Bulletins: Vulnerability Summary for the Week of January 20, 2025

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-026
Source: Bulletins
Title: Vulnerability Summary for the Week of January 20, 2025

Feedly Summary:
High Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info

aEnrich Technology–a+HRD 
The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
2025-01-20
9.8
CVE-2025-0585

aEnrich Technology–a+HRD 
The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution.
2025-01-20
7.2
CVE-2025-0586

aipower — aipower 
The “AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form[‘post_content’] variable through the wpaicg_export_prompts function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
2025-01-22
7.2
CVE-2025-0428

aipower — aipower 
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form[‘post_content’] variable through the wpaicg_export_ai_forms() function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
2025-01-22
7.2
CVE-2025-0429

AlaFalaki–a Gateway for Pasargad Bank on WooCommerce 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AlaFalaki a Gateway for Pasargad Bank on WooCommerce allows Reflected XSS. This issue affects a Gateway for Pasargad Bank on WooCommerce: from n/a through 2.5.2.
2025-01-22
7.1
CVE-2025-23966

Alessandro Benoit–WpDevTool 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alessandro Benoit WpDevTool allows Reflected XSS. This issue affects WpDevTool: from n/a through 0.1.1.
2025-01-23
7.1
CVE-2025-23624

Andrea Dotta, Jacopo Campani, di xkoll.com–Social2Blog 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andrea Dotta, Jacopo Campani, di xkoll.com Social2Blog allows Reflected XSS. This issue affects Social2Blog: from n/a through 0.2.990.
2025-01-21
7.1
CVE-2025-23461

Apache Software Foundation–Apache Ambari 
A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.
2025-01-21
8.8
CVE-2024-51941

Apache Software Foundation–Apache Ambari 
A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari.
2025-01-21
8.8
CVE-2025-23196

Apache Software Foundation–Apache Ambari 
An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the `DocumentBuilderFactory` class without disabling external entity resolution. An attacker can exploit this vulnerability to read arbitrary files on the server or perform server-side request forgery (SSRF) attacks. The issue has been fixed in both Ambari 2.7.9 and the trunk branch.
2025-01-21
7.5
CVE-2025-23195

Atarim–Atarim 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Atarim Atarim allows Stored XSS. This issue affects Atarim: from n/a through 4.0.8.
2025-01-24
7.1
CVE-2025-24570

AWcode, PDSonline–Unique UX 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AWcode, PDSonline Unique UX allows Reflected XSS. This issue affects Unique UX: from n/a through 0.9.2.
2025-01-22
7.1
CVE-2025-23625

AYS Pro Plugins–Quiz Maker Developer 
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ays_save_google_credentials’ function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This makes it possible for unauthenticated attackers to modify the Google Sheets integration credentials within the plugin’s settings. Because the ‘client_id’ parameter is not sanitized or escaped when used in output, this vulnerability could also be leveraged to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-26
7.2
CVE-2024-10574

AYS Pro Plugins–Quiz Maker Developer 
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2025-01-26
7.5
CVE-2024-10628

AYS Pro Plugins–Quiz Maker Developer 
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
2025-01-26
7.3
CVE-2024-10633

basteln3rk–Save & Import Image from URL 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in basteln3rk Save & Import Image from URL allows Reflected XSS. This issue affects Save & Import Image from URL: from n/a through 0.7.
2025-01-23
7.1
CVE-2025-23960

Beta10–Beta10 
It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been identified at least in the file or path ‘/app/tools.html’.
2025-01-23
9.8
CVE-2025-0637

Bilal TAS–Responsivity 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bilal TAS Responsivity allows Reflected XSS. This issue affects Responsivity: from n/a through 0.0.6.
2025-01-22
7.1
CVE-2025-23548

Blrt–Blrt WP Embed 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blrt Blrt WP Embed allows Reflected XSS. This issue affects Blrt WP Embed: from n/a through 1.6.9.
2025-01-22
7.1
CVE-2025-23507

Brian Messenlehner of WebDevStudios–WP-Announcements 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brian Messenlehner of WebDevStudios WP-Announcements allows Reflected XSS. This issue affects WP-Announcements: from n/a through 1.8.
2025-01-21
7.1
CVE-2025-23489

Callum Richards–Admin Menu Organizer 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Callum Richards Admin Menu Organizer allows Reflected XSS. This issue affects Admin Menu Organizer: from n/a through 1.0.1.
2025-01-22
7.1
CVE-2025-23686

Camoo Sarl–CAMOO SMS 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Camoo Sarl CAMOO SMS allows Reflected XSS. This issue affects CAMOO SMS: from n/a through 3.0.1.
2025-01-22
7.1
CVE-2025-23607

Cisco–Cisco BroadWorks 
A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.
2025-01-22
7.5
CVE-2025-20165

Cisco–Cisco Meeting Management 
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management.
2025-01-22
9.9
CVE-2025-20156

clickandsell–REAL WordPress Sidebar 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in clickandsell REAL WordPress Sidebar allows Stored XSS. This issue affects REAL WordPress Sidebar: from n/a through 0.1.
2025-01-22
7.1
CVE-2025-23535

CodePeople–Form Builder CP 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CodePeople Form Builder CP allows SQL Injection. This issue affects Form Builder CP: from n/a through 1.2.41.
2025-01-24
8.5
CVE-2025-24672

coollabsio–coolify 
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of IP / domain, port (most likely 22) and user (root) matches with the victim’s server configuration, then the attacker can use the `Terminal` feature and execute arbitrary commands on the victim’s server. Version 4.0.0-beta.361 fixes the issue.
2025-01-24
10
CVE-2025-22609

coollabsio–coolify 
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP / domain, port (most likely 22) and user (root) matches with the victim’s server configuration, then the attacker can execute arbitrary commands on the remote server. Version 4.0.0-beta.374 fixes the issue.
2025-01-24
10
CVE-2025-22612

coollabsio–coolify 
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He’s also able to kick every other member out of the team, including admins and owners. This allows the attacker to access the `Terminal` feature and execute remote commands. Version 4.0.0-beta.361 fixes the issue.
2025-01-24
9.9
CVE-2025-22611

Deepin–dde-api-proxy 
An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don’t know about the proxy situation (they believe that root is asking them to do things). Consequently several proxied methods, that shouldn’t be accessible to non-root users, are accessible to non-root users. In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges.
2025-01-24
8.4
CVE-2025-23222

Dimitar Atanasov–My Favorite Car 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dimitar Atanasov My Favorite Car allows Reflected XSS. This issue affects My Favorite Car: from n/a through 1.0.
2025-01-23
7.1
CVE-2025-23636

Dovy Paukstys–Redux Converter 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dovy Paukstys Redux Converter allows Reflected XSS. This issue affects Redux Converter: from n/a through 1.1.3.1.
2025-01-24
7.1
CVE-2025-23427

E4J s.r.l.–VikAppointments Services Booking Calendar 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in E4J s.r.l. VikAppointments Services Booking Calendar allows Stored XSS. This issue affects VikAppointments Services Booking Calendar: from n/a through 1.2.16.
2025-01-21
7.1
CVE-2025-22719

e4jvikwp–VikBooking Hotel Booking Engine & PMS 
The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the ‘save’ function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site’s server which may make remote code execution possible.
2025-01-26
8.8
CVE-2024-11641

ECOVACS–DEEBOT X5 PRO PLUS 
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
2025-01-23
7.4
CVE-2024-52330

ECOVACS–ECOVACS HOME 
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.
2025-01-23
7.4
CVE-2024-52329

ECOVACS–GOAT G1 
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
2025-01-23
9.6
CVE-2024-52325

ECOVACS–Unspecified robots 
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.
2025-01-23
7.6
CVE-2024-11147

ECOVACS–Unspecified robots 
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.
2025-01-23
7.5
CVE-2024-52331

edmon–Download, Downloads 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in edmon Download, Downloads allows Reflected XSS. This issue affects Download, Downloads : from n/a through 1.4.2.
2025-01-23
7.1
CVE-2025-23541

Elastic–Fleet Server 
An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.
2025-01-23
9
CVE-2024-52975

Elastic–Kibana 
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions.
2025-01-23
7.7
CVE-2024-43707

Eliott Robson–Mass Messaging in BuddyPress 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Eliott Robson Mass Messaging in BuddyPress allows Reflected XSS. This issue affects Mass Messaging in BuddyPress: from n/a through 2.2.1.
2025-01-22
7.1
CVE-2025-23798

eminozlem–Bootstrap Ultimate 
The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If php://filter is enabled on the server, this issue may directly lead to Remote Code Execution.
2025-01-24
9.8
CVE-2024-13545

Eniture Technology–Standard Box Sizes for WooCommerce 
Missing Authorization vulnerability in Eniture Technology Standard Box Sizes – for WooCommerce. This issue affects Standard Box Sizes – for WooCommerce: from n/a through 1.6.13.
2025-01-21
7.5
CVE-2025-22318

envoyproxy–gateway 
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch.
2025-01-23
7.1
CVE-2025-24030

Ericsson–CodeChecker 
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not limited to adding, removing or editing products. The attacker needs to know the ID of the available products to modify or delete them. The attacker cannot directly exfiltrate data (view) from CodeChecker, due to being limited to form-based CSRF. This issue affects CodeChecker: through 6.24.4.
2025-01-21
8.2
CVE-2024-53829

Estatebud–Estatebud Properties & Listings 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Estatebud Estatebud – Properties & Listings allows Stored XSS. This issue affects Estatebud – Properties & Listings: from n/a through 5.5.0.
2025-01-21
7.1
CVE-2025-23994

Explara–Explara Membership 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Explara Explara Membership allows Reflected XSS. This issue affects Explara Membership: from n/a through 0.0.7.
2025-01-22
7.1
CVE-2025-23583

Faaiq Ahmed, Technial Architect,faaiqsj@gmail.com–Simple Custom post type custom field 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Faaiq Ahmed, Technial Architect,faaiqsj@gmail.com Simple Custom post type custom field allows Reflected XSS. This issue affects Simple Custom post type custom field: from n/a through 1.0.3.
2025-01-22
7.1
CVE-2025-23500

fastify–fastify-multipart 
@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the `saveRequestFiles` function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use `saveRequestFiles`.
2025-01-23
7.5
CVE-2025-24033

Fedora Repository–Fedora Repository 
Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
2025-01-23
8.8
CVE-2025-23011

Fedora Repository–Fedora Repository 
Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
2025-01-23
7.5
CVE-2025-23012

flashmaniac–Nature FlipBook 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in flashmaniac Nature FlipBook allows Reflected XSS. This issue affects Nature FlipBook: from n/a through 1.7.
2025-01-21
7.1
CVE-2025-23454

fures–XTRA Settings 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in fures XTRA Settings allows Reflected XSS. This issue affects XTRA Settings: from n/a through 2.1.8.
2025-01-23
7.1
CVE-2025-23729

G DATA CyberDefense AG–G DATA Management Server 
Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write.
2025-01-25
7.8
CVE-2025-0542

G DATA CyberDefense AG–G DATA Security Client 
Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM.
2025-01-25
7.8
CVE-2025-0543

gamipress — gamipress 
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
2025-01-22
7.3
CVE-2024-13495

gamipress — gamipress 
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2025-01-22
7.5
CVE-2024-13496

gamipress — gamipress 
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
2025-01-22
7.3
CVE-2024-13499

GitLab–GitLab 
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.
2025-01-24
8.7
CVE-2025-0314

Google–Android 
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
9.8
CVE-2024-49747

Google–Android 
In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
9.8
CVE-2024-49748

Google–Android 
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
8.8
CVE-2024-43096

Google–Android 
In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
8.8
CVE-2024-43770

Google–Android 
In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
8.8
CVE-2024-43771

Google–Android 
In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
8.8
CVE-2024-49749

Google–Android 
In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
2025-01-21
7.8
CVE-2023-40132

Google–Android 
In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
7.8
CVE-2024-34730

Google–Android 
In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
2025-01-21
7.8
CVE-2024-43095

Google–Android 
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
2025-01-21
7.8
CVE-2024-43765

Google–Android 
In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
2025-01-21
7
CVE-2024-49724

Google–Android 
In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
7.8
CVE-2024-49732

Google–Android 
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
7.5
CVE-2024-49734

Google–Android 
In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
7.8
CVE-2024-49735

Google–Android 
In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
7.8
CVE-2024-49736

Google–Android 
In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
7.8
CVE-2024-49737

Google–Android 
In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
7.8
CVE-2024-49738

Google–Android 
In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
2025-01-21
7.8
CVE-2024-49742

Google–Android 
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
2025-01-21
7.8
CVE-2024-49744

Google–Android 
In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
7.8
CVE-2024-49745

Gradle–Enterprise 
Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 (in affected vulnerable versions) does not include the projects section of the configuration. This leads to all of the project settings being reset to their defaults when the old schema is loaded. In the case of projects.enabled, the default is false. Thus, using an enterprise config v8 results in Project level access control being disabled, even if it was previously enabled, and previously restricted project information disclosed. Most commonly, this occurs when a Develocity instance is upgraded from an earlier version. Specifically, this occurs if: Develocity 2023.3.X is upgraded to 2023.4.X; Develocity 2023.3.X is upgraded to 2024.1.X up to and including 2024.1.7; or Develocity 2023.4.X is upgraded to 2024.1.X up to and including 2024.1.7. The flaw does not occur when upgrading to a fixed version. An upgrade can only be triggered via administrator access, and cannot be forced by an external attacker.
2025-01-26
7.1
CVE-2024-46881

HashiCorp–Shared library 
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
2025-01-21
7.5
CVE-2025-0377

heart5–StatPressCN 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in heart5 StatPressCN allows Reflected XSS. This issue affects StatPressCN: from n/a through 1.9.1.
2025-01-23
7.1
CVE-2025-23544

Helmuth Lammer–Tagesteller 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Helmuth Lammer Tagesteller allows Reflected XSS. This issue affects Tagesteller: from n/a through v.1.1.
2025-01-22
7.1
CVE-2025-23609

Hidetoshi Fukushima–Kumihimo 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hidetoshi Fukushima Kumihimo allows Reflected XSS. This issue affects Kumihimo: from n/a through 1.0.2.
2025-01-23
7.1
CVE-2025-23626

HL7–fhir-ig-publisher 
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available.
2025-01-24
8.6
CVE-2024-52807

humanmade limited, Joe Hoyle, Tom Wilmott, Matthew Haines-Young–HM Portfolio 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in humanmade limited, Joe Hoyle, Tom Wilmott, Matthew Haines-Young HM Portfolio allows Reflected XSS. This issue affects HM Portfolio: from n/a through 1.1.1.
2025-01-24
7.1
CVE-2025-23522

I Thirteen Web Solution–Email Subscription Popup 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in I Thirteen Web Solution Email Subscription Popup allows Blind SQL Injection. This issue affects Email Subscription Popup: from n/a through 1.2.23.
2025-01-24
7.6
CVE-2025-24587

IBM–Analytics Content Hub 
IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
2025-01-25
8.8
CVE-2024-39750

IBM–Cognos Dashboards on Cloud Pak for Data 
IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.
2025-01-24
8.8
CVE-2024-41739

IBM–Planning Analytics Local 
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.
2025-01-24
8
CVE-2024-25034

IBM–Planning Analytics Local 
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
2025-01-24
8
CVE-2024-40693

IBM–Sterling B2B Integrator Standard Edition 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.
2025-01-22
8.8
CVE-2024-31903

Innovative Solutions–user files 
Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server. This issue affects user files: from n/a through 2.4.2.
2025-01-22
10
CVE-2025-23953

instawp–String locator 
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the ‘recursive_unserialize_replace’ function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.
2025-01-21
8.8
CVE-2024-10936

iova.mihai–Social Pug: Author Box 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in iova.mihai Social Pug: Author Box allows Reflected XSS. This issue affects Social Pug: Author Box: from n/a through 1.0.0.
2025-01-21
7.1
CVE-2025-22706

Iqonic Design–WPBookit 
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘WPB_Profile_controller::handle_image_upload’ function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.
2025-01-25
9.8
CVE-2025-0357

jannatqualitybacklinks.com–REDIRECTION PLUS 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in jannatqualitybacklinks.com REDIRECTION PLUS allows Reflected XSS. This issue affects REDIRECTION PLUS: from n/a through 2.0.0.
2025-01-22
7.1
CVE-2025-23681

jcollings–Import WP Export and Import CSV and XML files to WordPress 
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/ directory which can contain information like imported or local user data and files.
2025-01-25
7.5
CVE-2024-13562

Jenkins Project–Jenkins Bitbucket Server Integration Plugin 
Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
2025-01-22
8.8
CVE-2025-24398

Jenkins Project–Jenkins OpenId Connect Authentication Plugin 
Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that differs only in letter case, potentially gaining administrator access to Jenkins.
2025-01-22
8.8
CVE-2025-24399

JetBrains–YouTrack 
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
2025-01-21
7.1
CVE-2025-24458

Joe Dolson–My Tickets 
Missing Authorization vulnerability in Joe Dolson My Tickets allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects My Tickets: from n/a through 2.0.9.
2025-01-21
7.5
CVE-2025-22717

Kiro G.–Formatted post 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kiro G. Formatted post allows Reflected XSS. This issue affects Formatted post: from n/a through 1.01.
2025-01-22
7.1
CVE-2025-23709

Kolja Nolte–Flexible Blogtitle 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kolja Nolte Flexible Blogtitle allows Reflected XSS. This issue affects Flexible Blogtitle: from n/a through 0.1.
2025-01-22
7.1
CVE-2025-23846

LabRedesCefetRJ–WeGIA 
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application’s database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.
2025-01-20
9.8
CVE-2025-23219

LabRedesCefetRJ–WeGIA 
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_especie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application’s database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.
2025-01-20
8.8
CVE-2025-23218

LabRedesCefetRJ–WeGIA 
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application’s database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.
2025-01-20
8.8
CVE-2025-23220

LamPD–Call To Action Popup 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LamPD Call To Action Popup allows Reflected XSS. This issue affects Call To Action Popup: from n/a through 1.0.2.
2025-01-22
7.1
CVE-2025-23605

Laymance Technologies LLC–MachForm Shortcode 
Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode allows Stored XSS. This issue affects MachForm Shortcode: from n/a through 1.4.1.
2025-01-24
7.1
CVE-2025-24636

Lexmark–various 
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices.
2025-01-21
8.6
CVE-2023-50733

LibVNC–LibVNCServer 
LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.
2025-01-24
8.8
CVE-2019-15690

