVE-2025-24712 |
| Really Simple Security–Really Simple SSL |
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Security Really Simple SSL allows Cross Site Request Forgery. This issue affects Really Simple SSL: from n/a through 9.1.4. | 2025-01-24 | 4.3 | CVE-2025-24623 |
| realmag777–MDTF Meta Data and Taxonomies Filter |
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mdf_results_by_ajax’ shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-23 | 6.4 | CVE-2024-13340 |
| Red Hat–Red Hat Build of Keycloak |
A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions. | 2025-01-22 | 5.4 | CVE-2025-0604 |
| Replicated–Replicated Classic |
Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin Console API on port 8800. This CVE was originally reserved in 2021 and later publicly disclosed by Replicated on their website on 21 October 2021. However, it mistakenly remained in the Reserved But Public (RBP) status with the CVE Numbering Authority (CNA). Please note that this product reached its end of life on 31 December 2024. Publishing this CVE with the CNA was required to comply with CNA rules, despite the fact that the issue was disclosed and fixed four years ago, and the affected product is no longer supported as of 2024. Summary of VulnerabilityThis advisory discloses a low severity security vulnerability in the versions of Replicated Classic listed above (“Affected Replicated Classic Versions”) DescriptionReplicated Classic versions prior to 2.53.1 have an authenticated API from the Replicated Admin Console that may expose sensitive data including application secrets, depending on how the application manifests are written. A user with valid credentials and access to the Admin Console port (8800) on the Replicated Classic server can retrieve container definitions including environment variables which may contain passwords and other secrets depending on how the application is configured. This data is shared over authenticated sessions to the Admin Console only, and was never displayed or used in the application processing. To remediate this issue, we removed the sensitive data from the API, sending only the data to the Admin Console that was needed. TimelineThis issue was discovered during a security review on 16 September 2021. Patched versions were released on 23 September 2021. This advisory was published on 21 October 2021. The CVE Numbering Authority (CNA) notified Replicated on 23 January 2025 that the CVE was still in Reserved But Public (RBP) status. Upon discovering the oversight in updating the status to published with the CNA, Replicated submitted the updated report on the same day, 23 January 2025. | 2025-01-23 | 4.9 | CVE-2021-42718 |
| Revmakx–WP Duplicate WordPress Migration Plugin |
Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6. | 2025-01-24 | 5.4 | CVE-2025-24652 |
| Rextheme–WP VR |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rextheme WP VR allows DOM-Based XSS. This issue affects WP VR: from n/a through 8.5.14. | 2025-01-24 | 6.5 | CVE-2025-24730 |
| rometheme–RomethemeKit For Elementor |
The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | 2025-01-24 | 4.3 | CVE-2024-10324 |
| Roninwp–FAT Event Lite |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Roninwp FAT Event Lite allows Stored XSS. This issue affects FAT Event Lite: from n/a through 1.1. | 2025-01-21 | 6.5 | CVE-2025-22718 |
| RSTheme–Ultimate Coming Soon & Maintenance |
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9. | 2025-01-24 | 5.4 | CVE-2025-24546 |
| RSTheme–Ultimate Coming Soon & Maintenance |
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9. | 2025-01-24 | 4.3 | CVE-2025-24543 |
| Sebastian Zaha–Magic the Gathering Card Tooltips |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sebastian Zaha Magic the Gathering Card Tooltips allows Stored XSS. This issue affects Magic the Gathering Card Tooltips: from n/a through 3.4.0. | 2025-01-24 | 6.5 | CVE-2025-24704 |
| shazahm1hotmailcom–Connections Business Directory |
The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content. | 2025-01-25 | 6.5 | CVE-2024-12885 |
| silverplugins217–Build Private Store For Woocommerce |
Missing Authorization vulnerability in silverplugins217 Build Private Store For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Build Private Store For Woocommerce: from n/a through 1.0. | 2025-01-24 | 5.3 | CVE-2025-24633 |
| Smackcoders–WP Ultimate Exporter |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Smackcoders WP Ultimate Exporter allows Absolute Path Traversal. This issue affects WP Ultimate Exporter: from n/a through 2.9. | 2025-01-24 | 4.9 | CVE-2025-24611 |
| sovica–Target Video Easy Publish |
The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the resync_carousel(), seek_snapshot(), uploaded_cc(), and remove_cc() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-25 | 6.1 | CVE-2024-12076 |
| Speedcomp–Linet ERP-Woocommerce Integration |
Missing Authorization vulnerability in Speedcomp Linet ERP-Woocommerce Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.7. | 2025-01-24 | 6.5 | CVE-2025-24594 |
| sperse–Automate Hub Free by Sperse.IO |
The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the ‘automate_hub’ page. This makes it possible for unauthenticated attackers to update an activation status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-24 | 4.3 | CVE-2024-13683 |
| stellarwp–Membership Plugin Restrict Content |
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2025-01-26 | 5.3 | CVE-2024-11090 |
| suhas93–SEO Blogger to WordPress Migration using 301 Redirection |
The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-23 | 6.1 | CVE-2024-13422 |
| Svetoslav Marinov (Slavi)–Orbisius Simple Notice |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Svetoslav Marinov (Slavi) Orbisius Simple Notice allows Stored XSS. This issue affects Orbisius Simple Notice: from n/a through 1.1.3. | 2025-01-24 | 5.9 | CVE-2025-24634 |
| Telstra–Smart Modem Gen 2 |
A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-24 | 5.3 | CVE-2025-0697 |
| templatescoderthemes–Spexo Addons for Elementor Free Elementor Addons, Widgets and Templates |
The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install a theme. | 2025-01-24 | 4.3 | CVE-2024-13335 |
| Teplitsa. Technologies for Social Good–ShMapper by Teplitsa |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Teplitsa. Technologies for Social Good ShMapper by Teplitsa allows Stored XSS. This issue affects ShMapper by Teplitsa: from n/a through 1.5.0. | 2025-01-24 | 5.9 | CVE-2025-24674 |
| the_champ–Social Share, Social Login and Social Comments Plugin Super Socializer |
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the ‘SuperSocializerKey’ parameter in all versions up to, and including, 7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional values into the already existing query that can be used to extract user metadata from the database. | 2025-01-21 | 5.3 | CVE-2024-13230 |
| theDotstore–Product Size Charts Plugin for WooCommerce |
Missing Authorization vulnerability in theDotstore Product Size Charts Plugin for WooCommerce.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through 2.4.5. | 2025-01-24 | 4.3 | CVE-2025-23991 |
| theeventscalendar–The Events Calendar |
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-23 | 6.4 | CVE-2024-12118 |
| themefusion–Avada (Fusion) Builder |
The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-22 | 6.4 | CVE-2024-12477 |
| themehunk–Variation Swatches for WooCommerce |
The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settings_init() function, which processes a reset action based on specific query parameters in the URL. The related delete_settings() function performs a faulty nonce validation check, making the reset operation insecure and susceptible to unauthorized access. | 2025-01-23 | 4.3 | CVE-2024-13511 |
| ThemeIsle–AI Chatbot for WordPress Hyve Lite |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeIsle AI Chatbot for WordPress – Hyve Lite allows Stored XSS. This issue affects AI Chatbot for WordPress – Hyve Lite: from n/a through 1.2.2. | 2025-01-24 | 5.9 | CVE-2025-24666 |
| themeisle–Multiple Page Generator Plugin MPG |
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the ‘mpg_download_file_by_link’ function. This makes it possible for authenticated attackers, with editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2025-01-26 | 5.4 | CVE-2024-10705 |
| Themeisle–PPOM for WooCommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeisle PPOM for WooCommerce allows Stored XSS. This issue affects PPOM for WooCommerce: from n/a through 33.0.8. | 2025-01-24 | 5.9 | CVE-2025-24668 |
| themify — themify_builder |
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-22 | 6.1 | CVE-2024-13319 |
| thimpress — wp_hotel_booking |
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a list of registered user emails. | 2025-01-22 | 4.3 | CVE-2024-13447 |
| thimpress–LearnPress WordPress LMS Plugin |
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP Instructor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-25 | 6.4 | CVE-2024-13599 |
| ThimPress–Thim Elementor Kit |
Missing Authorization vulnerability in ThimPress Thim Elementor Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Elementor Kit: from n/a through 1.2.8. | 2025-01-24 | 4.3 | CVE-2025-24725 |
| tuxlog–wp-greet |
The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-21 | 6.1 | CVE-2024-13444 |
| umbraco–Umbraco-CMS |
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it’s possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and 15.1.2 contain a patch. No known workarounds are available. | 2025-01-21 | 5.3 | CVE-2025-24011 |
| umbraco–Umbraco-CMS |
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain a patch. | 2025-01-21 | 4.6 | CVE-2025-24012 |
| Uyumsoft Informatin Systems–Uyumsoft ERP |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS.This issue affects Uyumsoft ERP: before Erp4.2109.166p45. | 2025-01-23 | 5.5 | CVE-2024-10539 |
| vcita.com–Online Payments Get Paid with PayPal, Square & Stripe |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in vcita.com Online Payments – Get Paid with PayPal, Square & Stripe allows Stored XSS. This issue affects Online Payments – Get Paid with PayPal, Square & Stripe: from n/a through 3.20.0. | 2025-01-21 | 6.5 | CVE-2025-22661 |
| videowhisper — picture_gallery |
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘videowhisper_pictures’ shortcode in all versions up to, and including, 1.5.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-22 | 6.4 | CVE-2024-13584 |
| videowhisper–Broadcast Live Video Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP |
The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘videowhisper_hls’ shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-23 | 6.4 | CVE-2024-12504 |
| Vikas Ratudi–VForm |
Missing Authorization vulnerability in Vikas Ratudi VForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VForm: from n/a through 3.0.5. | 2025-01-24 | 5.4 | CVE-2025-24604 |
| vim–vim |
Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn’t show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn’t been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043. | 2025-01-20 | 4.2 | CVE-2025-24014 |
| vitejs–vite |
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6. | 2025-01-20 | 6.5 | CVE-2025-24010 |
| WC Product Table–WooCommerce Product Table Lite |
Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.8.7. | 2025-01-24 | 5.3 | CVE-2025-24596 |
| webraketen–Internal Links Manager |
Missing Authorization vulnerability in webraketen Internal Links Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Links Manager: from n/a through 2.5.2. | 2025-01-24 | 4.3 | CVE-2025-24679 |
| WebToffee–Wishlist for WooCommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebToffee Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 2.1.2. | 2025-01-24 | 5.9 | CVE-2025-24657 |
| WebToffee–WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS. This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.7.1. | 2025-01-24 | 5.9 | CVE-2025-24644 |
| Widget Options Team–Widget Options |
Missing Authorization vulnerability in Widget Options Team Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Widget Options: from n/a through 4.0.8. | 2025-01-21 | 4.3 | CVE-2025-22722 |
| Wow-Company–Bubble Menu circle floating menu |
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu allows Cross Site Request Forgery. This issue affects Bubble Menu – circle floating menu: from n/a through 4.0.2. | 2025-01-24 | 5.4 | CVE-2025-24714 |
| Wow-Company–Button Generator easily Button Builder |
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder allows Cross Site Request Forgery. This issue affects Button Generator – easily Button Builder: from n/a through 3.1.1. | 2025-01-24 | 5.4 | CVE-2025-24713 |
| Wow-Company–Counter Box |
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery. This issue affects Counter Box: from n/a through 2.0.5. | 2025-01-24 | 5.4 | CVE-2025-24715 |
| Wow-Company–Herd Effects |
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1. | 2025-01-24 | 5.4 | CVE-2025-24716 |
| Wow-Company–Modal Window |
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4. | 2025-01-24 | 5.4 | CVE-2025-24717 |
| Wow-Company–Popup Box |
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup Box allows Cross Site Request Forgery. This issue affects Popup Box: from n/a through 3.2.4. | 2025-01-24 | 5.4 | CVE-2025-24711 |
| Wow-Company–Side Menu Lite |
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite allows Cross Site Request Forgery. This issue affects Side Menu Lite: from n/a through 5.3.1. | 2025-01-24 | 5.4 | CVE-2025-24724 |
| Wow-Company–Sticky Buttons |
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1. | 2025-01-24 | 5.4 | CVE-2025-24720 |
| WP Attire–Attire Blocks |
Cross-Site Request Forgery (CSRF) vulnerability in WP Attire Attire Blocks allows Cross Site Request Forgery. This issue affects Attire Blocks: from n/a through 1.9.6. | 2025-01-24 | 4.3 | CVE-2025-24696 |
| WP Desk–Flexible PDF Coupons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Desk Flexible PDF Coupons allows Stored XSS. This issue affects Flexible PDF Coupons: from n/a through n/a. | 2025-01-21 | 6.5 | CVE-2025-22825 |
| wp-polls_project — wp-polls |
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries. Those queries are stored and results are not displayed to the attacker, which means they cannot be exploited to obtain any additional information about the database. However, a properly configured payload allows for the injection of malicious JavaScript resulting in Stored Cross-Site Scripting. | 2025-01-22 | 5.4 | CVE-2024-13426 |
| wpase.com–Admin and Site Enhancements (ASE) |
Missing Authorization vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2. | 2025-01-24 | 4.3 | CVE-2025-24649 |
| wpdevart–Widget Countdown |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpdevart Widget Countdown allows Stored XSS. This issue affects Widget Countdown: from n/a through 2.7.1. | 2025-01-24 | 6.5 | CVE-2025-24719 |
| wpfeedback–Visual Website Collaboration, Feedback & Project Management Atarim |
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and including, 4.0.9. This makes it possible for unauthenticated attackers to delete project pages and files. | 2025-01-21 | 5.3 | CVE-2024-12104 |
| wpWax–Product Carousel Slider & Grid Ultimate for WooCommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows Stored XSS. This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through 1.10.0. | 2025-01-24 | 5.9 | CVE-2025-24681 |