Linus Lundahl–Good Old Gallery 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Linus Lundahl Good Old Gallery allows Reflected XSS. This issue affects Good Old Gallery: from n/a through 2.1.2.
2025-01-22
7.1
CVE-2025-23959

linuxfoundation — magma 
Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service. 2025-01-21 7.5 CVE-2023-37029 linuxfoundation -- magma  A Stack-based buffer overflow in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an oversized `Emergency Number List` Information Element. 2025-01-21 7.5 CVE-2023-37032 linuxfoundation -- magma  The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. 2025-01-21 7.5 CVE-2024-24416 linuxfoundation -- magma  The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. 2025-01-21 7.5 CVE-2024-24417 linuxfoundation -- magma  The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at /nas/ies/PdnAddress.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. 2025-01-21 7.5 CVE-2024-24418 linuxfoundation -- magma  The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_traffic_flow_template_packet_filter function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. 2025-01-21 7.5 CVE-2024-24419 linuxfoundation -- magma  The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. 2025-01-21 7.5 CVE-2024-24422 linuxfoundation -- magma  The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at /nas/ies/EsmMessageContainer.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. 2025-01-21 7.5 CVE-2024-24423 lmfit--asteval  ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is rooted in how `asteval` performs handling of `FormattedValue` AST nodes. In particular, the `on_formattedvalue` value uses the dangerous format method of the str class. The code allows an attacker to manipulate the value of the string used in the dangerous call `fmt.format(__fstring__=val)`. This vulnerability can be exploited to access protected attributes by intentionally triggering an `AttributeError` exception. The attacker can then catch the exception and use its `obj` attribute to gain arbitrary access to sensitive or protected object properties. Version 1.0.6 fixes this issue. 2025-01-24 8.4 CVE-2025-24359 matrix-org--mjolnir  Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1 reverts the feature that introduced the bug, and version 1.9.2 reintroduces the feature safely. Downgrading to version 1.8.3 is recommended if upgrading to 1.9.1 or higher isn't possible. 2025-01-21 9.1 CVE-2025-24024 Matthew Blackford, LimeSquare Pty Ltd--Lime Developer Login  Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Blackford, LimeSquare Pty Ltd Lime Developer Login allows Reflected XSS. This issue affects Lime Developer Login: from n/a through 1.4.0. 2025-01-22 7.1 CVE-2025-23701 Matthew Garvin--BizLibrary  Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Garvin BizLibrary allows Reflected XSS. This issue affects BizLibrary: from n/a through 1.1. 2025-01-21 7.1 CVE-2025-23580 MDJM--MDJM Event Management  Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MDJM MDJM Event Management allows Reflected XSS. This issue affects MDJM Event Management: from n/a through 1.7.5.5. 2025-01-24 7.1 CVE-2025-22714 mgplugin--Roi Calculator  Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator allows Stored XSS. This issue affects Roi Calculator: from n/a through 1.0. 2025-01-24 7.1 CVE-2025-24756 Mihajlovic Nenad--Improved Sale Badges Free Version  Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mihajlovic Nenad Improved Sale Badges - Free Version allows PHP Local File Inclusion. This issue affects Improved Sale Badges - Free Version: from n/a through 1.0.1. 2025-01-22 8.1 CVE-2025-23949 Mohsin khan--WP Front-end login and register  Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin khan WP Front-end login and register allows Reflected XSS. This issue affects WP Front-end login and register: from n/a through 2.1.0. 2025-01-23 7.1 CVE-2025-23540 Moshiur Rahman Mehedi--FP RSS Category Excluder  Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moshiur Rahman Mehedi FP RSS Category Excluder allows Reflected XSS. This issue affects FP RSS Category Excluder: from n/a through 1.0.0. 2025-01-22 7.1 CVE-2025-23679 Musing Studio--WriteFreely  WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini. 2025-01-20 8.4 CVE-2025-24337 MVPThemes--Zox News  The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' function in all versions up to, and including, 3.16.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. 2025-01-26 8.8 CVE-2024-11936 n/a--n/a  pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php. 2025-01-21 9.8 CVE-2023-27112 n/a--n/a  pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php. 2025-01-21 9.8 CVE-2023-27113 n/a--n/a  A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet. 2025-01-21 9.8 CVE-2024-24421 n/a--n/a  The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message. 2025-01-21 9.8 CVE-2024-42936 n/a--n/a  An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injection in the form to upload media. 2025-01-23 9.1 CVE-2024-53923 n/a--n/a  The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. 2025-01-21 9.1 CVE-2024-54794 n/a--n/a  An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics. 2025-01-23 9.1 CVE-2024-55573 n/a--n/a  Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. 2025-01-21 9.1 CVE-2024-55959 n/a--n/a  A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access. 2025-01-23 9.8 CVE-2024-57328 n/a--n/a  In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow. 2025-01-24 8.1 CVE-2024-50697 n/a--n/a  Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status. 2025-01-21 8 CVE-2024-57536 n/a--n/a  Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the field id_email_check_btn. 2025-01-21 8.8 CVE-2024-57542 n/a--n/a  GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns 2025-01-24 7.8 CVE-2022-47090 n/a--n/a  Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state and crash, leading to denial of service. 2025-01-22 7.3 CVE-2023-37013 n/a--n/a  Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. 2025-01-22 7.5 CVE-2023-37014 n/a--n/a  Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service. 2025-01-22 7.5 CVE-2023-37022 n/a--n/a  A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an `Emergency Number List` Information Element. 2025-01-21 7.5 CVE-2023-37024 n/a--n/a  A reachable assertion in the decode_linked_ti_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. 2025-01-21 7.5 CVE-2024-24420 n/a--n/a  A reachable assertion in the decode_access_point_name_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. 2025-01-21 7.5 CVE-2024-24424 n/a--n/a  A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. 2025-01-22 7.5 CVE-2024-24430 n/a--n/a  A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP message. 2025-01-21 7.5 CVE-2024-24442 n/a--n/a  A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface. 2025-01-21 7.5 CVE-2024-24451 n/a--n/a  A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6. 2025-01-23 7.8 CVE-2024-53588 n/a--n/a  In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems. 2025-01-22 7.8 CVE-2024-55957 n/a--n/a  A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts. 2025-01-22 7.3 CVE-2024-56924 n/a--n/a  https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: `nm –without-symbol-version` function.
2025-01-21
7.7
CVE-2024-57360

n/a–n/a 
lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovg_surface_create.
2025-01-23
7.5
CVE-2024-57722

n/a–Shiprocket Module 
A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-01-20
7.3
CVE-2025-0579

n/a–ThemeREX Addons 
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the ‘trx_sc_reviews’ shortcode ‘type’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
2025-01-25
8.8
CVE-2025-0682

Navnish Bhardwaj–WP Social Broadcast 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Navnish Bhardwaj WP Social Broadcast allows Reflected XSS. This issue affects WP Social Broadcast: from n/a through 1.0.0.
2025-01-23
7.1
CVE-2025-23545

New Media One–GeoDigs 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in New Media One GeoDigs allows Reflected XSS. This issue affects GeoDigs: from n/a through 3.4.1.
2025-01-23
7.1
CVE-2025-23628

NgocCode–WP Load Gallery 
Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server. This issue affects WP Load Gallery: from n/a through 2.1.6.
2025-01-22
9.1
CVE-2025-23942

NLnet Labs–Routinator 
The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator.
2025-01-22
7.5
CVE-2025-0638

NotFound–ARPrice 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.
2025-01-21
9.3
CVE-2024-49655

NotFound–ARPrice 
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.
2025-01-21
9.8
CVE-2024-49688

NotFound–ARPrice 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.
2025-01-21
8.5
CVE-2024-49666

NotFound–ARPrice 
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.
2025-01-21
8.8
CVE-2024-49699

NotFound–ARPrice 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound ARPrice allows Reflected XSS. This issue affects ARPrice: from n/a through 4.0.3.
2025-01-21
7.1
CVE-2024-49700

NotFound–AZ Content Finder 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound AZ Content Finder allows Reflected XSS. This issue affects AZ Content Finder: from n/a through 0.1.
2025-01-23
7.1
CVE-2025-23727

NotFound–Bauernregeln 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Bauernregeln allows Reflected XSS. This issue affects Bauernregeln: from n/a through 1.0.1.
2025-01-24
7.1
CVE-2025-23838

NotFound–Bit.ly linker 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Bit.ly linker allows Reflected XSS. This issue affects Bit.ly linker: from n/a through 1.1.
2025-01-22
7.1
CVE-2025-23674

NotFound–Blue Wrench Video Widget 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Blue Wrench Video Widget allows Reflected XSS. This issue affects Blue Wrench Video Widget: from n/a through 2.1.0.
2025-01-22
7.1
CVE-2025-23809

NotFound–Brizy Pro 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1.
2025-01-21
7.1
CVE-2025-22763

NotFound–Calendi 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Calendi allows Reflected XSS. This issue affects Calendi: from n/a through 1.1.1.
2025-01-22
7.1
CVE-2025-23606

NotFound–Causes Donation Plugin 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Causes – Donation Plugin allows Reflected XSS. This issue affects Causes – Donation Plugin: from n/a through 1.0.01.
2025-01-24
7.1
CVE-2025-23621

NotFound–CBX Accounting & Bookkeeping 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound CBX Accounting & Bookkeeping allows Reflected XSS. This issue affects CBX Accounting & Bookkeeping: from n/a through 1.3.14.
2025-01-24
7.1
CVE-2025-23622

NotFound–CMC MIGRATE 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound CMC MIGRATE allows Reflected XSS. This issue affects CMC MIGRATE: from n/a through 0.0.3.
2025-01-22
7.1
CVE-2025-23746

NotFound–Contact Form 7 Round Robin Lead Distribution 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Contact Form 7 Round Robin Lead Distribution allows SQL Injection. This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through 1.2.1.
2025-01-22
7.6
CVE-2025-23784

NotFound–Contact Form 7 Round Robin Lead Distribution 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Contact Form 7 Round Robin Lead Distribution allows Reflected XSS. This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through 1.2.1.
2025-01-22
7.1
CVE-2025-23812

NotFound–Content Mirror 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Content Mirror allows Reflected XSS. This issue affects Content Mirror: from n/a through 1.2.
2025-01-22
7.1
CVE-2025-23769

NotFound–Content Planner 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Content Planner allows Reflected XSS. This issue affects Content Planner: from n/a through 1.0.
2025-01-22
7.1
CVE-2025-23631

NotFound–ContentOptin Lite 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound ContentOptin Lite allows Reflected XSS. This issue affects ContentOptin Lite: from n/a through 1.1.
2025-01-22
7.1
CVE-2025-23589

NotFound–CtyGrid Hyp3rL0cal Search 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound CtyGrid Hyp3rL0cal Search allows Reflected XSS. This issue affects CtyGrid Hyp3rL0cal Search: from n/a through 0.1.1.1.
2025-01-22
7.1
CVE-2025-23695

NotFound–Custom CSS Addons 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Custom CSS Addons allows Reflected XSS. This issue affects Custom CSS Addons: from n/a through 1.9.1.
2025-01-22
7.1
CVE-2025-23578

NotFound–Custom Page Extensions 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Custom Page Extensions allows Reflected XSS. This issue affects Custom Page Extensions: from n/a through 0.6.
2025-01-24
7.1
CVE-2025-23888

NotFound–Customizable Captcha and Contact Us 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Customizable Captcha and Contact Us allows Reflected XSS. This issue affects Customizable Captcha and Contact Us: from n/a through 1.0.2.
2025-01-22
7.1
CVE-2025-23503

NotFound–Cyber Slider 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Cyber Slider allows Reflected XSS. This issue affects Cyber Slider: from n/a through 1.1.
2025-01-22
7.1
CVE-2025-23630

NotFound–dForms 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound dForms allows Reflected XSS. This issue affects dForms: from n/a through 1.0.
2025-01-22
7.1
CVE-2025-23592

NotFound–Easy Filtering 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Easy Filtering allows Reflected XSS. This issue affects Easy Filtering: from n/a through 2.5.0.
2025-01-22
7.1
CVE-2025-23732

NotFound–Easy Real Estate 
Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6.
2025-01-21
9.8
CVE-2024-32555

NotFound–EELV Newsletter 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound EELV Newsletter allows Reflected XSS. This issue affects EELV Newsletter: from n/a through 4.8.2.
2025-01-22
7.1
CVE-2025-23602

NotFound–EU DSGVO Helper 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound EU DSGVO Helper allows Reflected XSS. This issue affects EU DSGVO Helper: from n/a through 1.0.6.1.
2025-01-22
7.1
CVE-2025-23866

NotFound–Fancy Product Designer 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.
2025-01-21
9.3
CVE-2024-51818

NotFound–Fancy Product Designer 
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.
2025-01-21
9
CVE-2024-51919

NotFound–Fast Tube 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Fast Tube allows Reflected XSS. This issue affects Fast Tube: from n/a through 2.3.1.
2025-01-22
7.1
CVE-2025-23770

NotFound–FLX Dashboard Groups 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound FLX Dashboard Groups allows Reflected XSS. This issue affects FLX Dashboard Groups: from n/a through 0.0.7.
2025-01-23
7.1
CVE-2025-23730

NotFound–FooGallery Captions 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound FooGallery Captions allows Reflected XSS. This issue affects FooGallery Captions: from n/a through 1.0.2.
2025-01-24
7.1
CVE-2025-23889

NotFound–FWD Slider 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound FWD Slider allows Reflected XSS. This issue affects FWD Slider: from n/a through 1.0.
2025-01-22
7.1
CVE-2025-23462

NotFound–Gigaom Sphinx 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Gigaom Sphinx allows Reflected XSS. This issue affects Gigaom Sphinx: from n/a through 0.1.
2025-01-24
7.1
CVE-2025-23734

NotFound–Group category creator 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Group category creator allows Reflected XSS. This issue affects Group category creator: from n/a through 1.3.0.3.
2025-01-22
7.1
CVE-2025-23603

NotFound–Hero Mega Menu – Responsive WordPress Menu Plugin 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Hero Mega Menu – Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu – Responsive WordPress Menu Plugin: from n/a through 1.16.5.
2025-01-21
8.5
CVE-2024-49303

NotFound–Hero Mega Menu – Responsive WordPress Menu Plugin 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Hero Mega Menu – Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu – Responsive WordPress Menu Plugin: from n/a through 1.16.5.
2025-01-21
8.5
CVE-2024-49333

NotFound–Hero Mega Menu – Responsive WordPress Menu Plugin 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Hero Mega Menu – Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu – Responsive WordPress Menu Plugin: from n/a through 1.16.5.
2025-01-21
7.1
CVE-2024-49300

NotFound–History timeline 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound History timeline allows Reflected XSS. This issue affects History timeline: from n/a through 0.7.2.
2025-01-22
7.1
CVE-2025-23475

NotFound–Homey Login Register 
Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.
2025-01-21
9.8
CVE-2024-51888

NotFound–HyperComments 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound HyperComments allows Reflected XSS. This issue affects HyperComments: from n/a through 0.9.6.
2025-01-22
7.1
CVE-2025-23509

NotFound–Image Gallery Box by CRUDLab 
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in NotFound Image Gallery Box by CRUDLab allows PHP Local File Inclusion. This issue affects Image Gallery Box by CRUDLab: from n/a through 1.0.3.
2025-01-22
7.5
CVE-2025-23938

NotFound–InFunding 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound InFunding allows Reflected XSS. This issue affects InFunding: from n/a through 1.0.
2025-01-22
7.1
CVE-2025-23768

NotFound–Instant Appointment 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Instant Appointment allows Reflected XSS. This issue affects Instant Appointment: from n/a through 1.2.
2025-01-22
7.1
CVE-2025-23672

NotFound–Jet Skinner for BuddyPress 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Jet Skinner for BuddyPress allows Reflected XSS. This issue affects Jet Skinner for BuddyPress: from n/a through 1.2.5.
2025-01-22
7.1
CVE-2025-23706

NotFound–Legal + 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Legal + allows Reflected XSS. This issue affects Legal +: from n/a through 1.0.
2025-01-23
7.1
CVE-2025-23835

NotFound–LH Email 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound LH Email allows Reflected XSS. This issue affects LH Email: from n/a through 1.12.
2025-01-22
7.1
CVE-2025-23676

NotFound–Links/Problem Reporter 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Links/Problem Reporter allows Reflected XSS. This issue affects Links/Problem Reporter: from n/a through 2.6.0.
2025-01-23
7.1
CVE-2025-23834

NotFound–LocalGrid 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound LocalGrid allows Reflected XSS. This issue affects LocalGrid: from n/a through 1.0.1.
2025-01-22
7.1
CVE-2025-23678

NotFound–MACME 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound MACME allows Reflected XSS. This issue affects MACME: from n/a through 1.2.
2025-01-22
7.1
CVE-2025-23683

NotFound–Mapbox for WP Advanced 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Mapbox for WP Advanced allows Reflected XSS. This issue affects Mapbox for WP Advanced: from n/a through 1.0.0.
2025-01-22
7.1
CVE-2025-22772

NotFound–Menus Plus+ 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Menus Plus+ allows SQL Injection. This issue affects Menus Plus+: from n/a through 1.9.6.
2025-01-22
8.5
CVE-2025-23910

NotFound–Mind3doM RyeBread Widgets 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Mind3doM RyeBread Widgets allows Reflected XSS. This issue affects Mind3doM RyeBread Widgets: from n/a through 1.0.
2025-01-23
7.1
CVE-2025-23722

NotFound–MJ Contact us 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound MJ Contact us allows Reflected XSS. This issue affects MJ Contact us: from n/a through 5.2.3.
2025-01-24
7.1
CVE-2025-23885

NotFound–Multi Uploader for Gravity Forms 
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Multi Uploader for Gravity Forms allows Upload a Web Shell to a Web Server. This issue affects Multi Uploader for Gravity Forms: from n/a through 1.1.3.
2025-01-22
9
CVE-2025-23921

NotFound–Multiple Carousel 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Multiple Carousel allows SQL Injection. This issue affects Multiple Carousel: from n/a through 2.0.
2025-01-21
9.3
CVE-2025-22553

NotFound–Muzaara Google Ads Report 
Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows Object Injection. This issue affects Muzaara Google Ads Report: from n/a through 3.1.
2025-01-22
9.8
CVE-2025-23914

NotFound–Network-Favorites 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Network-Favorites allows Reflected XSS. This issue affects Network-Favorites: from n/a through 1.1.
2025-01-24
7.1
CVE-2025-23737

NotFound–One Backend Language 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound One Backend Language allows Reflected XSS. This issue affects One Backend Language: from n/a through 1.0.
2025-01-24
7.1
CVE-2025-23837

NotFound–Pootle button 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Pootle button allows Reflected XSS. This issue affects Pootle button: from n/a through 1.2.0.
2025-01-22
7.1
CVE-2025-23758

NotFound–Preloader Quotes 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Preloader Quotes allows Reflected XSS. This issue affects Preloader Quotes: from n/a through 1.0.0.
2025-01-22
7.1
CVE-2025-23682

NotFound–Private Messages for UserPro 
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in NotFound Private Messages for UserPro. This issue affects Private Messages for UserPro: from n/a through 4.10.0.
2025-01-21
7.5
CVE-2025-22311

NotFound–Private Messages for UserPro 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Private Messages for UserPro allows Reflected XSS. This issue affects Private Messages for UserPro: from n/a through 4.10.0.
2025-01-21
7.1
CVE-2025-22322

NotFound–Quick Count 
Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection. This issue affects Quick Count: from n/a through 3.00.
2025-01-22
9.8
CVE-2025-23932

NotFound–Quote me 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Quote me allows Reflected XSS. This issue affects Quote me: from n/a through 1.0.
2025-01-24
7.1
CVE-2025-23711

NotFound–ReadMe Creator 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound ReadMe Creator allows Reflected XSS. This issue affects ReadMe Creator: from n/a through 1.0.
2025-01-22
7.1
CVE-2025-23643

NotFound–Rezdy Reloaded 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Rezdy Reloaded allows Stored XSS. This issue affects Rezdy Reloaded: from n/a through 1.0.1.
2025-01-22
7.1
CVE-2025-23604

NotFound–Simple shortcode buttons 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Simple shortcode buttons allows Reflected XSS. This issue affects Simple shortcode buttons: from n/a through 1.3.2.
2025-01-22
7.1
CVE-2025-23449

NotFound–Smallerik File Browser 
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Smallerik File Browser allows Upload a Web Shell to a Web Server. This issue affects Smallerik File Browser: from n/a through 1.1.
2025-01-22
9.9
CVE-2025-23918

NotFound–Staging CDN 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Staging CDN allows Reflected XSS. This issue affects Staging CDN: from n/a through 1.0.0.
2025-01-22
7.1
CVE-2025-23696

NotFound–Sticky Button 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Sticky Button allows Stored XSS. This issue affects Sticky Button: from n/a through 1.0.
2025-01-24
7.1
CVE-2025-23839

NotFound–Store Locator 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in NotFound Store Locator allows PHP Local File Inclusion. This issue affects Store Locator: from n/a through 3.98.10.
2025-01-24
7.5
CVE-2025-23422

NotFound–Tab My Content 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Tab My Content allows Reflected XSS. This issue affects Tab My Content: from n/a through 1.0.0.
2025-01-22
7.1
CVE-2025-23601

NotFound–Translation.Pro 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Translation.Pro allows Reflected XSS. This issue affects Translation.Pro: from n/a through 1.0.0.
2025-01-22
7.1
CVE-2025-23498

NotFound–Ultimate Events 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Ultimate Events allows Reflected XSS. This issue affects Ultimate Events: from n/a through 1.3.3.
2025-01-22
7.1
CVE-2025-23610

NotFound–WH Cache & Security 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WH Cache & Security allows Reflected XSS. This issue affects WH Cache & Security: from n/a through 1.1.2.
2025-01-22
7.1
CVE-2025-23611

NotFound–WM Options Import Export 
Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WM Options Import Export allows Retrieve Embedded Sensitive Data. This issue affects WM Options Import Export: from n/a through 1.0.1.
2025-01-22
7.5
CVE-2025-23781

NotFound–WooCommerce Order Search 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WooCommerce Order Search allows Reflected XSS. This issue affects WooCommerce Order Search: from n/a through 1.1.0.
2025-01-22
7.1
CVE-2025-23495

NotFound–WordPress File Search 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WordPress File Search allows Reflected XSS. This issue affects WordPress File Search: from n/a through 1.2.
2025-01-22
7.1
CVE-2025-23867

NotFound–WordPress Local SEO 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound WordPress Local SEO allows Blind SQL Injection. This issue affects WordPress Local SEO: from n/a through 2.3.
2025-01-22
9.3
CVE-2025-23931

NotFound–WP Block Pack 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP Block Pack allows Reflected XSS. This issue affects WP Block Pack: from n/a through 1.1.6.
2025-01-22
7.1
CVE-2025-23874

NotFound–WP Download Codes 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP Download Codes allows Reflected XSS. This issue affects WP Download Codes: from n/a through 2.5.4.
2025-01-22
7.1
CVE-2025-23882

NotFound–WP IMAP Auth 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP IMAP Auth allows Reflected XSS. This issue affects WP IMAP Auth: from n/a through 4.0.1.
2025-01-22
7.1
CVE-2025-23506

NotFound–WP2APP 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WP2APP allows Reflected XSS. This issue affects WP2APP: from n/a through 2.6.2.
2025-01-22
7.1
CVE-2025-23811

NotFound–WPDB to Sql 
Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WPDB to Sql allows Retrieve Embedded Sensitive Data. This issue affects WPDB to Sql: from n/a through 1.2.
2025-01-22
7.5
CVE-2025-23774

NotFound–Youtube Video Grid 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Youtube Video Grid allows Reflected XSS. This issue affects Youtube Video Grid: from n/a through 1.9.
2025-01-23
7.1
CVE-2025-23634

Oleksandr Ustymenko–University Quizzes Online 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Oleksandr Ustymenko University Quizzes Online allows Reflected XSS. This issue affects University Quizzes Online: from n/a through 1.4.
2025-01-23
7.1
CVE-2025-23724

OneIdentity–Identity Manager 
In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.
2025-01-24
9.9
CVE-2024-56404

open5gs — open5gs 
A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
2025-01-21
7.5
CVE-2024-24427

open5gs — open5gs 
A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
2025-01-21
7.5
CVE-2024-24428

Optimal Access Inc.–KBucket 
Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access Inc. KBucket allows Stored XSS. This issue affects KBucket: from n/a through 4.1.6.
2025-01-24
7.1
CVE-2025-24562

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
2025-01-21
9.8
CVE-2025-21524

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
2025-01-21
8.8
CVE-2025-21515

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
2025-01-21
7.5
CVE-2025-21510

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
2025-01-21
7.5
CVE-2025-21511

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
7.5
CVE-2025-21521

Oracle Corporation–Oracle Agile PLM Framework 
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. While the vulnerability is in Oracle Agile PLM Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM Framework. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
2025-01-21
9.9
CVE-2025-21556

Oracle Corporation–Oracle Agile PLM Framework 
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM Framework. CVSS 3.1 Base Score 8.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
2025-01-21
8.1
CVE-2025-21564

Oracle Corporation–Oracle Agile PLM Framework 
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Install). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
2025-01-21
7.5
CVE-2025-21565

Oracle Corporation–Oracle Analytics Desktop 
Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
2025-01-21
7.8
CVE-2025-21532

Oracle Corporation–Oracle Customer Care 
Vulnerability in the Oracle Customer Care product of Oracle E-Business Suite (component: Service Requests). Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Customer Care. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customer Care accessible data as well as unauthorized access to critical data or complete access to all Oracle Customer Care accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
2025-01-21
8.1
CVE-2025-21516

Oracle Corporation–Oracle Hospitality OPERA 5 
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and 5.6.27.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality OPERA 5. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).
2025-01-21
9.1
CVE-2025-21547

Oracle Corporation–Oracle Project Foundation 
Vulnerability in the Oracle Project Foundation product of Oracle E-Business Suite (component: Technology Foundation). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Project Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle Project Foundation accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
2025-01-21
8.1
CVE-2025-21506

Oracle Corporation–Oracle VM VirtualBox 
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L).
2025-01-21
7.3
CVE-2025-21571

Oracle Corporation–Oracle WebLogic Server 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
2025-01-21
9.8
CVE-2025-21535

Oracle Corporation–Oracle WebLogic Server 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
7.5
CVE-2025-21549

Oracle Corporation–PeopleSoft Enterprise PeopleTools 
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch). Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
7.5
CVE-2025-21545

otrok7–BMLT Meeting Map 
The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the ‘bmlt_meeting_map’ shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.
2025-01-23
7.5
CVE-2024-13593

P. Razvan–SexBundle 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in P. Razvan SexBundle allows Reflected XSS. This issue affects SexBundle: from n/a through 1.4.
2025-01-21
7.1
CVE-2025-23551

Plestar Inc–Plestar Directory Listing 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Plestar Inc Plestar Directory Listing allows Reflected XSS. This issue affects Plestar Directory Listing: from n/a through 1.0.
2025-01-23
7.1
CVE-2025-23723

PPO Vit Nam (ppo.vn)–PPO Call To Actions 
Cross-Site Request Forgery (CSRF) vulnerability in PPO Việt Nam (ppo.vn) PPO Call To Actions allows Cross Site Request Forgery. This issue affects PPO Call To Actions: from n/a through 0.1.3.
2025-01-21
7.1
CVE-2025-24001

PQINA–Snippy 
Cross-Site Request Forgery (CSRF) vulnerability in PQINA Snippy allows Reflected XSS. This issue affects Snippy: from n/a through 1.4.1.
2025-01-22
7.1
CVE-2025-23803

Qwerty23–Rocket Media Library Mime Type 
Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows Stored XSS. This issue affects Rocket Media Library Mime Type: from n/a through 2.1.0.
2025-01-23
7.1
CVE-2025-22768

Rara Theme–UltraLight 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rara Theme UltraLight allows Reflected XSS. This issue affects UltraLight: from n/a through 1.2.
2025-01-21
7.1
CVE-2025-23998

Realty Workstation–Realty Workstation 
Missing Authorization vulnerability in Realty Workstation Realty Workstation allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Realty Workstation: from n/a through 1.0.45.
2025-01-21
8.2
CVE-2025-23477

Red Hat–Fast Datapath for RHEL 7 
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
2025-01-23
8.1
CVE-2025-0650

Red Hat–Red Hat Enterprise Linux 8 
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using –jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
2025-01-22
8.6
CVE-2024-11218

ReviewsTap–ReviewsTap 
Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsTap allows Stored XSS. This issue affects ReviewsTap: from n/a through 1.1.2.
2025-01-24
7.1
CVE-2025-24561

Riosis Private Limited–Rio Photo Gallery 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Riosis Private Limited Rio Photo Gallery allows Reflected XSS. This issue affects Rio Photo Gallery: from n/a through 0.1.
2025-01-22
7.1
CVE-2025-23597

Rise Group–Rise Mode Temp CPU 
A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. It has been classified as critical. This affects an unknown part in the library CRYPTBASE.dll of the component Startup. The manipulation leads to untrusted search path. The attack needs to be approached locally.
2025-01-24
7.8
CVE-2025-0707

sayocode–SC Simple Zazzle 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sayocode SC Simple Zazzle allows Reflected XSS. This issue affects SC Simple Zazzle: from n/a through 1.1.6.
2025-01-23
7.1
CVE-2025-23733

scriptsbundle — adforest 
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user’s identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by phone number.
2025-01-22
9.8
CVE-2024-12857

SERPed–SERPed.net 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in SERPed SERPed.net allows SQL Injection. This issue affects SERPed.net: from n/a through 4.4.
2025-01-24
8.5
CVE-2025-24669

silabs.com–Configuration Wizard 2 
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
2025-01-24
8.6
CVE-2024-9491

silabs.com–CP210 VCP Win 2k 
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
2025-01-24
8.6
CVE-2024-9494

silabs.com–CP210x VCP Windows 
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
2025-01-24
8.6
CVE-2024-9495

silabs.com–Flash Programming Utility 
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
2025-01-24
8.6
CVE-2024-9492

silabs.com–Silicon Labs IDE (8-bit) 
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
2025-01-24
8.6
CVE-2024-9490

silabs.com–ToolStick 
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
2025-01-24
8.6
CVE-2024-9493

silabs.com–USBXpress 4 SDK 
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
2025-01-24
8.6
CVE-2024-9497

silabs.com–USBXpress Dev Kit 
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
2025-01-24
8.6
CVE-2024-9496

silabs.com–USBXpress SDK 
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
2025-01-24
8.6
CVE-2024-9498

silabs.com–USBXpress Win 98SE Dev Kit 
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
2025-01-24
8.6
CVE-2024-9499

skyverge–Custom Product Tabs Lite for WooCommerce 
The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the ‘frs_woo_product_tabs’ parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
2025-01-25
7.2
CVE-2024-12600

Soft8Soft LLC–Verge3D 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.8.0.
2025-01-21
7.1
CVE-2025-22709

SonicWall–SMA1000 
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
2025-01-23
9.8
CVE-2025-23006

StoreApps–Smart Manager 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in StoreApps Smart Manager allows Blind SQL Injection. This issue affects Smart Manager: from n/a through 8.52.0.
2025-01-21
7.6
CVE-2025-22710

Subhasis Laha–Gallerio 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Subhasis Laha Gallerio allows Reflected XSS. This issue affects Gallerio: from n/a through 1.0.1.
2025-01-23
7.1
CVE-2025-23629

SubscriptionDNA.com–Subscription DNA 
Cross-Site Request Forgery (CSRF) vulnerability in SubscriptionDNA.com Subscription DNA allows Stored XSS. This issue affects Subscription DNA: from n/a through 2.1.
2025-01-24
7.1
CVE-2025-24555

SuryaBhan–Custom Coming Soon 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SuryaBhan Custom Coming Soon allows Reflected XSS. This issue affects Custom Coming Soon: from n/a through 2.2.
2025-01-23
7.1
CVE-2025-23836

Tarak Patel–WP Query Creator 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tarak Patel WP Query Creator allows Reflected XSS. This issue affects WP Query Creator: from n/a through 1.0.
2025-01-23
7.1
CVE-2025-22264

Taskbuilder Team–Taskbuilder 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Taskbuilder Team Taskbuilder allows SQL Injection. This issue affects Taskbuilder: from n/a through 3.0.6.
2025-01-21
8.5
CVE-2025-22716

TaskMeister–Accessibility Task Manager 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TaskMeister Accessibility Task Manager allows Reflected XSS. This issue affects Accessibility Task Manager: from n/a through 1.2.1.
2025-01-23
7.1
CVE-2025-23725

Tatsuya Fukata, Alexander Ovsov–wp-flickr-press 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tatsuya Fukata, Alexander Ovsov wp-flickr-press allows Reflected XSS. This issue affects wp-flickr-press: from n/a through 2.6.4.
2025-01-23
7.1
CVE-2025-23894

TaxoPress–WordPress Tag Cloud Plugin Tag Groups 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups allows Reflected XSS. This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.4.
2025-01-21
7.1
CVE-2025-22735

Team118GROUP–Team 118GROUP Agent 
Missing Authorization vulnerability in Team118GROUP Team 118GROUP Agent allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team 118GROUP Agent: from n/a through 1.6.0.
2025-01-22
7.5
CVE-2025-23512

TECNO–com.transsion.carlcare 
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk.
2025-01-20
7.5
CVE-2025-0590

ThemeFarmer–Ultimate Subscribe 
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimate Subscribe allows Reflected XSS. This issue affects Ultimate Subscribe: from n/a through 1.3.
2025-01-22
7.1
CVE-2025-23806

Themefic–Tourfic 
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3.
2025-01-24
9.1
CVE-2025-24650

Thomas Maier–Image Source Control 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Thomas Maier Image Source Control allows Reflected XSS. This issue affects Image Source Control: from n/a through 2.29.0.
2025-01-21
7.1
CVE-2025-22711

Tips and Tricks HQ, Ruhul Amin, Josh Lobe–Simple Download Monitor 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tips and Tricks HQ, Ruhul Amin, Josh Lobe Simple Download Monitor allows Blind SQL Injection. This issue affects Simple Download Monitor: from n/a through 3.9.25.
2025-01-24
7.6
CVE-2025-24663

UkrSolution–Barcode Scanner with Inventory & Order Manager 
Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Upload a Web Shell to a Web Server. This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.7.
2025-01-21
9.1
CVE-2025-22723

WebArea–Background animation blocks 
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WebArea Background animation blocks allows PHP Local File Inclusion. This issue affects Background animation blocks: from n/a through 2.1.5.
2025-01-22
8.1
CVE-2025-23948

WebDeal s.r.o.–Podlnkov inzerce 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebDeal s.r.o. Podčlánková inzerce allows Reflected XSS. This issue affects Podčlánková inzerce: from n/a through 2.4.0.
2025-01-22
7.1
CVE-2025-23697

woobewoo–Product Table by WBW 
The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the ‘additionalCondition’ parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2025-01-23
7.5
CVE-2024-13234

WOOEXIM.COM–WOOEXIM 
Deserialization of Untrusted Data vulnerability in WOOEXIM.COM WOOEXIM allows Object Injection. This issue affects WOOEXIM: from n/a through 5.0.0.
2025-01-22
8.8
CVE-2025-23944

WordPress Download Manager–Premium Packages 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WordPress Download Manager Premium Packages allows Blind SQL Injection. This issue affects Premium Packages: from n/a through 5.9.6.
2025-01-24
7.6
CVE-2025-24659

wpbot — wpot 
The WPBot Pro WordPress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘qcld_wpcfb_file_upload’ function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin.
2025-01-22
9.8
CVE-2024-13091

WPChill–RSVP and Event Management Plugin 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPChill RSVP and Event Management Plugin allows SQL Injection. This issue affects RSVP and Event Management Plugin: from n/a through 2.7.14.
2025-01-24
7.6
CVE-2025-24683

WPHocus–My auctions allegro 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPHocus My auctions allegro allows Reflected XSS. This issue affects My auctions allegro: from n/a through 3.6.18.
2025-01-21
7.1
CVE-2025-22733

wpwax–Post Grid, Slider & Carousel Ultimate with Shortcode, Gutenberg Block & Elementor Widget 
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the ‘theme’ attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included.
2025-01-24
7.5
CVE-2024-13408

wpwax–Post Grid, Slider & Carousel Ultimate with Shortcode, Gutenberg Block & Elementor Widget 
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the ‘theme’ parameter of the post_type_ajax_handler() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.
2025-01-24
7.5
CVE-2024-13409

xmlsoft–libxml2 
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
2025-01-26
8.1
CVE-2022-49043

Yannick Lefebvre–Bug Library 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Yannick Lefebvre Bug Library allows Blind SQL Injection. This issue affects Bug Library: from n/a through 2.1.4.
2025-01-24
8.5
CVE-2025-24728

YesWiki–yeswiki 
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki’s pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn’t exist, the tag is reflected on the page and isn’t properly sanitized on the server side which allows a malicious user to generate a link that will trigger an XSS on the client’s side when clicked. This vulnerability allows any user to generate a malicious link that will trigger an account takeover when clicked, therefore allowing a user to steal other accounts, modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue.
2025-01-21
7.6
CVE-2025-24017

YesWiki–yeswiki 
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the content edition feature and more specifically of the “ component allowing users to attach files/medias to a page. When a file is attached using the “ component, if the resource contained in the `file` attribute doesn’t exist, then the server will generate a file upload button containing the filename. This vulnerability allows any malicious authenticated user that has the right to create a comment or edit a page to be able to steal accounts and therefore modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue.
2025-01-21
7.6
CVE-2025-24018

YesWiki–yeswiki 
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager (FPM) on the host without any limitation on the filesystem’s scope. This vulnerability allows any authenticated user to arbitrarily remove content from the Wiki resulting in partial loss of data and defacement/deterioration of the website. In the context of a container installation of YesWiki without any modification, the `yeswiki` files (for example .php) are not owned by the same user (root) as the one running the FPM process (www-data). However in a standard installation, www-data may also be the owner of the PHP files, allowing a malicious user to completely cut the access to the wiki by deleting all important PHP files (like index.php or core files of YesWiki). Version 4.5.0 contains a patch for this issue.
2025-01-21
7.1
CVE-2025-24019