| Xagio–Xagio SEO |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Xagio Xagio SEO allows Stored XSS. This issue affects Xagio SEO: from n/a through 7.0.0.20. | 2025-01-24 | 6.5 | CVE-2025-24702 |
| Xerox–Xerox Workplace Suite |
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints. | 2025-01-23 | 6.5 | CVE-2024-55925 |
| Xerox–Xerox Workplace Suite |
A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data | 2025-01-23 | 6.3 | CVE-2024-55926 |
| Xerox–Xerox Workplace Suite |
A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions. | 2025-01-23 | 6.4 | CVE-2024-55927 |
| Xerox–Xerox Workplace Suite |
Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption | 2025-01-23 | 6.8 | CVE-2024-55928 |
| Xerox–Xerox Workplace Suite |
Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files | 2025-01-23 | 6.6 | CVE-2024-55930 |
| Xerox–Xerox Workplace Suite |
A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources. | 2025-01-23 | 5 | CVE-2024-55929 |
| Yehi–Advanced Notifications |
Missing Authorization vulnerability in Yehi Advanced Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Notifications: from n/a through 1.2.7. | 2025-01-24 | 4.3 | CVE-2025-24693 |
| youzify–Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress |
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key. | 2025-01-25 | 6.5 | CVE-2024-13370 |
| youzify–Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress |
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user’s reviews. | 2025-01-25 | 4.3 | CVE-2024-12113 |
| youzify–Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress |
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzify_offer_banner() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary site options to a value of one. | 2025-01-25 | 4.3 | CVE-2024-13368 |
| zjhzxhz–WP-BibTeX |
The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wp_bibtex_option_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-21 | 6.1 | CVE-2024-12005 |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| bitpressadmin–Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder |
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The vulnerability can also be exploited in Multisite environments. | 2025-01-25 | 3.8 | CVE-2024-13450 |
| CampCodes–School Management Software |
A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-20 | 3.5 | CVE-2025-0581 |
| CampCodes–School Management Software |
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | 2025-01-22 | 3.1 | CVE-2025-0625 |
| CampCodes–School Management Software |
A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /notice-list of the component Notice Board Page. The manipulation of the argument Notice leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-24 | 3.5 | CVE-2025-0710 |
| ECOVACS–Unspecified robots |
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism. | 2025-01-23 | 3.3 | CVE-2024-12079 |
| ECOVACS–Unspecified robots |
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on. | 2025-01-23 | 2.3 | CVE-2024-52328 |
| Facile Sistemas–Cloud Apps |
A vulnerability was found in Facile Sistemas Cloud Apps up to 20250107. It has been classified as problematic. Affected is an unknown function of the file /account/forgotpassword of the component Password Reset Handler. The manipulation of the argument reterros leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-20 | 3.5 | CVE-2025-0578 |
| fumiao–opencms |
A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument 模æ¿å‰ç¼€ leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-24 | 3.5 | CVE-2025-0708 |
| HCL Software–BigFix Patch Management Download Plug-ins |
BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost. | 2025-01-23 | 2.5 | CVE-2024-42182 |
| HCL Software–BigFix Patch Management Download Plug-ins |
BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls. | 2025-01-23 | 2.5 | CVE-2024-42183 |
| HCL Software–BigFix Patch Management Download Plug-ins |
BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme. | 2025-01-23 | 2.5 | CVE-2024-42184 |
| HCL Software–BigFix Patch Management Download Plug-ins |
BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial of service and unauthorized access. | 2025-01-23 | 2.5 | CVE-2024-42185 |
| HCL Software–BigFix Patch Management Download Plug-ins |
BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation. | 2025-01-23 | 2.8 | CVE-2024-42186 |
| himmelblau-idm–himmelblau |
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`. | 2025-01-23 | 3.2 | CVE-2025-24034 |
| IBM–i |
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file. | 2025-01-24 | 2.8 | CVE-2024-35122 |
| JoeyBling–bootplus |
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | 2025-01-24 | 2.4 | CVE-2025-0706 |
| Microword–eScan Antivirus |
A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. It has been rated as problematic. Affected by this issue is the function removeExtraSlashes of the file /opt/MicroWorld/sbin/rtscanner of the component Folder Watch List Handler. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-26 | 3.3 | CVE-2025-0720 |
| n/a–Dcat-Admin |
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-24 | 2.4 | CVE-2025-0709 |
| Oracle Corporation–MySQL Cluster |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). | 2025-01-21 | 1.8 | CVE-2025-21520 |
| Oracle Corporation–MySQL Server |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). | 2025-01-21 | 3.8 | CVE-2025-21546 |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| 7-Zip–7-Zip |
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456. | 2025-01-25 | not yet calculated | CVE-2025-0411 | [email protected] af854a3a-2127-422b-91ae-364da2661108 |
| Apache Software Foundation–Apache Ranger |
SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. | 2025-01-21 | not yet calculated | CVE-2024-45479 | [email protected] af854a3a-2127-422b-91ae-364da2661108 |
| Apache Software Foundation–Apache Wicket |
The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue. | 2025-01-23 | not yet calculated | CVE-2024-53299 | [email protected] af854a3a-2127-422b-91ae-364da2661108 |
| Arm–Cortex-A72 |
In certain circumstances, an issue in Arm Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim’s branch history. | 2025-01-22 | not yet calculated | CVE-2024-10929 | [email protected] |
| ASUS–Armoury Crate |
A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the ’01/23/2025 Security Update for Armoury Crate App’ section on the ASUS Security Advisory for more information. | 2025-01-23 | not yet calculated | CVE-2024-12957 | 54bf65a7-a193-42d2-b1ba-8e150d3c35e1 |
| azukaar–Cosmos-Server |
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7. | 2025-01-20 | not yet calculated | CVE-2025-23214 | [email protected] [email protected] |
| Cloudflare–WARP |
Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:ProgramDataCloudflarewarp-diag-partials folder. After triggering the ‘Reset all settings” option the WARP service will delete the files that the symlink was pointing to. Given the WARP service operates with System privileges this might lead to deleting files owned by the System user. This issue affects WARP: before 2024.12.492.0. | 2025-01-22 | not yet calculated | CVE-2025-0651 | [email protected] |
| coollabsio–coolify |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of commands on remote servers allows an authenticated user to execute arbitrary code on the local Coolify container, gaining access to data and private keys or tokens of other users/teams. The ability to inject malicious commands into the Coolify container gives authenticated attackers the ability to fully retrieve and control the data and availability of the software. Centrally hosted Coolify instances (open registration and/or multiple teams with potentially untrustworthy users) are especially at risk, as sensitive data of all users and connected servers can be leaked by any user. Additionally, attackers are able to modify the running software, potentially deploying malicious images to remote nodes or generally changing its behavior. Version 4.0.0-beta.253 patches this issue. | 2025-01-24 | not yet calculated | CVE-2025-22605 | [email protected] [email protected] [email protected] [email protected] [email protected] |