Yonatan Reinberg–yCyclista 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Yonatan Reinberg yCyclista allows Reflected XSS. This issue affects yCyclista: from n/a through 1.2.3.
2025-01-22
7.1
CVE-2025-23700

zopefoundation–RestrictedPython 
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except*` clauses. No known workarounds are available.
2025-01-23
7.9
CVE-2025-22153

Back to top

Medium Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info

8blocks–1003 Mortgage Application 
The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
2025-01-21
5.3
CVE-2024-13536

add-ons.org–PDF Invoices for WooCommerce + Drag and Drop Template Builder 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template Builder allows Stored XSS. This issue affects PDF Invoices for WooCommerce + Drag and Drop Template Builder: from n/a through 4.6.0.
2025-01-24
6.5
CVE-2025-24755

AddonMaster–Post Grid Master 
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in AddonMaster Post Grid Master allows PHP Local File Inclusion. This issue affects Post Grid Master: from n/a through 3.4.12.
2025-01-24
6.5
CVE-2025-24733

Admiral–Ad Blocking Detector 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Admiral Ad Blocking Detector allows Stored XSS. This issue affects Ad Blocking Detector: from n/a through 3.6.0.
2025-01-21
6.5
CVE-2025-22732

aEnrich Technology–a+HRD 
The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user’s browser through phishing attacks.
2025-01-20
6.1
CVE-2025-0583

aEnrich Technology–a+HRD 
The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network.
2025-01-20
5.3
CVE-2025-0584

aipower — aipower 
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload image files and embed shortcode attributes in the image_alt value that will execute when sending a POST request to the attachment page.
2025-01-22
6.3
CVE-2024-13361

aipower — aipower 
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
2025-01-22
5.4
CVE-2024-13360

Aleksandar Uroevi–Easy YouTube Gallery 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aleksandar UroÅ¡ević Easy YouTube Gallery allows Stored XSS. This issue affects Easy YouTube Gallery: from n/a through 1.0.4.
2025-01-24
6.5
CVE-2025-24721

alexmoss–FireCask Like & Share Button 
The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-21
6.4
CVE-2024-11226

anyroad.com–AnyRoad 
Cross-Site Request Forgery (CSRF) vulnerability in anyroad.com AnyRoad allows Cross Site Request Forgery. This issue affects AnyRoad: from n/a through 1.3.2.
2025-01-21
4.3
CVE-2025-23996

Apache Software Foundation–Apache CXF 
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).
2025-01-21
5.9
CVE-2025-23184

Apache Software Foundation–Apache Ranger 
Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
2025-01-21
4.8
CVE-2024-45478

Arshid–WooCommerce Quick View 
Missing Authorization vulnerability in Arshid WooCommerce Quick View allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Quick View: from n/a through 1.1.1.
2025-01-24
5.3
CVE-2025-24705

arunbasillal–Ask Me Anything (Anonymously) 
The Ask Me Anything (Anonymously) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘askmeanythingpeople’ shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2024-12512

Astoundify–Jobify – Job Board WordPress Theme 
The Jobify – Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the ‘download_image_via_ai’ and ‘generate_image_via_ai’ functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application to upload files in an image format, and to generate AI images using the site’s OpenAI key.
2025-01-24
6.5
CVE-2024-13698

AWS–AWS Sign-in IAM Login Flow 
Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.
2025-01-23
5.3
CVE-2025-0693

ayecode — ketchup_shortcodes 
The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘spacer’ shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-22
6.4
CVE-2024-13590

AyeCode Ltd–Ketchup Shortcodes 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AyeCode Ltd Ketchup Shortcodes allows Stored XSS. This issue affects Ketchup Shortcodes: from n/a through 0.1.2.
2025-01-24
6.5
CVE-2025-24673

AYS Pro Plugins–Quiz Maker Developer 
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2025-01-26
6.1
CVE-2024-10636

ays-pro–Survey Maker 
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
2025-01-26
5.5
CVE-2024-13505

badhonrocks–Carousel Maker for Divi 
The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2025-0350

bdthemes–Prime Slider Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) 
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social_link_title’ parameter of the ‘blog’ widget in all versions up to, and including, 3.16.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-23
6.4
CVE-2024-12043

Booking & Appointment – Repute Infosystems–BookingPress 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Booking & Appointment – Repute Infosystems BookingPress allows DOM-Based XSS. This issue affects BookingPress: from n/a through 1.1.25.
2025-01-24
6.5
CVE-2025-24732

bPlugins–All Embed Elementor Addons 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins All Embed – Elementor Addons allows Stored XSS. This issue affects All Embed – Elementor Addons: from n/a through 1.1.3.
2025-01-24
6.5
CVE-2025-24595

Brainstorm Force–Starter Templates 
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates allows Cross Site Request Forgery. This issue affects Starter Templates: from n/a through 4.4.9.
2025-01-24
4.3
CVE-2025-24568

Brave–Desktop Browser 
On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site’s origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect.
2025-01-21
6.1
CVE-2025-23086

broadstreetads–Broadstreet 
The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘zone’ parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2024-11825

brodosnet–brodos.net Onlineshop Plugin 
The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘BrodosCategory’ shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2024-12529

Bruce Wampler–Weaver Themes Shortcode Compatibility 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bruce Wampler Weaver Themes Shortcode Compatibility allows Stored XSS. This issue affects Weaver Themes Shortcode Compatibility: from n/a through 1.0.4.
2025-01-21
6.5
CVE-2025-22267

buddydev–Activity Plus Reloaded for BuddyPress 
The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the ‘ajax_preview_link’ function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
2025-01-24
5.4
CVE-2024-11913

Christian Leuenberg, L.net Web Solutions–Restrict Anonymous Access 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Christian Leuenberg, L.net Web Solutions Restrict Anonymous Access allows Stored XSS. This issue affects Restrict Anonymous Access: from n/a through 1.2.
2025-01-24
6.5
CVE-2025-24610

cilium–cilium 
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default `Access-Control-Allow-Origin` header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who deploy Hubble UI using either Cilium CLI or via the Cilium Helm chart. A user with access to a Hubble UI instance affected by this issue could leak configuration details about the Kubernetes cluster which Hubble UI is monitoring, including node names, IP addresses, and other metadata about workloads and the cluster networking configuration. In order for this vulnerability to be exploited, a victim would have to first visit a malicious page. This issue is fixed in Cilium v1.14.18, v1.15.12, and v1.16.5. As a workaround, users who deploy Hubble UI using the Cilium Helm chart directly can remove the CORS headers from the Helm template as shown in the patch from commit a3489f190ba6e87b5336ee685fb6c80b1270d06d.
2025-01-22
6.5
CVE-2025-23047

cilium–cilium 
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an attacker can crash Cilium agents by sending a crafted DNS response to workloads from outside the cluster. For traffic that is allowed but without using DNS-based policy, the dataplane will continue to pass traffic as configured at the time of the DoS. For workloads that have DNS-based policy configured, existing connections may continue to operate, and new connections made without relying on DNS resolution may continue to be established, but new connections which rely on DNS resolution may be disrupted. Any configuration changes that affect the impacted agent may not be applied until the agent is able to restart. This issue is fixed in Cilium v1.14.18, v1.15.12, and v1.16.5. No known workarounds are available.
2025-01-22
5.3
CVE-2025-23028

Cisco–Cisco Secure Endpoint 
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2025-01-22
5.3
CVE-2025-20128

cliptakes–Cliptakes 
The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘cliptakes_input_email’ shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-23
6.4
CVE-2024-13389

Code for Recovery–12 Step Meeting List 
Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 12 Step Meeting List: from n/a through 3.16.5.
2025-01-24
6.5
CVE-2025-24580

Code for Recovery–12 Step Meeting List 
Insertion of Sensitive Information Into Sent Data vulnerability in Code for Recovery 12 Step Meeting List allows Retrieve Embedded Sensitive Data. This issue affects 12 Step Meeting List: from n/a through 3.16.5.
2025-01-24
5.3
CVE-2025-24582

codeigniter4–CodeIgniter4 
CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed requests might lead to a DoS scenario if a remote service’s web application firewall interprets them as malicious and blocks further communication with the application. This vulnerability is fixed in 4.5.8.
2025-01-20
5.3
CVE-2025-24013

CodePeople–Booking Calendar Contact Form 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodePeople Booking Calendar Contact Form allows Stored XSS. This issue affects Booking Calendar Contact Form: from n/a through 1.2.55.
2025-01-24
5.9
CVE-2025-24723

CodePeople–Contact Form Email 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodePeople Contact Form Email allows Stored XSS. This issue affects Contact Form Email: from n/a through 1.3.52.
2025-01-24
5.9
CVE-2025-24727

codepeople–Form Builder CP 
The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter of the ‘CP_EASY_FORM_WILL_APPEAR_HERE’ shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2025-01-24
6.5
CVE-2024-13680

codexpert–WC Affiliate A Complete WooCommerce Affiliate Plugin 
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2025-01-26
6.1
CVE-2024-12334

compose-spec–compose-go 
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included
2025-01-23
5.9
CVE-2024-10846

coollabsio–coolify 
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID, resulting in a Denial-of-Service attack (DOS). Version 4.0.0-beta.361 fixes the issue.
2025-01-24
6.5
CVE-2025-22608

coollabsio–coolify 
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to cross-site scripting. Version 4.0.0-beta.380 fixes the issue.
2025-01-24
6.1
CVE-2025-24025

coreymcollins–Etsy Importer 
The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘product_link’ shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2024-12817

Crocoblock–JetElements 
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-21
6.4
CVE-2025-0371

cyberchimps–Responsive Addons for Elementor Free Elementor Addons Plugin and Elementor Templates 
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-24
6.4
CVE-2024-13354

dahlia–fedify 
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover, this issue can also be maneuvered into performing a Blind SSRF attack. This vulnerability is fixed in 1.0.14, 1.1.11, 1.2.11, and 1.3.4.
2025-01-20
5.4
CVE-2025-23221

datafeedr.com–WooCommerce Cloak Affiliate Links 
Cross-Site Request Forgery (CSRF) vulnerability in datafeedr.com WooCommerce Cloak Affiliate Links allows Cross Site Request Forgery. This issue affects WooCommerce Cloak Affiliate Links: from n/a through 1.0.35.
2025-01-24
5.4
CVE-2025-24647

David de Boer–Paytium 
Generation of Error Message Containing Sensitive Information vulnerability in David de Boer Paytium allows Retrieve Embedded Sensitive Data. This issue affects Paytium: from n/a through 4.4.11.
2025-01-24
5.3
CVE-2025-24552

dev@tamara.co–Tamara Checkout 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in dev@tamara.co Tamara Checkout allows Stored XSS. This issue affects Tamara Checkout: from n/a through 1.9.8.
2025-01-21
6.5
CVE-2025-23997

directus–directus 
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instances that are impacted are those that use the share feature and have specific roles hierarchy and fields that are not visible for certain roles. Version 11.2.0 contains a patch the issue.
2025-01-23
5
CVE-2025-24353

DLX Plugins–Comment Edit Core Simple Comment Editing 
Server-Side Request Forgery (SSRF) vulnerability in DLX Plugins Comment Edit Core – Simple Comment Editing allows Server Side Request Forgery. This issue affects Comment Edit Core – Simple Comment Editing: from n/a through 3.0.33.
2025-01-24
4.4
CVE-2025-24703

dotrex–Power Ups for Elementor 
The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘magic-button’ shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2024-13548

ECOVACS–ECOVACS HOME 
The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed.
2025-01-23
6.5
CVE-2024-52327

ECOVACS–Unspecified robots 
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.
2025-01-23
6.3
CVE-2024-12078

Elastic–Elastic Defend 
Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend to crash which in turn will prevent it from quarantining the file and/or killing the process.
2025-01-21
5.5
CVE-2024-37284

Elastic–Elasticsearch 
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
2025-01-21
6.5
CVE-2024-43709

Elastic–Kibana 
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana.
2025-01-23
6.5
CVE-2024-43708

Elastic–Kibana 
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana.
2025-01-23
6.5
CVE-2024-52972

Elastic–Kibana 
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana.
2025-01-21
6.5
CVE-2024-52973

Elastic–Kibana 
A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that return JSON could be accessed. This can be carried out by users with read access to Fleet.
2025-01-23
4.3
CVE-2024-43710

ElementInvader–ElementInvader Addons for Elementor 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ElementInvader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.0.
2025-01-24
6.5
CVE-2025-24578

ElementInvader–ElementInvader Addons for Elementor 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3.
2025-01-24
6.5
CVE-2025-24729

ElementInvader–ElementInvader Addons for Elementor 
Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1.
2025-01-24
4.3
CVE-2025-24618

Enguerran Weiss–Related Post Shortcode 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Enguerran Weiss Related Post Shortcode allows Stored XSS. This issue affects Related Post Shortcode: from n/a through 1.2.
2025-01-21
5.9
CVE-2025-22276

Epsiloncool–WP Fast Total Search 
Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.78.258.
2025-01-24
6.5
CVE-2025-24572

Epsiloncool–WP Fast Total Search 
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.78.258.
2025-01-24
5.4
CVE-2025-24571

Eugen Bobrowski–Debug Tool 
Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2.
2025-01-22
4.3
CVE-2025-23684

ExactMetrics–ExactMetrics 
Missing Authorization vulnerability in ExactMetrics ExactMetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ExactMetrics: from n/a through 8.1.0.
2025-01-24
5.4
CVE-2025-24750

F.A.Q Builder Team–FAQ Builder AYS 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in F.A.Q Builder Team FAQ Builder AYS allows Stored XSS. This issue affects FAQ Builder AYS: from n/a through 1.7.3.
2025-01-24
5.9
CVE-2025-24722

Farhan Noor–ApplyOnline Application Form Builder and Manager 
Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.6.7.1.
2025-01-21
4.3
CVE-2025-22721

flexmls–Flexmls IDX Plugin 
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and ‘api_secret’ parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 3.14.25.
2025-01-25
6.4
CVE-2024-10552

FluentSMTP & WPManageNinja Team–FluentSMTP 
Cross-Site Request Forgery (CSRF) vulnerability in FluentSMTP & WPManageNinja Team FluentSMTP allows Cross Site Request Forgery. This issue affects FluentSMTP: from n/a through 2.2.80.
2025-01-24
4.3
CVE-2025-24739

Foliovision–FV Thoughtful Comments 
Missing Authorization vulnerability in Foliovision FV Thoughtful Comments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FV Thoughtful Comments: from n/a through 0.3.5.
2025-01-24
4.3
CVE-2025-24613

Fortinet–FortiTester 
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
2025-01-22
4.7
CVE-2022-23439

G5Theme–Essential Real Estate 
Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross Site Request Forgery. This issue affects Essential Real Estate: from n/a through 5.1.8.
2025-01-24
4.3
CVE-2025-24698

Gagan Sandhu , Enej Bajgoric , CTLT DEV, UBC–People Lists 
Missing Authorization vulnerability in Gagan Sandhu , Enej Bajgoric , CTLT DEV, UBC People Lists allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects People Lists: from n/a through 1.3.10.
2025-01-24
4.3
CVE-2025-24691

gambit — stackable 
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter of the Button block in all versions up to, and including, 3.13.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-22
6.4
CVE-2024-12117

GitLab–GitLab 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint.
2025-01-24
6.4
CVE-2024-11931

GitoxideLabs–gitoxide 
gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some situations. This vulnerability is fixed in 0.17.0.
2025-01-20
5
CVE-2025-22620

GoDaddy–CoBlocks 
Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoBlocks: from n/a through 3.1.13.
2025-01-24
4.3
CVE-2025-24751

Google–Android 
In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
6.5
CVE-2024-43763

Google–Android 
In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
5.5
CVE-2023-40108

Google–Android 
In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-01-21
5.5
CVE-2024-49733

HasThemes–Extensions For CF7 
Server-Side Request Forgery (SSRF) vulnerability in HasThemes Extensions For CF7 allows Server Side Request Forgery. This issue affects Extensions For CF7: from n/a through 3.2.0.
2025-01-24
4.4
CVE-2025-24695

HCL Software–BigFix Patch Management Download Plug-ins 
BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks.
2025-01-23
5.3
CVE-2024-42187

HelloAsso–HelloAsso 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HelloAsso HelloAsso allows Stored XSS. This issue affects HelloAsso: from n/a through 1.1.11.
2025-01-24
6.5
CVE-2025-24575

hk1993–WP Contact Form7 Email Spam Blocker 
The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2025-01-25
6.1
CVE-2024-13467

HL7–fhir-ig-publisher 
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username and credential. This does not impact users that clone public repos without credentials, such as those using the auto-ig-build continuous integration infrastructure. This problem has been patched in release 1.8.9. Some workarounds are available. Users should ensure the IG repo they are publishing does not have username or credentials included in the `origin` URL. Running the command `git remote origin url` should return a URL that contains no username, password, or token; or users should run the IG Publisher CLI with the `-repo` parameter and specify a URL that contains no username, password, or token.
2025-01-24
4.2
CVE-2025-24363

HT Plugins–HT Conctact Form 7 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HT Plugins HT Conctact Form 7 allows Stored XSS. This issue affects HT Conctact Form 7: from n/a through 1.2.1.
2025-01-24
6.5
CVE-2025-24726

IBM–Analytics Content Hub 
IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
2025-01-25
5.3
CVE-2024-35134

IBM–Automation Decision Services 
IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.
2025-01-26
6.2
CVE-2024-31906

IBM–Cloud Pak System 
IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
2025-01-25
5.3
CVE-2023-38012

IBM–Cloud Pak System 
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.
2025-01-25
5.3
CVE-2023-38013

IBM–Cloud Pak System 
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.
2025-01-25
5.3
CVE-2023-38713

IBM–Cloud Pak System 
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.
2025-01-25
5.3
CVE-2023-38714

IBM–Cloud Pak System 
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system.
2025-01-25
5.3
CVE-2023-38716

IBM–Cloud Pak System 
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.
2025-01-25
4.3
CVE-2023-38271

IBM–Cognos Analytics Mobile 
IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.
2025-01-26
4.2
CVE-2023-38009

IBM–Common Licensing 
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.
2025-01-26
6.2
CVE-2023-50945

IBM–Common Licensing 
IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism.
2025-01-26
6.5
CVE-2023-50946

IBM–Concert Software 
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
2025-01-24
5.9
CVE-2024-41757

IBM–Control Center 
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
2025-01-25
5.4
CVE-2024-35112

IBM–Control Center 
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.
2025-01-25
5.3
CVE-2024-35114

IBM–Control Center 
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
2025-01-25
4.3
CVE-2024-35111

IBM–Control Center 
IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.
2025-01-25
4.3
CVE-2024-35113

IBM–InfoSphere Information Server 
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
2025-01-24
5.3
CVE-2024-40706

IBM–Maximo Application Suite 
IBM Maximo Application Suite 9.0.0 – Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2025-01-25
6.1
CVE-2024-35145

IBM–Maximo Application Suite 
IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 – Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
2025-01-25
6.3
CVE-2024-35148