| coollabsio–coolify |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In version 4.0.0-beta.358 and possibly earlier versions, when creating or updating a “project,” it is possible to inject arbitrary shell commands by altering the project name. If a name includes unescaped characters, such as single quotes (`’`), it breaks out of the intended command structure, allowing attackers to execute arbitrary commands on the host system. This vulnerability allows attackers to execute arbitrary commands on the host server, which could result in full system compromise; create, modify, or delete sensitive system files; and escalate privileges depending on the permissions of the executed process. Attackers with access to project management features could exploit this flaw to gain unauthorized control over the host environment. Version 4.0.0-beta.359 fixes this issue. | 2025-01-24 | not yet calculated | CVE-2025-22606 | [email protected] |
| coollabsio–coolify |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on a Coolify instance by only knowing the UUID of the model. This exposes the “client id”, “client secret” and “webhook secret.” Version 4.0.0-beta.361 fixes this issue. | 2025-01-24 | not yet calculated | CVE-2025-22607 | [email protected] |
| coollabsio–coolify |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exposes the “client id” and “client secret” for every custom OAuth provider. The attacker can also modify the global OAuth configuration. Version 4.0.0-beta.361 fixes the issue. | 2025-01-24 | not yet calculated | CVE-2025-22610 | [email protected] |
| CP Plus–CP-XR-DE21-S Router |
This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. A remote attacker could exploit this vulnerability by intercepting data transmissions during an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and compromise the targeted system. | 2025-01-20 | not yet calculated | CVE-2025-0479 | [email protected] |
| github–codeql-action |
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository would be able to access this artifact, containing any secrets from the environment. This vulnerability is patched in CodeQL Action version 3.28.3 or later, or CodeQL CLI version 2.20.3 or later. For some affected workflow runs, the exposed environment variables in the debug artifacts included a valid `GITHUB_TOKEN` for the workflow run, which has access to the repository in which the workflow ran, and all the permissions specified in the workflow or job. The `GITHUB_TOKEN` is valid until the job completes or 24 hours has elapsed, whichever comes first. Environment variables are exposed only from workflow runs that satisfy all of the following conditions: – Code scanning workflow configured to scan the Java/Kotlin languages. – Running in a repository containing Kotlin source code. – Running with debug artifacts enabled. – Using CodeQL Action versions <= 3.28.2, and CodeQL CLI versions >= 2.9.2 (May 2022) and <= 2.20.2. – The workflow run fails before the CodeQL database is finalized within the `github/codeql-action/analyze` step. – Running in any GitHub environment: GitHub.com, GitHub Enterprise Cloud, and GitHub Enterprise Server. Note: artifacts are only accessible to users within the same GitHub environment with access to the scanned repo. The `GITHUB_TOKEN` exposed in this way would only have been valid for workflow runs that satisfy all of the following conditions, in addition to the conditions above: – Using CodeQL Action versions >= 3.26.11 (October 2024) and <= 3.28.2, or >= 2.26.11 and < 3. – Running in GitHub.com or GitHub Enterprise Cloud only (not valid on GitHub Enterprise Server). In rare cases during advanced setup, logging of environment variables may also occur during database creation of Java, Swift, and C/C++. Please read the corresponding CodeQL CLI advisory GHSA-gqh3-9prg-j95m for more details. In CodeQL CLI versions >= 2.9.2 and <= 2.20.2, the CodeQL Kotlin extractor logs all environment variables by default into an intermediate file during the process of creating a CodeQL database for Kotlin code. This is a part of the CodeQL CLI and is invoked by the CodeQL Action for analyzing Kotlin repositories. On Actions, the environment variables logged include GITHUB_TOKEN, which grants permissions to the repository being scanned. The intermediate file containing environment variables is deleted when finalizing the database, so it is not included in a successfully created database. It is, however, included in the debug artifact that is uploaded on a failed analysis run if the CodeQL Action was invoked in debug mode. Therefore, under these specific circumstances (incomplete database creation using the CodeQL Action in debug mode) an attacker with access to the debug artifact would gain unauthorized access to repository secrets from the environment, including both the `GITHUB_TOKEN` and any user-configured secrets made available via environment variables. The impact of the `GITHUB_TOKEN` leaked in this environment is limited: – For workflows on GitHub.com and GitHub Enterprise Cloud using CodeQL Action versions >= 3.26.11 and <= 3.28.2, or >= 2.26.11 and < 3, which in turn use the `actions/artifacts v4` library, the debug artifact is uploaded before the workflow job completes. During this time the `GITHUB_TOKEN` is still valid, providing an opportunity for attackers to gain access to the repository. – For all other workflows, the debug artifact is uploaded after the workflow job completes, at which point the leaked `GITHUB_TOKEN` has been revoked and cannot be used to access the repository. | 2025-01-24 | not yet calculated | CVE-2025-24362 | [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| GitHub–Enterprise Server |
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0. This vulnerability was reported via the GitHub Bug Bounty program. | 2025-01-21 | not yet calculated | CVE-2025-23369 | [email protected] [email protected] [email protected] [email protected] |
| Google–Chrome |
Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-01-22 | not yet calculated | CVE-2025-0611 | [email protected] [email protected] |
| Google–Chrome |
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-01-22 | not yet calculated | CVE-2025-0612 | [email protected] [email protected] |
| Gradle–Enterprise |
Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection against brute-force attempts. The applicable severity of this vulnerability depends on whether a Develocity server is accessible by external or unauthorized users, and the complexity of the System User password. | 2025-01-26 | not yet calculated | CVE-2025-24858 | [email protected] |
| I-O DATA DEVICE, INC.–UD-LT2 |
Improper neutralization of special elements used in an OS command (‘OS Command Injection’) issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can access the affected product with an administrative account. | 2025-01-22 | not yet calculated | CVE-2025-20617 | [email protected] [email protected] |
| I-O DATA DEVICE, INC.–UD-LT2 |
Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports. | 2025-01-22 | not yet calculated | CVE-2025-22450 | [email protected] [email protected] |
| I-O DATA DEVICE, INC.–UD-LT2 |
Improper neutralization of special elements used in an OS command (‘OS Command Injection’) issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If a user logs in to CLI of the affected product, an arbitrary OS command may be executed. | 2025-01-22 | not yet calculated | CVE-2025-23237 | [email protected] [email protected] |
| LabRedesCefetRJ–WeGIA |
WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue. | 2025-01-21 | not yet calculated | CVE-2025-24020 | [email protected] [email protected] [email protected] |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage collection anymore, instead the _DEAD bit is set on so the set element is not visible from lookup path anymore. Async GC enqueues transaction work that might be aborted and retried later. rbtree and pipapo set backends does not set on the _DEAD bit from the sync GC path since this runs in control plane path where mutex is held. In this case, set elements are deactivated, removed and then released via RCU callback, sync GC never fails. | 2025-01-20 | not yet calculated | CVE-2023-52923 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: tracing: Have process_string() also allow arrays In order to catch a common bug where a TRACE_EVENT() TP_fast_assign() assigns an address of an allocated string to the ring buffer and then references it in TP_printk(), which can be executed hours later when the string is free, the function test_event_printk() runs on all events as they are registered to make sure there’s no unwanted dereferencing. It calls process_string() to handle cases in TP_printk() format that has “%s”. It returns whether or not the string is safe. But it can have some false positives. For instance, xe_bo_move() has: TP_printk(“move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s”, __entry->move_lacks_source ? “yes” : “no”, __entry->bo, __entry->size, xe_mem_type_to_name[__entry->old_placement], xe_mem_type_to_name[__entry->new_placement], __get_str(device_id)) Where the “%s” references into xe_mem_type_to_name[]. This is an array of pointers that should be safe for the event to access. Instead of flagging this as a bad reference, if a reference points to an array, where the record field is the index, consider it safe. | 2025-01-21 | not yet calculated | CVE-2024-57930 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels. | 2025-01-21 | not yet calculated | CVE-2024-57931 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if either of these conditions are false. In the case of no loaded XDP program, priv->num_xdp_queues=0 which can cause a divide-by-zero error, and in the case of interface down, num_xdp_queues remains untouched to persist XDP queue count for the next interface up, but the TX pointer itself would be NULL. The XDP xmit callback also needs to synchronize with a device transitioning from open to close. This synchronization will happen via the GVE_PRIV_FLAGS_NAPI_ENABLED bit along with a synchronize_net() call, which waits for any RCU critical sections at call-time to complete. | 2025-01-21 | not yet calculated | CVE-2024-57932 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, disabling or enabling XSK pools would result in a crash, as the RX queue pointer would be NULL. XSK pool registration will occur as part of the next interface up. Similarly, xsk_wakeup needs be guarded against queues disappearing while the function is executing, so a check against the GVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the disabling of the bit and the synchronize_net() in gve_turndown. | 2025-01-21 | not yet calculated | CVE-2024-57933 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: fgraph: Add READ_ONCE() when accessing fgraph_array[] In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[] elements, which are fgraph_ops. The loop checks if an element is a fgraph_stub to prevent using a fgraph_stub afterward. However, if the compiler reloads fgraph_array[] after this check, it might race with an update to fgraph_array[] that introduces a fgraph_stub. This could result in the stub being processed, but the stub contains a null “func_hash” field, leading to a NULL pointer dereference. To ensure that the gops compared against the fgraph_stub matches the gops processed later, add a READ_ONCE(). A similar patch appears in commit 63a8dfb (“function_graph: Add READ_ONCE() when accessing fgraph_array[]”). | 2025-01-21 | not yet calculated | CVE-2024-57934 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix accessing invalid dip_ctx during destroying QP If it fails to modify QP to RTR, dip_ctx will not be attached. And during detroying QP, the invalid dip_ctx pointer will be accessed. | 2025-01-21 | not yet calculated | CVE-2024-57935 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 SGEs. This is causing traffic failures and system crashes. Use the define for max SGE supported for variable size. This will work for both static and variable WQEs. | 2025-01-21 | not yet calculated | CVE-2024-57936 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix sleeping in invalid context in die() die() can be called in exception handler, and therefore cannot sleep. However, die() takes spinlock_t which can sleep with PREEMPT_RT enabled. That causes the following warning: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex preempt_count: 110001, expected: 0 RCU nest depth: 0, expected: 0 CPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234 Hardware name: riscv-virtio,qemu (DT) Call Trace: dump_backtrace+0x1c/0x24 show_stack+0x2c/0x38 dump_stack_lvl+0x5a/0x72 dump_stack+0x14/0x1c __might_resched+0x130/0x13a rt_spin_lock+0x2a/0x5c die+0x24/0x112 do_trap_insn_illegal+0xa0/0xea _new_vmalloc_restore_context_a0+0xcc/0xd8 Oops – illegal instruction [#1] Switch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT enabled. | 2025-01-21 | not yet calculated | CVE-2024-57939 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled (e.g. due to a DIO write on that file), future copying to the cache for that file is disabled until all fds open on that file are closed. However, if netfslib is using the deprecated PG_private_2 method (such as is currently used by ceph), and decides it wants to copy to the cache, netfs_advance_write() will just bail at the first check seeing that the cache stream is unavailable, and indicate that it dealt with all the content. This means that we have no subrequests to provide notifications to drive the state machine or even to pin the request and the request just gets discarded, leaving the folios with PG_private_2 set. Fix this by jumping directly to cancel the request if the cache is not available. That way, we don’t remove mark3 from the folio_queue list and netfs_pgpriv2_cancel() will clean up the folios. This was found by running the generic/013 xfstest against ceph with an active cache and the “-o fsc” option passed to ceph. That would usually hang | 2025-01-21 | not yet calculated | CVE-2024-57941 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix ceph copy to cache on write-begin At the end of netfs_unlock_read_folio() in which folios are marked appropriately for copying to the cache (either with by being marked dirty and having their private data set or by having PG_private_2 set) and then unlocked, the folio_queue struct has the entry pointing to the folio cleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(), which is used to write folios marked with PG_private_2 to the cache as it expects to be able to trawl the folio_queue list thereafter to find the relevant folios, leading to a hang. Fix this by not clearing the folio_queue entry if we’re going to do the deprecated copy-to-cache. The clearance will be done instead as the folios are written to the cache. This can be reproduced by starting cachefiles, mounting a ceph filesystem with “-o fsc” and writing to it. | 2025-01-21 | not yet calculated | CVE-2024-57942 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data must be zeroed, otherwise uninitialized data in the page cache will be written. So this commit uses folio_zero_new_buffers() to zero the new buffers before ->write_end(). | 2025-01-21 | not yet calculated | CVE-2024-57943 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: ((struct page *)VMEMMAP_START – (phys_ram_base >> PAGE_SHIFT)). And the struct page’s va can be calculated with an offset: (vmemmap + (pfn)). However, when