IBM–Maximo Application Suite 
IBM Maximo Application Suite 8.10, 8.11, and 9.0 – Monitor Component stores source code on the web server that could aid in further attacks against the system.
2025-01-25
5.3
CVE-2024-35144

IBM–Maximo Application Suite 
IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 – Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries.
2025-01-25
5.3
CVE-2024-35150

IBM–Maximo Asset Management 
IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.
2025-01-24
6.5
CVE-2024-45077

IBM–Robotic Process Automation for Cloud Pak 
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2025-01-22
4.4
CVE-2024-51457

IBM–Security Verify Access 
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.
2025-01-20
5.6
CVE-2024-45647

IBM–Security Verify Bridge 
IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service.
2025-01-23
6
CVE-2024-45672

IBM–Sterling B2B Integrator Standard Edition 
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2025-01-23
6.4
CVE-2023-50309

IBM–Sterling B2B Integrator Standard Edition 
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2025-01-23
4.6
CVE-2023-32340

IBM–Tivoli Application Dependency Discovery Manager 
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2025-01-23
6.4
CVE-2025-23227

IBM–UrbanCode Deploy 
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
2025-01-21
6.2
CVE-2024-45091

IBM–UrbanCode Velocity 
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
2025-01-20
5.9
CVE-2024-22347

IBM–UrbanCode Velocity 
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
2025-01-20
5.3
CVE-2024-22348

IBM–UrbanCode Velocity 
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.
2025-01-20
4
CVE-2024-22349

ibsofts–Boom Fest 
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘bf_admin_action’ function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings that change the appearance of the website.
2025-01-25
5.3
CVE-2024-13449

icegram–Icegram 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in icegram Icegram allows Stored XSS. This issue affects Icegram: from n/a through 3.1.31.
2025-01-24
6.5
CVE-2025-24542

icopydoc — xml_for_google_merchant_center 
The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘feed_id’ parameter in all versions up to, and including, 3.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2025-01-22
6.1
CVE-2024-13406

imdr–Masy Gallery 
The Masy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘justified-gallery’ shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2024-13586

IP2Location–Download IP2Location Country Blocker 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in IP2Location Download IP2Location Country Blocker allows Stored XSS. This issue affects Download IP2Location Country Blocker: from n/a through 2.38.3.
2025-01-24
5.9
CVE-2025-24731

Itechscripts–School Management Software 
A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-01-26
6.3
CVE-2017-20196

itsourcecode–Farm Management System 
A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigphoto leads to unrestricted upload. The attack can be initiated remotely.
2025-01-20
4.7
CVE-2025-0582

jackdewey–Bilingual Linker 
The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2024-13441

jackdewey–Link Library 
The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘searchll’ parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2025-01-21
6.1
CVE-2024-13404

Jenkins Project–Jenkins Azure Service Fabric Plugin 
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs obtained through another method.
2025-01-22
4.3
CVE-2025-24402

Jenkins Project–Jenkins Azure Service Fabric Plugin 
A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins.
2025-01-22
4.3
CVE-2025-24403

Jenkins Project–Jenkins Eiffel Broadcaster Plugin 
Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with the legitimate credentials.
2025-01-22
4.3
CVE-2025-24400

Jenkins Project–Jenkins Folder-based Authorization Strategy Plugin 
Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they’re no longer entitled to.
2025-01-22
6.8
CVE-2025-24401

Jenkins Project–Jenkins GitLab Plugin 
An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credential IDs of GitLab API token and Secret text credentials stored in Jenkins.
2025-01-22
4.3
CVE-2025-24397

JetBrains–Hub 
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
2025-01-21
6.7
CVE-2025-24456

JetBrains–TeamCity 
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
2025-01-21
6.5
CVE-2025-24461

JetBrains–TeamCity 
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
2025-01-21
4.6
CVE-2025-24459

JetBrains–TeamCity 
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
2025-01-21
4.3
CVE-2025-24460

JetBrains–YouTrack 
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
2025-01-21
5.5
CVE-2025-24457

jitendra742744–Simple Gallery with Filter 
The Simple Gallery with Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘c2tw_sgwf’ shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-24
6.4
CVE-2024-13583

Joe Hawes–Auction Nudge Your eBay on Your Site 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Joe Hawes Auction Nudge – Your eBay on Your Site allows Stored XSS. This issue affects Auction Nudge – Your eBay on Your Site: from n/a through 7.2.0.
2025-01-24
5.9
CVE-2025-24658

JoeyBling–bootplus 
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been classified as critical. Affected is an unknown function of the file /admin/sys/menu/list. The manipulation of the argument sort/order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
2025-01-24
6.3
CVE-2025-0698

JoeyBling–bootplus 
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sys/role/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
2025-01-24
6.3
CVE-2025-0699

JoeyBling–bootplus 
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/sys/log/list. The manipulation of the argument logId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
2025-01-24
6.3
CVE-2025-0700

JoeyBling–bootplus 
A vulnerability classified as critical has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This affects an unknown part of the file /admin/sys/user/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
2025-01-24
6.3
CVE-2025-0701

JoeyBling–bootplus 
A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
2025-01-24
6.3
CVE-2025-0702

JoeyBling–bootplus 
A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Affected is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument w/h leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
2025-01-24
5.3
CVE-2025-0704

JoeyBling–bootplus 
A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
2025-01-24
4.3
CVE-2025-0703

JoeyBling–bootplus 
A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this vulnerability is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument text leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
2025-01-24
4.3
CVE-2025-0705

JS Morisset–JSM Show Post Metadata 
Missing Authorization vulnerability in JS Morisset JSM Show Post Metadata allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JSM Show Post Metadata: from n/a through 4.6.0.
2025-01-24
4.3
CVE-2025-24589

Kadence WP–Gutenberg Blocks by Kadence Blocks 
Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.3.1.
2025-01-24
4.3
CVE-2025-24753

Kiboko Labs–Chained Quiz 
Server-Side Request Forgery (SSRF) vulnerability in Kiboko Labs Chained Quiz allows Server Side Request Forgery. This issue affects Chained Quiz: from n/a through 1.3.2.9.
2025-01-24
4.4
CVE-2025-24701

Kyle Phillips–Nested Pages 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kyle Phillips Nested Pages allows Stored XSS. This issue affects Nested Pages: from n/a through 3.2.9.
2025-01-24
5.9
CVE-2025-24579

Lars Wallenborn–Show/Hide Shortcode 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lars Wallenborn Show/Hide Shortcode allows Stored XSS. This issue affects Show/Hide Shortcode: from n/a through 1.0.0.
2025-01-24
6.5
CVE-2025-24687

Leetoo–Toocheke Companion 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leetoo Toocheke Companion allows Stored XSS. This issue affects Toocheke Companion: from n/a through 1.166.
2025-01-22
5.9
CVE-2025-23992

leogermani–Tainacan 
The Tainacan plugin for WordPress is vulnerable to SQL Injection via the ‘collection_id’ parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2025-01-23
6.5
CVE-2024-13236

linearoy–Linear 
The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the ‘linear-debug’. This makes it possible for unauthenticated attackers to reset the plugin’s cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2025-01-25
4.3
CVE-2024-13709

Linnea Huxford, LinSoftware–Blur Text 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Linnea Huxford, LinSoftware Blur Text allows Stored XSS. This issue affects Blur Text: from n/a through 1.0.0.
2025-01-24
6.5
CVE-2025-24627

linux — linux_kernel 
In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one may set net.sctp.max_autoclose to UINT_MAX. There is code in sctp_association_init() that can consequently trigger overflow.
2025-01-21
5.5
CVE-2024-57938

linux — linux_kernel 
In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, ‘dentry’ will not be incremented, causing condition ‘dentry < max_dentries’ unable to prevent an infinite loop. This infinite loop causes s_lock not to be released, and other tasks will hang, such as exfat_sync_fs(). This commit stops traversing the cluster chain when there is unused directory entry in the cluster to avoid this infinite loop.
2025-01-21
5.5
CVE-2024-57940

linux — linux_kernel 
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1298: Add NULL check in ads1298_init devm_kasprintf() can return a NULL pointer on failure. A check on the return value of such a call in ads1298_init() is missing. Add it.
2025-01-21
5.5
CVE-2024-57944

linux — linux_kernel 
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid extent tree [BUG] Syzbot reported a crash with the following call trace: BTRFS info (device loop0): scrub: started on devid 1 BUG: kernel NULL pointer dereference, address: 0000000000000208 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) – not-present page PGD 106e70067 P4D 106e70067 PUD 107143067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 UID: 0 PID: 689 Comm: repro Kdump: loaded Tainted: G O 6.13.0-rc4-custom+ #206 Tainted: [O]=OOT_MODULE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022 RIP: 0010:find_first_extent_item+0x26/0x1f0 [btrfs] Call Trace: <TASK> scrub_find_fill_first_stripe+0x13d/0x3b0 [btrfs] scrub_simple_mirror+0x175/0x260 [btrfs] scrub_stripe+0x5d4/0x6c0 [btrfs] scrub_chunk+0xbb/0x170 [btrfs] scrub_enumerate_chunks+0x2f4/0x5f0 [btrfs] btrfs_scrub_dev+0x240/0x600 [btrfs] btrfs_ioctl+0x1dc8/0x2fa0 [btrfs] ? do_sys_openat2+0xa5/0xf0 __x64_sys_ioctl+0x97/0xc0 do_syscall_64+0x4f/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> [CAUSE] The reproducer is using a corrupted image where extent tree root is corrupted, thus forcing to use "rescue=all,ro" mount option to mount the image. Then it triggered a scrub, but since scrub relies on extent tree to find where the data/metadata extents are, scrub_find_fill_first_stripe() relies on an non-empty extent root. But unfortunately scrub_find_fill_first_stripe() doesn’t really expect an NULL pointer for extent root, it use extent_root to grab fs_info and triggered a NULL pointer dereference. [FIX] Add an extra check for a valid extent root at the beginning of scrub_find_fill_first_stripe(). The new error path is introduced by 42437a6386ff ("btrfs: introduce mount option rescue=ignorebadroots"), but that’s pretty old, and later commit b979547513ff ("btrfs: scrub: introduce helper to find and fill sector info for a scrub_stripe") changed how we do scrub. So for kernels older than 6.6, the fix will need manual backport.
2025-01-21
5.5
CVE-2025-21658

linuxfoundation — magma 
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `eNB_UE_S1AP_ID` field.
2025-01-21
6.5
CVE-2023-37030

linuxfoundation — magma 
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `eNB Configuration Transfer` packet missing its required `Target eNB ID` field.
2025-01-21
6.5
CVE-2023-37031

linuxfoundation — magma 
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `EUTRAN_CGI` field.
2025-01-21
6.5
CVE-2023-37033

linuxfoundation — magma 
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `TAI` field.
2025-01-21
6.5
CVE-2023-37034

linuxfoundation — magma 
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `ENB_UE_S1AP_ID` field.
2025-01-21
6.5
CVE-2023-37036

linuxfoundation — magma 
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Supported TAs` field.
2025-01-21
6.5
CVE-2023-37037

linuxfoundation — magma 
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `MME_UE_S1AP_ID` field.
2025-01-21
6.5
CVE-2023-37038

Listamester–Listamester 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Listamester Listamester allows Stored XSS. This issue affects Listamester: from n/a through 2.3.4.
2025-01-24
6.5
CVE-2025-24678

listamester–Listamester 
The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘listamester’ shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-24
6.4
CVE-2024-13659

Marco Almeida | Webdados–Taxonomy/Term and Role based Discounts for WooCommerce 
Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/a through 5.1.
2025-01-24
4.3
CVE-2025-24625

mastowkir–NOTICE BOARD BY TOWKIR 
The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘notice-board’ shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2024-12816

Matthias Wagner – FALKEmedia–Caching Compatible Cookie Opt-In and JavaScript 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matthias Wagner – FALKEmedia Caching Compatible Cookie Opt-In and JavaScript allows Stored XSS. This issue affects Caching Compatible Cookie Opt-In and JavaScript: from n/a through 0.0.10.
2025-01-24
6.5
CVE-2025-24547

Metaphor Creations–Post Duplicator 
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35.
2025-01-24
4.3
CVE-2025-24736

Microsoft–Microsoft Edge (Chromium-based) 
Microsoft Edge (Chromium-based) Spoofing Vulnerability
2025-01-24
5.4
CVE-2025-21262

mikemmx–Super Block Slider 
Missing Authorization vulnerability in mikemmx Super Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Block Slider: from n/a through 2.7.9.
2025-01-24
4.3
CVE-2025-24682

Mobotix–M15 
A vulnerability was found in Mobotix M15 4.3.4.83 and classified as problematic. This issue affects some unknown processing of the file /control/player?center&eventlist&pda&dummy_for_reload=1736177631&p_evt. The manipulation of the argument p_qual leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-01-20
4.3
CVE-2025-0576

MuffinGroup–Betheme 
The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-21
6.4
CVE-2025-0450

MultiVendorX–WC Marketplace 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MultiVendorX WC Marketplace allows Stored XSS. This issue affects WC Marketplace: from n/a through 4.2.13.
2025-01-24
6.5
CVE-2025-24706

N.O.U.S. Open Useful and Simple–Event post 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS. This issue affects Event post: from n/a through 5.9.7.
2025-01-24
6.5
CVE-2025-24585

n/a–n/a 
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Reset` packet missing an expected `ResetType` field.
2025-01-21
6.5
CVE-2023-37025

n/a–n/a 
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Release Response` packet missing an expected `MME_UE_S1AP_ID` field.
2025-01-21
6.5
CVE-2023-37026

n/a–n/a 
Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Modification Indication` packet missing an expected `eNB_UE_S1AP_ID` field.
2025-01-21
6.5
CVE-2023-37027

n/a–n/a 
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Modification Indication` packet missing an expected `eNB_UE_S1AP_ID` field.
2025-01-21
6.5
CVE-2023-37028

n/a–n/a 
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Global eNB ID` field.
2025-01-21
6.5
CVE-2023-37035

n/a–n/a 
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allow network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `RRC Establishment Clause` field.
2025-01-22
6.5
CVE-2023-37039

n/a–n/a 
Homarr before v0.14.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notebook widget.
2025-01-21
6.1
CVE-2023-45908

n/a–n/a 
An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.
2025-01-21
6.5
CVE-2024-24443

n/a–n/a 
OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is received that is unsupported, OAI indexes into a null function pointer and subsequently dereferences it.
2025-01-21
6.5
CVE-2024-24445

n/a–n/a 
A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editing or deleting users.
2025-01-21
6.1
CVE-2024-54792

n/a–n/a 
OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.
2025-01-23
6.5
CVE-2024-55193

n/a–n/a 
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter.
2025-01-23
6.1
CVE-2024-57326

n/a–n/a 
Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.
2025-01-23
6.1
CVE-2024-57386

n/a–n/a 
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (page) is copied to the stack without length verification.
2025-01-21
6.3
CVE-2024-57537

n/a–n/a 
Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component
2025-01-23
6.1
CVE-2024-57556

n/a–n/a 
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component blend_transformed_tiled_argb.isra.0.
2025-01-23
6.5
CVE-2024-57719

n/a–n/a 
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_blend.
2025-01-23
6.5
CVE-2024-57720

n/a–n/a 
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path.
2025-01-23
6.5
CVE-2024-57721

n/a–n/a 
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component composition_source_over.
2025-01-23
6.5
CVE-2024-57723

n/a–n/a 
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component gray_record_cell.
2025-01-23
6.5
CVE-2024-57724

n/a–n/a 
OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.
2025-01-21
5.4
CVE-2024-48392

n/a–n/a 
SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function.
2025-01-21
5.4
CVE-2024-54795

n/a–n/a 
D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp.
2025-01-22
5.7
CVE-2024-56914

n/a–n/a 
Stored Cross-Site Scripting (XSS) in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription.
2025-01-22
5.4
CVE-2024-56923

n/a–n/a 
An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.
2025-01-24
5.5
CVE-2024-57184

n/a–n/a 
HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.
2025-01-23
5.4
CVE-2024-57329

n/a–n/a 
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (ipv6_protect_status) is copied to the stack without length verification.
2025-01-21
5.5
CVE-2024-57541

n/a–n/a 
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (dhcpstart_ip) is copied to the stack without length verification.
2025-01-21
5.5
CVE-2024-57543

n/a–n/a 
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (lan_ipaddr) is copied to the stack without length verification.
2025-01-21
5.5
CVE-2024-57544

n/a–n/a 
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (hidden_dhcp_num) is copied to the stack without length verification.
2025-01-21
5.5
CVE-2024-57545

n/a–n/a 
KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function.
2025-01-23
4.3
CVE-2023-46400

n/a–n/a 
Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6.
2025-01-21
4.8
CVE-2024-55958

n/a–n/a 
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the ‘Email’ parameter.
2025-01-21
4.2
CVE-2024-56997

n/a–n/a 
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address.
2025-01-21
4.2
CVE-2024-56998

n/a–Shiprocket Module 
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/rest_api&action=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to incorrect authorization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-01-20
5.6
CVE-2025-0580

NEC Corporation–WebSAM DeploymentManager 
NEC Corporation’s WebSAM DeploymentManager v6.0 to v6.80 allows an attacker to reset configurations or restart products via network with X-FRAME-OPTIONS is not specified.
2025-01-21
5.3
CVE-2024-6466

neofix–Simple Downloads List 
The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the ‘category’ attribute of the ‘neofix_sdl’ shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2025-01-24
6.5
CVE-2024-13594

nfusionsolutions–Precious Metals Charts and Widgets for WordPress 
The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘nfusion-widget’ shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-24
6.4
CVE-2024-13572

NinjaTeam–GDPR CCPA Compliance Support 
Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1.
2025-01-24
4.3
CVE-2025-24591

nmedia–GoHero Store Customizer for WooCommerce 
The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings.
2025-01-25
4.3
CVE-2024-12826

nodejs–undici 
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
2025-01-21
6.8
CVE-2025-22150

NotFound–Bonjour Bar 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Bonjour Bar allows Stored XSS. This issue affects Bonjour Bar: from n/a through 1.0.0.
2025-01-21
5.9
CVE-2025-22262

NotFound–Database Sync 
Missing Authorization vulnerability in NotFound Database Sync allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Database Sync: from n/a through 0.5.1.
2025-01-22
6.5
CVE-2025-23486

NotFound–XLSXviewer 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in NotFound XLSXviewer allows Path Traversal. This issue affects XLSXviewer: from n/a through 2.1.1.
2025-01-22
5.8
CVE-2025-23562

NowButtons.com–Call Now Button 
Cross-Site Request Forgery (CSRF) vulnerability in NowButtons.com Call Now Button allows Cross Site Request Forgery. This issue affects Call Now Button: from n/a through 1.4.13.
2025-01-24
4.3
CVE-2025-24738

nuxt–nuxt 
Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite builder may get the source code stolen by malicious websites. Version 3.15.3 fixes the vulnerability.
2025-01-25
5.3
CVE-2025-24360

nuxt–nuxt 
Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject a malicious script in their site and run the script. By using `Function::toString` against the values in `window.webpackChunknuxt_app`, the attacker can get the source code. Version 3.15.13 of Nuxt patches this issue.
2025-01-25
5.3
CVE-2025-24361

obsproject–OBS Studio 
A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. The vendor disagrees that this issue is "something worth reporting, as every attack surface requires privileged access/user compromise".
2025-01-20
4.5
CVE-2024-13524

OpenVPN–Easy-RSA 
Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3
2025-01-20
5.3
CVE-2024-13454

Oracle Corporation–JD Edwards EnterpriseOne Orchestrator 
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
2025-01-21
6.5
CVE-2025-21552

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
6.5
CVE-2025-21508

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
6.5
CVE-2025-21509

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
6.1
CVE-2025-21512

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
6.1
CVE-2025-21513

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
6.1
CVE-2025-21527

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
6.1
CVE-2025-21538

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
5.4
CVE-2024-21245

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
5.4
CVE-2025-21507

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
2025-01-21
5.3
CVE-2025-21514

Oracle Corporation–JD Edwards EnterpriseOne Tools 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
2025-01-21
4.3
CVE-2025-21517

Oracle Corporation–MySQL Cluster 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
6.5
CVE-2025-21518

Oracle Corporation–MySQL Cluster 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21531

Oracle Corporation–MySQL Cluster 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21543

Oracle Corporation–MySQL Connectors 
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H).
2025-01-21
6.4
CVE-2025-21548

Oracle Corporation–MySQL Enterprise Firewall 
Vulnerability in the MySQL Enterprise Firewall product of Oracle MySQL (component: Firewall). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Firewall. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Firewall. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.4
CVE-2025-21495

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
6.5
CVE-2025-21500

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
6.5
CVE-2025-21501

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
6.5
CVE-2025-21522

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
6.5
CVE-2025-21566

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
2025-01-21
5.5
CVE-2025-21497

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
2025-01-21
5.4
CVE-2025-21540

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
2025-01-21
5.5
CVE-2025-21555

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
2025-01-21
5.5
CVE-2025-21559

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21490

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21491

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21492

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.4
CVE-2025-21493

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.1
CVE-2025-21494

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21499

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21503

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21504

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21505

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.4
CVE-2025-21519

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21523

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21525

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21529

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Performance Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21534

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2025-01-21
4.9
CVE-2025-21536

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
2025-01-21
4.3
CVE-2025-21567

Oracle Corporation–Oracle Advanced Outbound Telephony 
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data as well as unauthorized read access to a subset of Oracle Advanced Outbound Telephony accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
6.1
CVE-2025-21489

Oracle Corporation–Oracle Agile PLM Framework 
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: SDK-Software Development Kit). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
2025-01-21
6.5
CVE-2025-21560

Oracle Corporation–Oracle Application Express 
Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
5.4
CVE-2025-21557

Oracle Corporation–Oracle Communications Order and Service Management 
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
2025-01-21
6.3
CVE-2025-21542

Oracle Corporation–Oracle Communications Order and Service Management 
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order and Service Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
5.4
CVE-2025-21544

Oracle Corporation–Oracle Communications Order and Service Management 
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
2025-01-21
5.3
CVE-2025-21554

Oracle Corporation–Oracle Database Server 
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data as well as unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).
2025-01-21
4.2
CVE-2025-21553

Oracle Corporation–Oracle Financial Services Behavior Detection Platform 
Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Web UI). Supported versions that are affected are 8.0.8.1, 8.1.2.7 and 8.1.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Behavior Detection Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Behavior Detection Platform accessible data as well as unauthorized read access to a subset of Oracle Financial Services Behavior Detection Platform accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
6.1
CVE-2025-21550

Oracle Corporation–Oracle HTTP Server 
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
2025-01-21
5.3
CVE-2025-21498

Oracle Corporation–Oracle Hyperion Data Relationship Management 
Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Services). The supported version that is affected is 11.2.19.0.000. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Data Relationship Management. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Data Relationship Management. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
2025-01-21
6.6
CVE-2025-21569

Oracle Corporation–Oracle Hyperion Data Relationship Management 
Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security). The supported version that is affected is 11.2.19.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Data Relationship Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Data Relationship Management accessible data. CVSS 3.1 Base Score 4.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N).
2025-01-21
4.5
CVE-2025-21568

Oracle Corporation–Oracle Java SE 
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
2025-01-21
4.8
CVE-2025-21502

Oracle Corporation–Oracle Life Sciences Argus Safety 
Vulnerability in the Oracle Life Sciences Argus Safety product of Oracle Health Sciences Applications (component: Login). The supported version that is affected is 8.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences Argus Safety. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Life Sciences Argus Safety, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Life Sciences Argus Safety accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
6.1
CVE-2025-21570

Oracle Corporation–Oracle Solaris 
Vulnerability in the Oracle Solaris product of Oracle Systems (component: File system). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).
2025-01-21
6
CVE-2025-21551

Oracle Corporation–Oracle VM VirtualBox 
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
2025-01-21
5.5
CVE-2025-21533

Oracle Corporation–Oracle Workflow 
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data as well as unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
2025-01-21
5.4
CVE-2025-21541

Oracle Corporation–PeopleSoft Enterprise CC Common Application Objects 
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Run Control Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
2025-01-21
4.3
CVE-2025-21562

Oracle Corporation–PeopleSoft Enterprise CC Common Application Objects 
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Run Control Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
2025-01-21
4.3
CVE-2025-21563

Oracle Corporation–PeopleSoft Enterprise FIN Cash Management 
Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Cash Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Cash Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Cash Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Cash Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
2025-01-21
5.4
CVE-2025-21537

Oracle Corporation–PeopleSoft Enterprise FIN eSettlements 
Vulnerability in the PeopleSoft Enterprise FIN eSettlements product of Oracle PeopleSoft (component: eSettlements). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN eSettlements. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN eSettlements accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN eSettlements accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
2025-01-21
5.4
CVE-2025-21539

Oracle Corporation–PeopleSoft Enterprise PeopleTools 
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
2025-01-21
4.3
CVE-2025-21530

Oracle Corporation–PeopleSoft Enterprise SCM Purchasing 
Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM Purchasing accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise SCM Purchasing accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
2025-01-21
5.4
CVE-2025-21561

Oracle Corporation–Primavera P6 Enterprise Project Portfolio Management 
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 and 23.12.1.0-23.12.10.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
5.4
CVE-2025-21526

Oracle Corporation–Primavera P6 Enterprise Project Portfolio Management 
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and 22.12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
2025-01-21
5.4
CVE-2025-21558

Oracle Corporation–Primavera P6 Enterprise Project Portfolio Management 
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 and 23.12.1.0-23.12.10.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
2025-01-21
4.3
CVE-2025-21528

osamaesh–WP Visitor Statistics (Real Time Traffic) 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.2.
2025-01-24
6.5
CVE-2025-24675

otrok7–BMLT Meeting Map 
The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘bmlt_meeting_map’ shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-24
6.4
CVE-2024-12494

Pagelayer Team–PageLayer 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pagelayer Team PageLayer allows DOM-Based XSS. This issue affects PageLayer: from n/a through 1.9.4.
2025-01-24
6.5
CVE-2025-24573

pagup–WP Google Street View (with 360 virtual tour) & Google maps + Local SEO 
The WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wpgsv’ shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-24
6.4
CVE-2024-13542

Patreon–Patreon WordPress 
Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1.
2025-01-24
6.5
CVE-2025-24588

paulrosen–ABC Notation 
The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the ‘file’ attribute of the ‘abcjs’ shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
2025-01-25
6.5
CVE-2024-13550

paulrosen–ABC Notation 
The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘abcjs’ shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2024-13551

Pete Dring–Create with Code 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pete Dring Create with Code allows DOM-Based XSS. This issue affects Create with Code: from n/a through 1.4.
2025-01-24
6.5
CVE-2025-24638

phpMyAdmin–phpMyAdmin 
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.
2025-01-23
6.4
CVE-2025-24529

phpMyAdmin–phpMyAdmin 
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.
2025-01-23
6.4
CVE-2025-24530

PickPlugins–Job Board Manager 
Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Board Manager allows Cross Site Request Forgery. This issue affects Job Board Manager: from n/a through 2.1.59.
2025-01-24
5.4
CVE-2025-24622

Plethora Plugins–Plethora Plugins Tabs + Accordions 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Plethora Plugins Plethora Plugins Tabs + Accordions allows Stored XSS. This issue affects Plethora Plugins Tabs + Accordions: from n/a through 1.1.5.
2025-01-24
6.5
CVE-2025-24709

plethoraplugins–Plethora Plugins Tabs + Accordions 
The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2024-13721

PluginOps–MailChimp Subscribe Forms 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS. This issue affects MailChimp Subscribe Forms : from n/a through 4.1.
2025-01-21
6.5
CVE-2025-22727

Poll Maker Team–Poll Maker 
Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a.
2025-01-21
5.3
CVE-2024-56277

Popup Maker–Popup Maker 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2.
2025-01-24
6.5
CVE-2025-24746

PrestaShop–ps_contactinfo 
ps_contactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting (XSS) vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if the shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored cross-site scripting in formatting objects. Commit d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39 keeps formatted addresses from displaying a XSS stored in the database, and the fix is expected to be available in version 3.3.3. No workarounds are available aside from applying the fix and keeping all modules maintained and update.
2025-01-22
6.2
CVE-2025-24027

pwndoc–pwndoc 
PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user’s behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit 14acb704891245bf1703ce6296d62112e85aa995 patches the issue.
2025-01-20
6.8
CVE-2025-23044

qchantelnotice–WordPress SEO Friendly Accordion FAQ with AI assisted content generation 
The WordPress SEO Friendly Accordion FAQ with AI assisted content generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘noticefaq’ shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2024-13458

Qualifio–Wheel of fortune 
Input validation vulnerability in Qualifio’s Wheel of Fortune. This vulnerability could allow an attacker to modify a single email to contain upper and lower case characters in order to access the application and win prizes as many times as wanted.
2025-01-21
5.3
CVE-2025-0614

Qualifio–Wheel of fortune 
Input validation vulnerability in Qualifio’s Wheel of Fortune. This vulnerability allows an attacker to modify an email to contain the ‘+’ symbol to access the application and win prizes as many times as wanted.
2025-01-21
5.3
CVE-2025-0615

quantumcloud — wpot 
The WPBot Pro WordPress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘qc_wp_latest_update_check_pro’ function in all versions up to, and including, 13.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create Simple Text Responses to chat queries.
2025-01-22
4.3
CVE-2024-12879

RadiusTheme–Radius Blocks 
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Radius Blocks allows Cross Site Request Forgery. This issue affects Radius Blocks: from n/a through 2.1.2.
2025-01-24
5.4
CVE-2025-24712

Really Simple Security–Really Simple SSL 
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Security Really Simple SSL allows Cross Site Request Forgery. This issue affects Really Simple SSL: from n/a through 9.1.4.
2025-01-24
4.3
CVE-2025-24623

realmag777–MDTF Meta Data and Taxonomies Filter 
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mdf_results_by_ajax’ shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-23
6.4
CVE-2024-13340

Red Hat–Red Hat Build of Keycloak 
A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions.
2025-01-22
5.4
CVE-2025-0604

Replicated–Replicated Classic 
Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin Console API on port 8800. This CVE was originally reserved in 2021 and later publicly disclosed by Replicated on their website on 21 October 2021. However, it mistakenly remained in the Reserved But Public (RBP) status with the CVE Numbering Authority (CNA). Please note that this product reached its end of life on 31 December 2024. Publishing this CVE with the CNA was required to comply with CNA rules, despite the fact that the issue was disclosed and fixed four years ago, and the affected product is no longer supported as of 2024. Summary of VulnerabilityThis advisory discloses a low severity security vulnerability in the versions of Replicated Classic listed above ("Affected Replicated Classic Versions") DescriptionReplicated Classic versions prior to 2.53.1 have an authenticated API from the Replicated Admin Console that may expose sensitive data including application secrets, depending on how the application manifests are written. A user with valid credentials and access to the Admin Console port (8800) on the Replicated Classic server can retrieve container definitions including environment variables which may contain passwords and other secrets depending on how the application is configured. This data is shared over authenticated sessions to the Admin Console only, and was never displayed or used in the application processing. To remediate this issue, we removed the sensitive data from the API, sending only the data to the Admin Console that was needed. TimelineThis issue was discovered during a security review on 16 September 2021. Patched versions were released on 23 September 2021. This advisory was published on 21 October 2021. The CVE Numbering Authority (CNA) notified Replicated on 23 January 2025 that the CVE was still in Reserved But Public (RBP) status. Upon discovering the oversight in updating the status to published with the CNA, Replicated submitted the updated report on the same day, 23 January 2025.
2025-01-23
4.9
CVE-2021-42718

Revmakx–WP Duplicate WordPress Migration Plugin 
Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6.
2025-01-24
5.4
CVE-2025-24652

Rextheme–WP VR 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rextheme WP VR allows DOM-Based XSS. This issue affects WP VR: from n/a through 8.5.14.
2025-01-24
6.5
CVE-2025-24730

rometheme–RomethemeKit For Elementor 
The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
2025-01-24
4.3
CVE-2024-10324

Roninwp–FAT Event Lite 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Roninwp FAT Event Lite allows Stored XSS. This issue affects FAT Event Lite: from n/a through 1.1.
2025-01-21
6.5
CVE-2025-22718

RSTheme–Ultimate Coming Soon & Maintenance 
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9.
2025-01-24
5.4
CVE-2025-24546

RSTheme–Ultimate Coming Soon & Maintenance 
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9.
2025-01-24
4.3
CVE-2025-24543

Sebastian Zaha–Magic the Gathering Card Tooltips 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sebastian Zaha Magic the Gathering Card Tooltips allows Stored XSS. This issue affects Magic the Gathering Card Tooltips: from n/a through 3.4.0.
2025-01-24
6.5
CVE-2025-24704

shazahm1hotmailcom–Connections Business Directory 
The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content.
2025-01-25
6.5
CVE-2024-12885

silverplugins217–Build Private Store For Woocommerce 
Missing Authorization vulnerability in silverplugins217 Build Private Store For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Build Private Store For Woocommerce: from n/a through 1.0.
2025-01-24
5.3
CVE-2025-24633

Smackcoders–WP Ultimate Exporter 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Smackcoders WP Ultimate Exporter allows Absolute Path Traversal. This issue affects WP Ultimate Exporter: from n/a through 2.9.
2025-01-24
4.9
CVE-2025-24611

sovica–Target Video Easy Publish 
The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the resync_carousel(), seek_snapshot(), uploaded_cc(), and remove_cc() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2025-01-25
6.1
CVE-2024-12076

Speedcomp–Linet ERP-Woocommerce Integration 
Missing Authorization vulnerability in Speedcomp Linet ERP-Woocommerce Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.7.
2025-01-24
6.5
CVE-2025-24594

sperse–Automate Hub Free by Sperse.IO 
The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the ‘automate_hub’ page. This makes it possible for unauthenticated attackers to update an activation status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2025-01-24
4.3
CVE-2024-13683

stellarwp–Membership Plugin Restrict Content 
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
2025-01-26
5.3
CVE-2024-11090

suhas93–SEO Blogger to WordPress Migration using 301 Redirection 
The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2025-01-23
6.1
CVE-2024-13422

Svetoslav Marinov (Slavi)–Orbisius Simple Notice 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Svetoslav Marinov (Slavi) Orbisius Simple Notice allows Stored XSS. This issue affects Orbisius Simple Notice: from n/a through 1.1.3.
2025-01-24
5.9
CVE-2025-24634

Telstra–Smart Modem Gen 2 
A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
2025-01-24
5.3
CVE-2025-0697

templatescoderthemes–Spexo Addons for Elementor Free Elementor Addons, Widgets and Templates 
The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install a theme.
2025-01-24
4.3
CVE-2024-13335

Teplitsa. Technologies for Social Good–ShMapper by Teplitsa 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Teplitsa. Technologies for Social Good ShMapper by Teplitsa allows Stored XSS. This issue affects ShMapper by Teplitsa: from n/a through 1.5.0.
2025-01-24
5.9
CVE-2025-24674

the_champ–Social Share, Social Login and Social Comments Plugin Super Socializer 
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the ‘SuperSocializerKey’ parameter in all versions up to, and including, 7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional values into the already existing query that can be used to extract user metadata from the database.
2025-01-21
5.3
CVE-2024-13230

theDotstore–Product Size Charts Plugin for WooCommerce 
Missing Authorization vulnerability in theDotstore Product Size Charts Plugin for WooCommerce.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through 2.4.5.
2025-01-24
4.3
CVE-2025-23991

theeventscalendar–The Events Calendar 
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-23
6.4
CVE-2024-12118

themefusion–Avada (Fusion) Builder 
The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-22
6.4
CVE-2024-12477

themehunk–Variation Swatches for WooCommerce 
The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settings_init() function, which processes a reset action based on specific query parameters in the URL. The related delete_settings() function performs a faulty nonce validation check, making the reset operation insecure and susceptible to unauthorized access.
2025-01-23
4.3
CVE-2024-13511

ThemeIsle–AI Chatbot for WordPress Hyve Lite 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeIsle AI Chatbot for WordPress – Hyve Lite allows Stored XSS. This issue affects AI Chatbot for WordPress – Hyve Lite: from n/a through 1.2.2.
2025-01-24
5.9
CVE-2025-24666

themeisle–Multiple Page Generator Plugin MPG 
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the ‘mpg_download_file_by_link’ function. This makes it possible for authenticated attackers, with editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
2025-01-26
5.4
CVE-2024-10705

Themeisle–PPOM for WooCommerce 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeisle PPOM for WooCommerce allows Stored XSS. This issue affects PPOM for WooCommerce: from n/a through 33.0.8.
2025-01-24
5.9
CVE-2025-24668

themify — themify_builder 
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2025-01-22
6.1
CVE-2024-13319

thimpress — wp_hotel_booking 
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a list of registered user emails.
2025-01-22
4.3
CVE-2024-13447

thimpress–LearnPress WordPress LMS Plugin 
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP Instructor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-25
6.4
CVE-2024-13599

ThimPress–Thim Elementor Kit 
Missing Authorization vulnerability in ThimPress Thim Elementor Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Elementor Kit: from n/a through 1.2.8.
2025-01-24
4.3
CVE-2025-24725

tuxlog–wp-greet 
The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2025-01-21
6.1
CVE-2024-13444

umbraco–Umbraco-CMS 
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it’s possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and 15.1.2 contain a patch. No known workarounds are available.
2025-01-21
5.3
CVE-2025-24011

umbraco–Umbraco-CMS 
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain a patch.
2025-01-21
4.6
CVE-2025-24012