initializing struct pages, kernel actually starts from the first page from the same section that phys_ram_base belongs to. If the first page’s physical address is not (phys_ram_base >> PAGE_SHIFT), then we get an va below VMEMMAP_START when calculating va for it’s struct page. For example, if phys_ram_base starts from 0x82000000 with pfn 0x82000, the first page in the same section is actually pfn 0x80000. During init_unavailable_range(), we will initialize struct page for pfn 0x80000 with virtual address ((struct page *)VMEMMAP_START – 0x2000), which is below VMEMMAP_START as well as PCI_IO_END. This commit fixes this bug by introducing a new variable ‘vmemmap_start_pfn’ which is aligned with memory section size and using it to calculate vmemmap address instead of phys_ram_base. | 2025-01-21 | not yet calculated | CVE-2024-57945 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don’t keep queue frozen during system suspend Commit 4ce6e2db00de (“virtio-blk: Ensure no requests in virtqueues before deleting vqs.”) replaces queue quiesce with queue freeze in virtio-blk’s PM callbacks. And the motivation is to drain inflight IOs before suspending. block layer’s queue freeze looks very handy, but it is also easy to cause deadlock, such as, any attempt to call into bio_queue_enter() may run into deadlock if the queue is frozen in current context. There are all kinds of ->suspend() called in suspend context, so keeping queue frozen in the whole suspend context isn’t one good idea. And Marek reported lockdep warning[1] caused by virtio-blk’s freeze queue in virtblk_freeze(). [1] https://lore.kernel.org/linux-block/[email protected]/ Given the motivation is to drain in-flight IOs, it can be done by calling freeze & unfreeze, meantime restore to previous behavior by keeping queue quiesced during suspend. | 2025-01-21 | not yet calculated | CVE-2024-57946 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result and the fill map are swapped, so if we have a set where f->bsize of the first element is smaller than m->bsize_max, those one-bits are leaked into future rounds result map. This makes pipapo find an incorrect matching results for sets where first field size is not the largest. Followup patch adds a test case to nft_concat_range.sh selftest script. Thanks to Stefano Brivio for pointing out that we need to zero out the remainder explicitly, only correcting memset() argument isn’t enough. | 2025-01-23 | not yet calculated | CVE-2024-57947 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn’t correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctly defer it another RCU grace period. | 2025-01-20 | not yet calculated | CVE-2025-21655 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur scsi_execute_cmd() function can return both negative (linux codes) and positive (scsi_cmnd result field) error codes. Currently the driver just passes error codes of scsi_execute_cmd() to hwmon core, which is incorrect because hwmon only checks for negative error codes. This leads to hwmon reporting uninitialized data to userspace in case of SCSI errors (for example if the disk drive was disconnected). This patch checks scsi_execute_cmd() output and returns -EIO if it’s error code is positive. [groeck: Avoid inline variable declaration for portability] | 2025-01-21 | not yet calculated | CVE-2025-21656 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass() scx_ops_bypass() iterates all CPUs to re-enqueue all the scx tasks. For each CPU, it acquires a lock using rq_lock() regardless of whether a CPU is offline or the CPU is currently running a task in a higher scheduler class (e.g., deadline). The rq_lock() is supposed to be used for online CPUs, and the use of rq_lock() may trigger an unnecessary warning in rq_pin_lock(). Therefore, replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass(). Without this change, we observe the following warning: ===== START ===== [ 6.615205] rq->balance_callback && rq->balance_callback != &balance_push_callback [ 6.615208] WARNING: CPU: 2 PID: 0 at kernel/sched/sched.h:1730 __schedule+0x1130/0x1c90 ===== END ===== | 2025-01-21 | not yet calculated | CVE-2025-21657 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the very least NAPI instance belongs to the same netns as the owner of the genl sock. napi_by_id() can become static now, but it needs to move because of dev_get_by_napi_id(). | 2025-01-21 | not yet calculated | CVE-2025-21659 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When `ksmbd_vfs_kern_path_locked` met an error and it is not the last entry, it will exit without restoring changed path buffer. But later this buffer may be used as the filename for creation. | 2025-01-21 | not yet calculated | CVE-2025-21660 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix missing lookup table cleanups When a virtuser device is created via configfs and the probe fails due to an incorrect lookup table, the table is not removed. This prevents subsequent probe attempts from succeeding, even if the issue is corrected, unless the device is released. Additionally, cleanup is also needed in the less likely case of platform_device_register_full() failure. Besides, a consistent memory leak in lookup_table->dev_id was spotted using kmemleak by toggling the live state between 0 and 1 with a correct lookup table. Introduce gpio_virtuser_remove_lookup_table() as the counterpart to the existing gpio_virtuser_make_lookup_table() and call it from all necessary points to ensure proper cleanup. | 2025-01-21 | not yet calculated | CVE-2025-21661 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix variable not being completed when function returns When cmd_alloc_index(), fails cmd_work_handler() needs to complete ent->slotted before returning early. Otherwise the task which issued the command may hang: mlx5_core 0000:01:00.0: cmd_work_handler:877:(pid 3880418): failed to allocate command entry INFO: task kworker/13:2:4055883 blocked for more than 120 seconds. Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1 “echo 0 > /proc/sys/kernel/hung_task_timeout_secs” disables this message. kworker/13:2 D 0 4055883 2 0x00000228 Workqueue: events mlx5e_tx_dim_work [mlx5_core] Call trace: __switch_to+0xe8/0x150 __schedule+0x2a8/0x9b8 schedule+0x2c/0x88 schedule_timeout+0x204/0x478 wait_for_common+0x154/0x250 wait_for_completion+0x28/0x38 cmd_exec+0x7a0/0xa00 [mlx5_core] mlx5_cmd_exec+0x54/0x80 [mlx5_core] mlx5_core_modify_cq+0x6c/0x80 [mlx5_core] mlx5_core_modify_cq_moderation+0xa0/0xb8 [mlx5_core] mlx5e_tx_dim_work+0x54/0x68 [mlx5_core] process_one_work+0x1b0/0x448 worker_thread+0x54/0x468 kthread+0x134/0x138 ret_from_fork+0x10/0x18 | 2025-01-21 | not yet calculated | CVE-2025-21662 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia’s Tegra MGBE controllers require the IOMMU “Stream ID” (SID) to be written to the MGBE_WRAP_AXI_ASID0_CTRL register. The current driver is hard coded to use MGBE0’s SID for all controllers. This causes softirq time outs and kernel panics when using controllers other than MGBE0. Example dmesg errors when an ethernet cable is connected to MGBE1: [ 116.133290] tegra-mgbe 6910000.ethernet eth1: Link is Up – 1Gbps/Full – flow control rx/tx [ 121.851283] tegra-mgbe 6910000.ethernet eth1: NETDEV WATCHDOG: CPU: 5: transmit queue 0 timed out 5690 ms [ 121.851782] tegra-mgbe 6910000.ethernet eth1: Reset adapter. [ 121.892464] tegra-mgbe 6910000.ethernet eth1: Register MEM_TYPE_PAGE_POOL RxQ-0 [ 121.905920] tegra-mgbe 6910000.ethernet eth1: PHY [stmmac-1:00] driver [Aquantia AQR113] (irq=171) [ 121.907356] tegra-mgbe 6910000.ethernet eth1: Enabling Safety Features [ 121.907578] tegra-mgbe 6910000.ethernet eth1: IEEE 1588-2008 Advanced Timestamp supported [ 121.908399] tegra-mgbe 6910000.ethernet eth1: registered PTP clock [ 121.908582] tegra-mgbe 6910000.ethernet eth1: configuring for phy/10gbase-r link mode [ 125.961292] tegra-mgbe 