Uyumsoft Informatin Systems–Uyumsoft ERP 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS.This issue affects Uyumsoft ERP: before Erp4.2109.166p45.
2025-01-23
5.5
CVE-2024-10539

vcita.com–Online Payments Get Paid with PayPal, Square & Stripe 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in vcita.com Online Payments – Get Paid with PayPal, Square & Stripe allows Stored XSS. This issue affects Online Payments – Get Paid with PayPal, Square & Stripe: from n/a through 3.20.0.
2025-01-21
6.5
CVE-2025-22661

videowhisper — picture_gallery 
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘videowhisper_pictures’ shortcode in all versions up to, and including, 1.5.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-22
6.4
CVE-2024-13584

videowhisper–Broadcast Live Video Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP 
The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘videowhisper_hls’ shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-01-23
6.4
CVE-2024-12504

Vikas Ratudi–VForm 
Missing Authorization vulnerability in Vikas Ratudi VForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VForm: from n/a through 3.0.5.
2025-01-24
5.4
CVE-2025-24604

vim–vim 
Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn’t show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn’t been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.
2025-01-20
4.2
CVE-2025-24014

vitejs–vite 
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.
2025-01-20
6.5
CVE-2025-24010

WC Product Table–WooCommerce Product Table Lite 
Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.8.7.
2025-01-24
5.3
CVE-2025-24596

webraketen–Internal Links Manager 
Missing Authorization vulnerability in webraketen Internal Links Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Links Manager: from n/a through 2.5.2.
2025-01-24
4.3
CVE-2025-24679

WebToffee–Wishlist for WooCommerce 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebToffee Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 2.1.2.
2025-01-24
5.9
CVE-2025-24657

WebToffee–WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS. This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.7.1.
2025-01-24
5.9
CVE-2025-24644

Widget Options Team–Widget Options 
Missing Authorization vulnerability in Widget Options Team Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Widget Options: from n/a through 4.0.8.
2025-01-21
4.3
CVE-2025-22722

Wow-Company–Bubble Menu circle floating menu 
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu allows Cross Site Request Forgery. This issue affects Bubble Menu – circle floating menu: from n/a through 4.0.2.
2025-01-24
5.4
CVE-2025-24714

Wow-Company–Button Generator easily Button Builder 
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder allows Cross Site Request Forgery. This issue affects Button Generator – easily Button Builder: from n/a through 3.1.1.
2025-01-24
5.4
CVE-2025-24713

Wow-Company–Counter Box 
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery. This issue affects Counter Box: from n/a through 2.0.5.
2025-01-24
5.4
CVE-2025-24715

Wow-Company–Herd Effects 
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1.
2025-01-24
5.4
CVE-2025-24716

Wow-Company–Modal Window 
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4.
2025-01-24
5.4
CVE-2025-24717

Wow-Company–Popup Box 
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup Box allows Cross Site Request Forgery. This issue affects Popup Box: from n/a through 3.2.4.
2025-01-24
5.4
CVE-2025-24711

Wow-Company–Side Menu Lite 
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite allows Cross Site Request Forgery. This issue affects Side Menu Lite: from n/a through 5.3.1.
2025-01-24
5.4
CVE-2025-24724

Wow-Company–Sticky Buttons 
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1.
2025-01-24
5.4
CVE-2025-24720

WP Attire–Attire Blocks 
Cross-Site Request Forgery (CSRF) vulnerability in WP Attire Attire Blocks allows Cross Site Request Forgery. This issue affects Attire Blocks: from n/a through 1.9.6.
2025-01-24
4.3
CVE-2025-24696

WP Desk–Flexible PDF Coupons 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Desk Flexible PDF Coupons allows Stored XSS. This issue affects Flexible PDF Coupons: from n/a through n/a.
2025-01-21
6.5
CVE-2025-22825

wp-polls_project — wp-polls 
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries. Those queries are stored and results are not displayed to the attacker, which means they cannot be exploited to obtain any additional information about the database. However, a properly configured payload allows for the injection of malicious JavaScript resulting in Stored Cross-Site Scripting.
2025-01-22
5.4
CVE-2024-13426

wpase.com–Admin and Site Enhancements (ASE) 
Missing Authorization vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.
2025-01-24
4.3
CVE-2025-24649

wpdevart–Widget Countdown 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpdevart Widget Countdown allows Stored XSS. This issue affects Widget Countdown: from n/a through 2.7.1.
2025-01-24
6.5
CVE-2025-24719

wpfeedback–Visual Website Collaboration, Feedback & Project Management Atarim 
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and including, 4.0.9. This makes it possible for unauthenticated attackers to delete project pages and files.
2025-01-21
5.3
CVE-2024-12104

wpWax–Product Carousel Slider & Grid Ultimate for WooCommerce 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows Stored XSS. This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through 1.10.0.
2025-01-24
5.9
CVE-2025-24681

Xagio–Xagio SEO 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Xagio Xagio SEO allows Stored XSS. This issue affects Xagio SEO: from n/a through 7.0.0.20.
2025-01-24
6.5
CVE-2025-24702

Xerox–Xerox Workplace Suite 
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.
2025-01-23
6.5
CVE-2024-55925

Xerox–Xerox Workplace Suite 
A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data
2025-01-23
6.3
CVE-2024-55926

Xerox–Xerox Workplace Suite 
A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions.
2025-01-23
6.4
CVE-2024-55927

Xerox–Xerox Workplace Suite 
Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption
2025-01-23
6.8
CVE-2024-55928

Xerox–Xerox Workplace Suite 
Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files
2025-01-23
6.6
CVE-2024-55930

Xerox–Xerox Workplace Suite 
A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources.
2025-01-23
5
CVE-2024-55929

Yehi–Advanced Notifications 
Missing Authorization vulnerability in Yehi Advanced Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Notifications: from n/a through 1.2.7.
2025-01-24
4.3
CVE-2025-24693

youzify–Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress 
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key.
2025-01-25
6.5
CVE-2024-13370

youzify–Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress 
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user’s reviews.
2025-01-25
4.3
CVE-2024-12113

youzify–Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress 
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzify_offer_banner() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary site options to a value of one.
2025-01-25
4.3
CVE-2024-13368

zjhzxhz–WP-BibTeX 
The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wp_bibtex_option_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2025-01-21
6.1
CVE-2024-12005

Back to top

Low Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info

bitpressadmin–Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The vulnerability can also be exploited in Multisite environments.
2025-01-25
3.8
CVE-2024-13450

CampCodes–School Management Software 
A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-01-20
3.5
CVE-2025-0581

CampCodes–School Management Software 
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
2025-01-22
3.1
CVE-2025-0625

CampCodes–School Management Software 
A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /notice-list of the component Notice Board Page. The manipulation of the argument Notice leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-01-24
3.5
CVE-2025-0710

ECOVACS–Unspecified robots 
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.
2025-01-23
3.3
CVE-2024-12079

ECOVACS–Unspecified robots 
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
2025-01-23
2.3
CVE-2024-52328

Facile Sistemas–Cloud Apps 
A vulnerability was found in Facile Sistemas Cloud Apps up to 20250107. It has been classified as problematic. Affected is an unknown function of the file /account/forgotpassword of the component Password Reset Handler. The manipulation of the argument reterros leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-01-20
3.5
CVE-2025-0578

fumiao–opencms 
A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument 模板前缀 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-01-24
3.5
CVE-2025-0708

HCL Software–BigFix Patch Management Download Plug-ins 
BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost.
2025-01-23
2.5
CVE-2024-42182

HCL Software–BigFix Patch Management Download Plug-ins 
BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls.
2025-01-23
2.5
CVE-2024-42183

HCL Software–BigFix Patch Management Download Plug-ins 
BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.
2025-01-23
2.5
CVE-2024-42184

HCL Software–BigFix Patch Management Download Plug-ins 
BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial of service and unauthorized access.
2025-01-23
2.5
CVE-2024-42185

HCL Software–BigFix Patch Management Download Plug-ins 
BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation.
2025-01-23
2.8
CVE-2024-42186

himmelblau-idm–himmelblau 
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`.
2025-01-23
3.2
CVE-2025-24034

IBM–i 
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.
2025-01-24
2.8
CVE-2024-35122

JoeyBling–bootplus 
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
2025-01-24
2.4
CVE-2025-0706

Microword–eScan Antivirus 
A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. It has been rated as problematic. Affected by this issue is the function removeExtraSlashes of the file /opt/MicroWorld/sbin/rtscanner of the component Folder Watch List Handler. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-01-26
3.3
CVE-2025-0720

n/a–Dcat-Admin 
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-01-24
2.4
CVE-2025-0709

Oracle Corporation–MySQL Cluster 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).
2025-01-21
1.8
CVE-2025-21520

Oracle Corporation–MySQL Server 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).
2025-01-21
3.8
CVE-2025-21546

Back to top

Severity Not Yet Assigned

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info
Patch Info

7-Zip–7-Zip 
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
2025-01-25
not yet calculated
CVE-2025-0411
zdi-disclosures@trendmicro.comaf854a3a-2127-422b-91ae-364da2661108 

Apache Software Foundation–Apache Ranger 
SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
2025-01-21
not yet calculated
CVE-2024-45479
security@apache.orgaf854a3a-2127-422b-91ae-364da2661108 

Apache Software Foundation–Apache Wicket 
The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.
2025-01-23
not yet calculated
CVE-2024-53299
security@apache.orgaf854a3a-2127-422b-91ae-364da2661108 

Arm–Cortex-A72 
In certain circumstances, an issue in Arm Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim’s branch history.
2025-01-22
not yet calculated
CVE-2024-10929
arm-security@arm.com 

ASUS–Armoury Crate 
A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the ’01/23/2025 Security Update for Armoury Crate App’ section on the ASUS Security Advisory for more information.
2025-01-23
not yet calculated
CVE-2024-12957
54bf65a7-a193-42d2-b1ba-8e150d3c35e1 

azukaar–Cosmos-Server 
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7.
2025-01-20
not yet calculated
CVE-2025-23214
security-advisories@github.comsecurity-advisories@github.com 

Cloudflare–WARP 
Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges  can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the ‘Reset all settings" option the WARP service will delete the files that the symlink was pointing to. Given the WARP service operates with System privileges this might lead to deleting files owned by the System user. This issue affects WARP: before 2024.12.492.0.
2025-01-22
not yet calculated
CVE-2025-0651
cna@cloudflare.com 

coollabsio–coolify 
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of commands on remote servers allows an authenticated user to execute arbitrary code on the local Coolify container, gaining access to data and private keys or tokens of other users/teams. The ability to inject malicious commands into the Coolify container gives authenticated attackers the ability to fully retrieve and control the data and availability of the software. Centrally hosted Coolify instances (open registration and/or multiple teams with potentially untrustworthy users) are especially at risk, as sensitive data of all users and connected servers can be leaked by any user. Additionally, attackers are able to modify the running software, potentially deploying malicious images to remote nodes or generally changing its behavior. Version 4.0.0-beta.253 patches this issue.
2025-01-24
not yet calculated
CVE-2025-22605
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

coollabsio–coolify 
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In version 4.0.0-beta.358 and possibly earlier versions, when creating or updating a "project," it is possible to inject arbitrary shell commands by altering the project name. If a name includes unescaped characters, such as single quotes (`’`), it breaks out of the intended command structure, allowing attackers to execute arbitrary commands on the host system. This vulnerability allows attackers to execute arbitrary commands on the host server, which could result in full system compromise; create, modify, or delete sensitive system files; and escalate privileges depending on the permissions of the executed process. Attackers with access to project management features could exploit this flaw to gain unauthorized control over the host environment. Version 4.0.0-beta.359 fixes this issue.
2025-01-24
not yet calculated
CVE-2025-22606
security-advisories@github.com 

coollabsio–coolify 
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on a Coolify instance by only knowing the UUID of the model. This exposes the "client id", "client secret" and "webhook secret." Version 4.0.0-beta.361 fixes this issue.
2025-01-24
not yet calculated
CVE-2025-22607
security-advisories@github.com 

coollabsio–coolify 
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exposes the "client id" and "client secret" for every custom OAuth provider. The attacker can also modify the global OAuth configuration. Version 4.0.0-beta.361 fixes the issue.
2025-01-24
not yet calculated
CVE-2025-22610
security-advisories@github.com 

CP Plus–CP-XR-DE21-S Router 
This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. A remote attacker could exploit this vulnerability by intercepting data transmissions during an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and compromise the targeted system.
2025-01-20
not yet calculated
CVE-2025-0479
vdisclose@cert-in.org.in 

github–codeql-action 
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository would be able to access this artifact, containing any secrets from the environment. This vulnerability is patched in CodeQL Action version 3.28.3 or later, or CodeQL CLI version 2.20.3 or later. For some affected workflow runs, the exposed environment variables in the debug artifacts included a valid `GITHUB_TOKEN` for the workflow run, which has access to the repository in which the workflow ran, and all the permissions specified in the workflow or job. The `GITHUB_TOKEN` is valid until the job completes or 24 hours has elapsed, whichever comes first. Environment variables are exposed only from workflow runs that satisfy all of the following conditions: – Code scanning workflow configured to scan the Java/Kotlin languages. – Running in a repository containing Kotlin source code. – Running with debug artifacts enabled. – Using CodeQL Action versions <= 3.28.2, and CodeQL CLI versions >= 2.9.2 (May 2022) and <= 2.20.2. – The workflow run fails before the CodeQL database is finalized within the `github/codeql-action/analyze` step. – Running in any GitHub environment: GitHub.com, GitHub Enterprise Cloud, and GitHub Enterprise Server. Note: artifacts are only accessible to users within the same GitHub environment with access to the scanned repo. The `GITHUB_TOKEN` exposed in this way would only have been valid for workflow runs that satisfy all of the following conditions, in addition to the conditions above: – Using CodeQL Action versions >= 3.26.11 (October 2024) and <= 3.28.2, or >= 2.26.11 and < 3. – Running in GitHub.com or GitHub Enterprise Cloud only (not valid on GitHub Enterprise Server). In rare cases during advanced setup, logging of environment variables may also occur during database creation of Java, Swift, and C/C++. Please read the corresponding CodeQL CLI advisory GHSA-gqh3-9prg-j95m for more details. In CodeQL CLI versions >= 2.9.2 and <= 2.20.2, the CodeQL Kotlin extractor logs all environment variables by default into an intermediate file during the process of creating a CodeQL database for Kotlin code. This is a part of the CodeQL CLI and is invoked by the CodeQL Action for analyzing Kotlin repositories. On Actions, the environment variables logged include GITHUB_TOKEN, which grants permissions to the repository being scanned. The intermediate file containing environment variables is deleted when finalizing the database, so it is not included in a successfully created database. It is, however, included in the debug artifact that is uploaded on a failed analysis run if the CodeQL Action was invoked in debug mode. Therefore, under these specific circumstances (incomplete database creation using the CodeQL Action in debug mode) an attacker with access to the debug artifact would gain unauthorized access to repository secrets from the environment, including both the `GITHUB_TOKEN` and any user-configured secrets made available via environment variables. The impact of the `GITHUB_TOKEN` leaked in this environment is limited: – For workflows on GitHub.com and GitHub Enterprise Cloud using CodeQL Action versions >= 3.26.11 and <= 3.28.2, or >= 2.26.11 and < 3, which in turn use the `actions/artifacts v4` library, the debug artifact is uploaded before the workflow job completes. During this time the `GITHUB_TOKEN` is still valid, providing an opportunity for attackers to gain access to the repository. – For all other workflows, the debug artifact is uploaded after the workflow job completes, at which point the leaked `GITHUB_TOKEN` has been revoked and cannot be used to access the repository.
2025-01-24
not yet calculated
CVE-2025-24362
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

GitHub–Enterprise Server 
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0. This vulnerability was reported via the GitHub Bug Bounty program.
2025-01-21
not yet calculated
CVE-2025-23369
product-cna@github.comproduct-cna@github.comproduct-cna@github.comproduct-cna@github.com 

Google–Chrome 
Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
2025-01-22
not yet calculated
CVE-2025-0611
chrome-cve-admin@google.comchrome-cve-admin@google.com 

Google–Chrome 
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
2025-01-22
not yet calculated
CVE-2025-0612
chrome-cve-admin@google.comchrome-cve-admin@google.com 

Gradle–Enterprise 
Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection against brute-force attempts. The applicable severity of this vulnerability depends on whether a Develocity server is accessible by external or unauthorized users, and the complexity of the System User password.
2025-01-26
not yet calculated
CVE-2025-24858
cve@mitre.org 

I-O DATA DEVICE, INC.–UD-LT2 
Improper neutralization of special elements used in an OS command (‘OS Command Injection’) issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can access the affected product with an administrative account.
2025-01-22
not yet calculated
CVE-2025-20617
vultures@jpcert.or.jpvultures@jpcert.or.jp 

I-O DATA DEVICE, INC.–UD-LT2 
Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports.
2025-01-22
not yet calculated
CVE-2025-22450
vultures@jpcert.or.jpvultures@jpcert.or.jp 

I-O DATA DEVICE, INC.–UD-LT2 
Improper neutralization of special elements used in an OS command (‘OS Command Injection’) issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If a user logs in to CLI of the affected product, an arbitrary OS command may be executed.
2025-01-22
not yet calculated
CVE-2025-23237
vultures@jpcert.or.jpvultures@jpcert.or.jp 