6910000.ethernet eth1: Link is Up – 1Gbps/Full – flow control rx/tx [ 181.921198] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 181.921404] rcu: 7-….: (1 GPs behind) idle=540c/1/0x4000000000000002 softirq=1748/1749 fqs=2337 [ 181.921684] rcu: (detected by 4, t=6002 jiffies, g=1357, q=1254 ncpus=8) [ 181.921878] Sending NMI from CPU 4 to CPUs 7: [ 181.921886] NMI backtrace for cpu 7 [ 181.922131] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Kdump: loaded Not tainted 6.13.0-rc3+ #6 [ 181.922390] Hardware name: NVIDIA CTI Forge + Orin AGX/Jetson, BIOS 202402.1-Unknown 10/28/2024 [ 181.922658] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=–) [ 181.922847] pc : handle_softirqs+0x98/0x368 [ 181.922978] lr : __do_softirq+0x18/0x20 [ 181.923095] sp : ffff80008003bf50 [ 181.923189] x29: ffff80008003bf50 x28: 0000000000000008 x27: 0000000000000000 [ 181.923379] x26: ffffce78ea277000 x25: 0000000000000000 x24: 0000001c61befda0 [ 181.924486] x23: 0000000060400009 x22: ffffce78e99918bc x21: ffff80008018bd70 [ 181.925568] x20: ffffce78e8bb00d8 x19: ffff80008018bc20 x18: 0000000000000000 [ 181.926655] x17: ffff318ebe7d3000 x16: ffff800080038000 x15: 0000000000000000 [ 181.931455] x14: ffff000080816680 x13: ffff318ebe7d3000 x12: 000000003464d91d [ 181.938628] x11: 0000000000000040 x10: ffff000080165a70 x9 : ffffce78e8bb0160 [ 181.945804] x8 : ffff8000827b3160 x7 : f9157b241586f343 x6 : eeb6502a01c81c74 [ 181.953068] x5 : a4acfcdd2e8096bb x4 : ffffce78ea277340 x3 : 00000000ffffd1e1 [ 181.960329] x2 : 0000000000000101 x1 : ffffce78ea277340 x0 : ffff318ebe7d3000 [ 181.967591] Call trace: [ 181.970043] handle_softirqs+0x98/0x368 (P) [ 181.974240] __do_softirq+0x18/0x20 [ 181.977743] ____do_softirq+0x14/0x28 [ 181.981415] call_on_irq_stack+0x24/0x30 [ 181.985180] do_softirq_own_stack+0x20/0x30 [ 181.989379] __irq_exit_rcu+0x114/0x140 [ 181.993142] irq_exit_rcu+0x14/0x28 [ 181.996816] el1_interrupt+0x44/0xb8 [ 182.000316] el1h_64_irq_handler+0x14/0x20 [ 182.004343] el1h_64_irq+0x80/0x88 [ 182.007755] cpuidle_enter_state+0xc4/0x4a8 (P) [ 182.012305] cpuidle_enter+0x3c/0x58 [ 182.015980] cpuidle_idle_call+0x128/0x1c0 [ 182.020005] do_idle+0xe0/0xf0 [ 182.023155] cpu_startup_entry+0x3c/0x48 [ 182.026917] secondary_start_kernel+0xdc/0x120 [ 182.031379] __secondary_switched+0x74/0x78 [ 212.971162] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 7-…. } 6103 jiffies s: 417 root: 0x80/. [ 212.985935] rcu: blocking rcu_node structures (internal RCU debug): [ 212.992758] Sending NMI from CPU 0 to CPUs 7: [ 212.998539] NMI backtrace for cpu 7 [ 213.004304] CPU: 7 UID: 0 PI —truncated— | 2025-01-21 | not yet calculated | CVE-2025-21663 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: dm thin: make get_first_thin use rcu-safe list first function The documentation in rculist.h explains the absence of list_empty_rcu() and cautions programmers against relying on a list_empty() -> list_first() sequence in RCU safe code. This is because each of these functions performs its own READ_ONCE() of the list head. This can lead to a situation where the list_empty() sees a valid list entry, but the subsequent list_first() sees a different view of list head state after a modification. In the case of dm-thin, this author had a production box crash from a GP fault in the process_deferred_bios path. This function saw a valid list head in get_first_thin() but when it subsequently dereferenced that and turned it into a thin_c, it got the inside of the struct pool, since the list was now empty and referring to itself. The kernel on which this occurred printed both a warning about a refcount_t being saturated, and a UBSAN error for an out-of-bounds cpuid access in the queued spinlock, prior to the fault itself. When the resulting kdump was examined, it was possible to see another thread patiently waiting in thin_dtr’s synchronize_rcu. The thin_dtr call managed to pull the thin_c out of the active thins list (and have it be the last entry in the active_thins list) at just the wrong moment which lead to this crash. Fortunately, the fix here is straight forward. Switch get_first_thin() function to use list_first_or_null_rcu() which performs just a single READ_ONCE() and returns NULL if the list is already empty. This was run against the devicemapper test suite’s thin-provisioning suites for delete and suspend and no regressions were observed. | 2025-01-21 | not yet calculated | CVE-2025-21664 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| LizardByte–Sunshine |
Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine’s pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840. | 2025-01-20 | not yet calculated | CVE-2024-51738 | [email protected] [email protected] |
| M-Files Corporation–M-Files Server |
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords | 2025-01-23 | not yet calculated | CVE-2025-0619 | [email protected] |
| M-Files Corporation–M-Files Server |
Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions. | 2025-01-23 | not yet calculated | CVE-2025-0635 | [email protected] |
| M-Files Corporation–M-Files Server |
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 allows a highly privileged attacker to cause denial of service via configuration change. | 2025-01-23 | not yet calculated | CVE-2025-0648 | [email protected] |
| n/a–n/a |
The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing an oversized Emergency Number List value to the MME to overwrite the stack with arbitrary bytes. An attacker with a cellphone connection to any base station managed by the MME may exploit this vulnerability without having to authenticate with the LTE core. | 2025-01-22 | not yet calculated | CVE-2023-36998 | [email protected] [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37002 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37003 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37004 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37005 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37006 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37007 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances. | 2025-01-22 | not yet calculated | CVE-2023-37008 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37009 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37010 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37011 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37012 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37015 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37016 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37017 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37018 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37019 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37020 | [email protected] |
| n/a–n/a |
Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37021 | [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service. | 2025-01-22 | not yet calculated | CVE-2023-37023 | [email protected] |
| n/a–n/a |
Synnefo Internet Management Software 2023 was discovered to contain a SQL injection vulnerability. | 2025-01-22 | not yet calculated | CVE-2023-37777 | [email protected] [email protected] |
| n/a–n/a |
KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function. | 2025-01-23 | not yet calculated | CVE-2023-46401 | [email protected] |
| n/a–n/a |
A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. | 2025-01-22 | not yet calculated | CVE-2024-24429 | [email protected] |
| n/a–n/a |
A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | 2025-01-22 | not yet calculated | CVE-2024-24432 | [email protected] |
| n/a–n/a |
Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface. | 2025-01-21 | not yet calculated | CVE-2024-24444 | [email protected] [email protected] |
| n/a–n/a |
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service. | 2025-01-22 | not yet calculated | CVE-2024-34235 | [email protected] |
| n/a–n/a |
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user’s password is compared to the user’s decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user’s Blocky password and from there impersonate that local user. | 2025-01-22 | not yet calculated | CVE-2024-42012 | [email protected] [email protected] |
| n/a–n/a |
In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of the program. | 2025-01-22 | not yet calculated | CVE-2024-42013 | [email protected] [email protected] |
| n/a–n/a |
gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box. | 2025-01-23 | not yet calculated | CVE-2024-50664 | [email protected] |
| n/a–n/a |
gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box. | 2025-01-23 | not yet calculated | CVE-2024-50665 | [email protected] |
| n/a–n/a |
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates. | 2025-01-24 | not yet calculated | CVE-2024-50690 | [email protected] |
| n/a–n/a |
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level. | 2025-01-24 | not yet calculated | CVE-2024-50692 | [email protected] |
| n/a–n/a |
In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow. | 2025-01-24 | not yet calculated | CVE-2024-50694 | [email protected] |
| n/a–n/a |
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks. | 2025-01-24 | not yet calculated | CVE-2024-50695 | [email protected] |
| n/a–n/a |
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content. | 2025-01-24 | not yet calculated | CVE-2024-50698 | [email protected] |
| n/a–n/a |
An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows remote access to properties on reflection types and static properties/fields. | 2025-01-21 | not yet calculated | CVE-2024-51417 | [email protected] [email protected] [email protected] |
| n/a–n/a |
Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC’s SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-Service via a malformed Client-Hello message. | 2025-01-23 | not yet calculated | CVE-2024-53379 | [email protected] |
| n/a–n/a |
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*). | 2025-01-23 | not yet calculated | CVE-2024-55192 | [email protected] |
| n/a–n/a |
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h. | 2025-01-23 | not yet calculated | CVE-2024-55194 | [email protected] |
| n/a–n/a |
An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space. | 2025-01-23 | not yet calculated | CVE-2024-55195 | [email protected] |
| n/a–n/a |
A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-22 | not yet calculated | CVE-2024-55488 | [email protected] [email protected] |
| n/a–n/a |
An issue in RAR Extractor – Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploit_combined.dylib component on MacOS. | 2025-01-21 | not yet calculated | CVE-2024-55504 | [email protected] [email protected] [email protected] |
| n/a–n/a |
SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server. | 2025-01-23 | not yet calculated | CVE-2024-55971 | [email protected] [email protected] [email protected] [email protected] |
| n/a–n/a |
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php. | 2025-01-21 | not yet calculated | CVE-2024-56990 | [email protected] |
| n/a–n/a |
TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request. | 2025-01-21 | not yet calculated | CVE-2024-57036 | [email protected] |
| n/a–n/a |
A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the ‘about me’ section of their profile. | 2025-01-24 | not yet calculated | CVE-2024-57041 | [email protected] [email protected] [email protected] |
| n/a–n/a |
SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload. | 2025-01-24 | not yet calculated | CVE-2024-57095 | [email protected] [email protected] |
| n/a–n/a |
InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload. | 2025-01-24 | not yet calculated | CVE-2024-57277 | [email protected] [email protected] [email protected] |
| n/a–n/a |
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (anonymous_protect_status) is copied to the stack without length verification. | 2025-01-21 | not yet calculated | CVE-2024-57538 | [email protected] |
| n/a–n/a |
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEmail. | 2025-01-21 | not yet calculated | CVE-2024-57539 | [email protected] |
| n/a–n/a |
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (action) is copied to the stack without length verification. | 2025-01-21 | not yet calculated | CVE-2024-57540 | [email protected] |
| n/a–n/a |
A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php. | 2025-01-22 | not yet calculated | CVE-2025-22980 | [email protected] |
| Node.js–node |
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (–permission) on Node.js v20, v22, and v23. | 2025-01-22 | not yet calculated | CVE-2025-23090 | [email protected] |
| nodejs–node |
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (–permission) on Node.js v20, v22, and v23. | 2025-01-22 | not yet calculated | CVE-2025-23083 | [email protected] |
| nodejs–node |
This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components). Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support. | 2025-01-22 | not yet calculated | CVE-2025-23087 | [email protected] af854a3a-2127-422b-91ae-364da2661108 |
| nodejs–node |
This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components). Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support. | 2025-01-22 | not yet calculated | CVE-2025-23088 | [email protected] af854a3a-2127-422b-91ae-364da2661108 |
| nodejs–node |
This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components). Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support. | 2025-01-22 | not yet calculated | CVE-2025-23089 | [email protected] af854a3a-2127-422b-91ae-364da2661108 |
| OpenSSL–OpenSSL |
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. | 2025-01-20 | not yet calculated | CVE-2024-13176 | [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] af854a3a-2127-422b-91ae-364da2661108 af854a3a-2127-422b-91ae-364da2661108 |
| Payara Platform–Payara Server |
Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Request/Response Splitting’) vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0. | 2025-01-21 | not yet calculated | CVE-2024-45687 | 769c9ae7-73c3-4e47-ae19-903170fc3eb8 769c9ae7-73c3-4e47-ae19-903170fc3eb8 769c9ae7-73c3-4e47-ae19-903170fc3eb8 |
| PHPOffice–PhpSpreadsheet |
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response. | 2025-01-20 | not yet calculated | CVE-2025-22131 | [email protected] [email protected] |
| The GNU C Library–glibc |
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. | 2025-01-22 | not yet calculated | CVE-2025-0395 | 3ff69d7a-14f2-4f67-a097-88dee7810d18 3ff69d7a-14f2-4f67-a097-88dee7810d18 3ff69d7a-14f2-4f67-a097-88dee7810d18 3ff69d7a-14f2-4f67-a097-88dee7810d18 af854a3a-2127-422b-91ae-364da2661108 af854a3a-2127-422b-91ae-364da2661108 |
| Traffic Alert and Collision Avoidance System (TCAS) II–Collision Avoidance Systems |
For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition. | 2025-01-22 | not yet calculated | CVE-2024-11166 | [email protected] |
| Traffic Alert and Collision Avoidance System (TCAS) II–Collision Avoidance Systems |
By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories (RAs). | 2025-01-22 | not yet calculated | CVE-2024-9310 | [email protected] |
| updatecli–updatecli |
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a `maven` source configured with basic auth credentials, the credentials are being leaked in the application execution logs in case of failure. Credentials are properly sanitized when the operation is successful but not when for whatever reason there is a failure in the maven repository, e.g. wrong coordinates provided, not existing artifact or version. Version 0.93.0 contains a patch for the issue. | 2025-01-24 | not yet calculated | CVE-2025-24355 | [email protected] [email protected] |