LabRedesCefetRJ–WeGIA 
WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.
2025-01-21
not yet calculated
CVE-2025-24020
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage collection anymore, instead the _DEAD bit is set on so the set element is not visible from lookup path anymore. Async GC enqueues transaction work that might be aborted and retried later. rbtree and pipapo set backends does not set on the _DEAD bit from the sync GC path since this runs in control plane path where mutex is held. In this case, set elements are deactivated, removed and then released via RCU callback, sync GC never fails.
2025-01-20
not yet calculated
CVE-2023-52923
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: tracing: Have process_string() also allow arrays In order to catch a common bug where a TRACE_EVENT() TP_fast_assign() assigns an address of an allocated string to the ring buffer and then references it in TP_printk(), which can be executed hours later when the string is free, the function test_event_printk() runs on all events as they are registered to make sure there’s no unwanted dereferencing. It calls process_string() to handle cases in TP_printk() format that has "%s". It returns whether or not the string is safe. But it can have some false positives. For instance, xe_bo_move() has: TP_printk("move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s", __entry->move_lacks_source ? "yes" : "no", __entry->bo, __entry->size, xe_mem_type_to_name[__entry->old_placement], xe_mem_type_to_name[__entry->new_placement], __get_str(device_id)) Where the "%s" references into xe_mem_type_to_name[]. This is an array of pointers that should be safe for the event to access. Instead of flagging this as a bad reference, if a reference points to an array, where the record field is the index, consider it safe.
2025-01-21
not yet calculated
CVE-2024-57930
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels.
2025-01-21
not yet calculated
CVE-2024-57931
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if either of these conditions are false. In the case of no loaded XDP program, priv->num_xdp_queues=0 which can cause a divide-by-zero error, and in the case of interface down, num_xdp_queues remains untouched to persist XDP queue count for the next interface up, but the TX pointer itself would be NULL. The XDP xmit callback also needs to synchronize with a device transitioning from open to close. This synchronization will happen via the GVE_PRIV_FLAGS_NAPI_ENABLED bit along with a synchronize_net() call, which waits for any RCU critical sections at call-time to complete.
2025-01-21
not yet calculated
CVE-2024-57932
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, disabling or enabling XSK pools would result in a crash, as the RX queue pointer would be NULL. XSK pool registration will occur as part of the next interface up. Similarly, xsk_wakeup needs be guarded against queues disappearing while the function is executing, so a check against the GVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the disabling of the bit and the synchronize_net() in gve_turndown.
2025-01-21
not yet calculated
CVE-2024-57933
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: fgraph: Add READ_ONCE() when accessing fgraph_array[] In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[] elements, which are fgraph_ops. The loop checks if an element is a fgraph_stub to prevent using a fgraph_stub afterward. However, if the compiler reloads fgraph_array[] after this check, it might race with an update to fgraph_array[] that introduces a fgraph_stub. This could result in the stub being processed, but the stub contains a null "func_hash" field, leading to a NULL pointer dereference. To ensure that the gops compared against the fgraph_stub matches the gops processed later, add a READ_ONCE(). A similar patch appears in commit 63a8dfb ("function_graph: Add READ_ONCE() when accessing fgraph_array[]").
2025-01-21
not yet calculated
CVE-2024-57934
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix accessing invalid dip_ctx during destroying QP If it fails to modify QP to RTR, dip_ctx will not be attached. And during detroying QP, the invalid dip_ctx pointer will be accessed.
2025-01-21
not yet calculated
CVE-2024-57935
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 SGEs. This is causing traffic failures and system crashes. Use the define for max SGE supported for variable size. This will work for both static and variable WQEs.
2025-01-21
not yet calculated
CVE-2024-57936
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix sleeping in invalid context in die() die() can be called in exception handler, and therefore cannot sleep. However, die() takes spinlock_t which can sleep with PREEMPT_RT enabled. That causes the following warning: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex preempt_count: 110001, expected: 0 RCU nest depth: 0, expected: 0 CPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234 Hardware name: riscv-virtio,qemu (DT) Call Trace: dump_backtrace+0x1c/0x24 show_stack+0x2c/0x38 dump_stack_lvl+0x5a/0x72 dump_stack+0x14/0x1c __might_resched+0x130/0x13a rt_spin_lock+0x2a/0x5c die+0x24/0x112 do_trap_insn_illegal+0xa0/0xea _new_vmalloc_restore_context_a0+0xcc/0xd8 Oops – illegal instruction [#1] Switch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT enabled.
2025-01-21
not yet calculated
CVE-2024-57939
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled (e.g. due to a DIO write on that file), future copying to the cache for that file is disabled until all fds open on that file are closed. However, if netfslib is using the deprecated PG_private_2 method (such as is currently used by ceph), and decides it wants to copy to the cache, netfs_advance_write() will just bail at the first check seeing that the cache stream is unavailable, and indicate that it dealt with all the content. This means that we have no subrequests to provide notifications to drive the state machine or even to pin the request and the request just gets discarded, leaving the folios with PG_private_2 set. Fix this by jumping directly to cancel the request if the cache is not available. That way, we don’t remove mark3 from the folio_queue list and netfs_pgpriv2_cancel() will clean up the folios. This was found by running the generic/013 xfstest against ceph with an active cache and the "-o fsc" option passed to ceph. That would usually hang
2025-01-21
not yet calculated
CVE-2024-57941
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix ceph copy to cache on write-begin At the end of netfs_unlock_read_folio() in which folios are marked appropriately for copying to the cache (either with by being marked dirty and having their private data set or by having PG_private_2 set) and then unlocked, the folio_queue struct has the entry pointing to the folio cleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(), which is used to write folios marked with PG_private_2 to the cache as it expects to be able to trawl the folio_queue list thereafter to find the relevant folios, leading to a hang. Fix this by not clearing the folio_queue entry if we’re going to do the deprecated copy-to-cache. The clearance will be done instead as the folios are written to the cache. This can be reproduced by starting cachefiles, mounting a ceph filesystem with "-o fsc" and writing to it.
2025-01-21
not yet calculated
CVE-2024-57942
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data must be zeroed, otherwise uninitialized data in the page cache will be written. So this commit uses folio_zero_new_buffers() to zero the new buffers before ->write_end().
2025-01-21
not yet calculated
CVE-2024-57943
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: ((struct page *)VMEMMAP_START – (phys_ram_base >> PAGE_SHIFT)). And the struct page’s va can be calculated with an offset: (vmemmap + (pfn)). However, when initializing struct pages, kernel actually starts from the first page from the same section that phys_ram_base belongs to. If the first page’s physical address is not (phys_ram_base >> PAGE_SHIFT), then we get an va below VMEMMAP_START when calculating va for it’s struct page. For example, if phys_ram_base starts from 0x82000000 with pfn 0x82000, the first page in the same section is actually pfn 0x80000. During init_unavailable_range(), we will initialize struct page for pfn 0x80000 with virtual address ((struct page *)VMEMMAP_START – 0x2000), which is below VMEMMAP_START as well as PCI_IO_END. This commit fixes this bug by introducing a new variable ‘vmemmap_start_pfn’ which is aligned with memory section size and using it to calculate vmemmap address instead of phys_ram_base.
2025-01-21
not yet calculated
CVE-2024-57945
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don’t keep queue frozen during system suspend Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues before deleting vqs.") replaces queue quiesce with queue freeze in virtio-blk’s PM callbacks. And the motivation is to drain inflight IOs before suspending. block layer’s queue freeze looks very handy, but it is also easy to cause deadlock, such as, any attempt to call into bio_queue_enter() may run into deadlock if the queue is frozen in current context. There are all kinds of ->suspend() called in suspend context, so keeping queue frozen in the whole suspend context isn’t one good idea. And Marek reported lockdep warning[1] caused by virtio-blk’s freeze queue in virtblk_freeze(). [1] https://lore.kernel.org/linux-block/ca16370e-d646-4eee-b9cc-87277c89c43c@samsung.com/ Given the motivation is to drain in-flight IOs, it can be done by calling freeze & unfreeze, meantime restore to previous behavior by keeping queue quiesced during suspend.
2025-01-21
not yet calculated
CVE-2024-57946
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result and the fill map are swapped, so if we have a set where f->bsize of the first element is smaller than m->bsize_max, those one-bits are leaked into future rounds result map. This makes pipapo find an incorrect matching results for sets where first field size is not the largest. Followup patch adds a test case to nft_concat_range.sh selftest script. Thanks to Stefano Brivio for pointing out that we need to zero out the remainder explicitly, only correcting memset() argument isn’t enough.
2025-01-23
not yet calculated
CVE-2024-57947
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn’t correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctly defer it another RCU grace period.
2025-01-20
not yet calculated
CVE-2025-21655
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur scsi_execute_cmd() function can return both negative (linux codes) and positive (scsi_cmnd result field) error codes. Currently the driver just passes error codes of scsi_execute_cmd() to hwmon core, which is incorrect because hwmon only checks for negative error codes. This leads to hwmon reporting uninitialized data to userspace in case of SCSI errors (for example if the disk drive was disconnected). This patch checks scsi_execute_cmd() output and returns -EIO if it’s error code is positive. [groeck: Avoid inline variable declaration for portability]
2025-01-21
not yet calculated
CVE-2025-21656
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass() scx_ops_bypass() iterates all CPUs to re-enqueue all the scx tasks. For each CPU, it acquires a lock using rq_lock() regardless of whether a CPU is offline or the CPU is currently running a task in a higher scheduler class (e.g., deadline). The rq_lock() is supposed to be used for online CPUs, and the use of rq_lock() may trigger an unnecessary warning in rq_pin_lock(). Therefore, replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass(). Without this change, we observe the following warning: ===== START ===== [ 6.615205] rq->balance_callback && rq->balance_callback != &balance_push_callback [ 6.615208] WARNING: CPU: 2 PID: 0 at kernel/sched/sched.h:1730 __schedule+0x1130/0x1c90 ===== END =====
2025-01-21
not yet calculated
CVE-2025-21657
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the very least NAPI instance belongs to the same netns as the owner of the genl sock. napi_by_id() can become static now, but it needs to move because of dev_get_by_napi_id().
2025-01-21
not yet calculated
CVE-2025-21659
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When `ksmbd_vfs_kern_path_locked` met an error and it is not the last entry, it will exit without restoring changed path buffer. But later this buffer may be used as the filename for creation.
2025-01-21
not yet calculated
CVE-2025-21660
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix missing lookup table cleanups When a virtuser device is created via configfs and the probe fails due to an incorrect lookup table, the table is not removed. This prevents subsequent probe attempts from succeeding, even if the issue is corrected, unless the device is released. Additionally, cleanup is also needed in the less likely case of platform_device_register_full() failure. Besides, a consistent memory leak in lookup_table->dev_id was spotted using kmemleak by toggling the live state between 0 and 1 with a correct lookup table. Introduce gpio_virtuser_remove_lookup_table() as the counterpart to the existing gpio_virtuser_make_lookup_table() and call it from all necessary points to ensure proper cleanup.
2025-01-21
not yet calculated
CVE-2025-21661
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix variable not being completed when function returns When cmd_alloc_index(), fails cmd_work_handler() needs to complete ent->slotted before returning early. Otherwise the task which issued the command may hang: mlx5_core 0000:01:00.0: cmd_work_handler:877:(pid 3880418): failed to allocate command entry INFO: task kworker/13:2:4055883 blocked for more than 120 seconds. Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/13:2 D 0 4055883 2 0x00000228 Workqueue: events mlx5e_tx_dim_work [mlx5_core] Call trace: __switch_to+0xe8/0x150 __schedule+0x2a8/0x9b8 schedule+0x2c/0x88 schedule_timeout+0x204/0x478 wait_for_common+0x154/0x250 wait_for_completion+0x28/0x38 cmd_exec+0x7a0/0xa00 [mlx5_core] mlx5_cmd_exec+0x54/0x80 [mlx5_core] mlx5_core_modify_cq+0x6c/0x80 [mlx5_core] mlx5_core_modify_cq_moderation+0xa0/0xb8 [mlx5_core] mlx5e_tx_dim_work+0x54/0x68 [mlx5_core] process_one_work+0x1b0/0x448 worker_thread+0x54/0x468 kthread+0x134/0x138 ret_from_fork+0x10/0x18
2025-01-21
not yet calculated
CVE-2025-21662
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia’s Tegra MGBE controllers require the IOMMU "Stream ID" (SID) to be written to the MGBE_WRAP_AXI_ASID0_CTRL register. The current driver is hard coded to use MGBE0’s SID for all controllers. This causes softirq time outs and kernel panics when using controllers other than MGBE0. Example dmesg errors when an ethernet cable is connected to MGBE1: [ 116.133290] tegra-mgbe 6910000.ethernet eth1: Link is Up – 1Gbps/Full – flow control rx/tx [ 121.851283] tegra-mgbe 6910000.ethernet eth1: NETDEV WATCHDOG: CPU: 5: transmit queue 0 timed out 5690 ms [ 121.851782] tegra-mgbe 6910000.ethernet eth1: Reset adapter. [ 121.892464] tegra-mgbe 6910000.ethernet eth1: Register MEM_TYPE_PAGE_POOL RxQ-0 [ 121.905920] tegra-mgbe 6910000.ethernet eth1: PHY [stmmac-1:00] driver [Aquantia AQR113] (irq=171) [ 121.907356] tegra-mgbe 6910000.ethernet eth1: Enabling Safety Features [ 121.907578] tegra-mgbe 6910000.ethernet eth1: IEEE 1588-2008 Advanced Timestamp supported [ 121.908399] tegra-mgbe 6910000.ethernet eth1: registered PTP clock [ 121.908582] tegra-mgbe 6910000.ethernet eth1: configuring for phy/10gbase-r link mode [ 125.961292] tegra-mgbe 6910000.ethernet eth1: Link is Up – 1Gbps/Full – flow control rx/tx [ 181.921198] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 181.921404] rcu: 7-….: (1 GPs behind) idle=540c/1/0x4000000000000002 softirq=1748/1749 fqs=2337 [ 181.921684] rcu: (detected by 4, t=6002 jiffies, g=1357, q=1254 ncpus=8) [ 181.921878] Sending NMI from CPU 4 to CPUs 7: [ 181.921886] NMI backtrace for cpu 7 [ 181.922131] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Kdump: loaded Not tainted 6.13.0-rc3+ #6 [ 181.922390] Hardware name: NVIDIA CTI Forge + Orin AGX/Jetson, BIOS 202402.1-Unknown 10/28/2024 [ 181.922658] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=–) [ 181.922847] pc : handle_softirqs+0x98/0x368 [ 181.922978] lr : __do_softirq+0x18/0x20 [ 181.923095] sp : ffff80008003bf50 [ 181.923189] x29: ffff80008003bf50 x28: 0000000000000008 x27: 0000000000000000 [ 181.923379] x26: ffffce78ea277000 x25: 0000000000000000 x24: 0000001c61befda0 [ 181.924486] x23: 0000000060400009 x22: ffffce78e99918bc x21: ffff80008018bd70 [ 181.925568] x20: ffffce78e8bb00d8 x19: ffff80008018bc20 x18: 0000000000000000 [ 181.926655] x17: ffff318ebe7d3000 x16: ffff800080038000 x15: 0000000000000000 [ 181.931455] x14: ffff000080816680 x13: ffff318ebe7d3000 x12: 000000003464d91d [ 181.938628] x11: 0000000000000040 x10: ffff000080165a70 x9 : ffffce78e8bb0160 [ 181.945804] x8 : ffff8000827b3160 x7 : f9157b241586f343 x6 : eeb6502a01c81c74 [ 181.953068] x5 : a4acfcdd2e8096bb x4 : ffffce78ea277340 x3 : 00000000ffffd1e1 [ 181.960329] x2 : 0000000000000101 x1 : ffffce78ea277340 x0 : ffff318ebe7d3000 [ 181.967591] Call trace: [ 181.970043] handle_softirqs+0x98/0x368 (P) [ 181.974240] __do_softirq+0x18/0x20 [ 181.977743] ____do_softirq+0x14/0x28 [ 181.981415] call_on_irq_stack+0x24/0x30 [ 181.985180] do_softirq_own_stack+0x20/0x30 [ 181.989379] __irq_exit_rcu+0x114/0x140 [ 181.993142] irq_exit_rcu+0x14/0x28 [ 181.996816] el1_interrupt+0x44/0xb8 [ 182.000316] el1h_64_irq_handler+0x14/0x20 [ 182.004343] el1h_64_irq+0x80/0x88 [ 182.007755] cpuidle_enter_state+0xc4/0x4a8 (P) [ 182.012305] cpuidle_enter+0x3c/0x58 [ 182.015980] cpuidle_idle_call+0x128/0x1c0 [ 182.020005] do_idle+0xe0/0xf0 [ 182.023155] cpu_startup_entry+0x3c/0x48 [ 182.026917] secondary_start_kernel+0xdc/0x120 [ 182.031379] __secondary_switched+0x74/0x78 [ 212.971162] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 7-…. } 6103 jiffies s: 417 root: 0x80/. [ 212.985935] rcu: blocking rcu_node structures (internal RCU debug): [ 212.992758] Sending NMI from CPU 0 to CPUs 7: [ 212.998539] NMI backtrace for cpu 7 [ 213.004304] CPU: 7 UID: 0 PI —truncated—
2025-01-21
not yet calculated
CVE-2025-21663
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: dm thin: make get_first_thin use rcu-safe list first function The documentation in rculist.h explains the absence of list_empty_rcu() and cautions programmers against relying on a list_empty() -> list_first() sequence in RCU safe code. This is because each of these functions performs its own READ_ONCE() of the list head. This can lead to a situation where the list_empty() sees a valid list entry, but the subsequent list_first() sees a different view of list head state after a modification. In the case of dm-thin, this author had a production box crash from a GP fault in the process_deferred_bios path. This function saw a valid list head in get_first_thin() but when it subsequently dereferenced that and turned it into a thin_c, it got the inside of the struct pool, since the list was now empty and referring to itself. The kernel on which this occurred printed both a warning about a refcount_t being saturated, and a UBSAN error for an out-of-bounds cpuid access in the queued spinlock, prior to the fault itself. When the resulting kdump was examined, it was possible to see another thread patiently waiting in thin_dtr’s synchronize_rcu. The thin_dtr call managed to pull the thin_c out of the active thins list (and have it be the last entry in the active_thins list) at just the wrong moment which lead to this crash. Fortunately, the fix here is straight forward. Switch get_first_thin() function to use list_first_or_null_rcu() which performs just a single READ_ONCE() and returns NULL if the list is already empty. This was run against the devicemapper test suite’s thin-provisioning suites for delete and suspend and no regressions were observed.
2025-01-21
not yet calculated
CVE-2025-21664
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

LizardByte–Sunshine 
Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine’s pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840.
2025-01-20
not yet calculated
CVE-2024-51738
security-advisories@github.comsecurity-advisories@github.com 

M-Files Corporation–M-Files Server 
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords
2025-01-23
not yet calculated
CVE-2025-0619
security@m-files.com 

M-Files Corporation–M-Files Server 
Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions.
2025-01-23
not yet calculated
CVE-2025-0635
security@m-files.com 

M-Files Corporation–M-Files Server 
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 allows a highly privileged attacker to cause denial of service via configuration change.
2025-01-23
not yet calculated
CVE-2025-0648
security@m-files.com 

n/a–n/a 
The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing an oversized Emergency Number List value to the MME to overwrite the stack with arbitrary bytes. An attacker with a cellphone connection to any base station managed by the MME may exploit this vulnerability without having to authenticate with the LTE core.
2025-01-22
not yet calculated
CVE-2023-36998
cve@mitre.orgcve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37002
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37003
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37004
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37005
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37006
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37007
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances.
2025-01-22
not yet calculated
CVE-2023-37008
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37009
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37010
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37011
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37012
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37015
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37016
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37017
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37018
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37019
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37020
cve@mitre.org 

n/a–n/a 
Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2023-37021
cve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.
2025-01-22
not yet calculated
CVE-2023-37023
cve@mitre.org 

n/a–n/a 
Synnefo Internet Management Software 2023 was discovered to contain a SQL injection vulnerability.
2025-01-22
not yet calculated
CVE-2023-37777
cve@mitre.orgcve@mitre.org 

n/a–n/a 
KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function.
2025-01-23
not yet calculated
CVE-2023-46401
cve@mitre.org 

n/a–n/a 
A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
2025-01-22
not yet calculated
CVE-2024-24429
cve@mitre.org 

n/a–n/a 
A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
2025-01-22
not yet calculated
CVE-2024-24432
cve@mitre.org 

n/a–n/a 
Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.
2025-01-21
not yet calculated
CVE-2024-24444
cve@mitre.orgcve@mitre.org 

n/a–n/a 
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service.
2025-01-22
not yet calculated
CVE-2024-34235
cve@mitre.org 

n/a–n/a 
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user’s password is compared to the user’s decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user’s Blocky password and from there impersonate that local user.
2025-01-22
not yet calculated
CVE-2024-42012
cve@mitre.orgcve@mitre.org 

n/a–n/a 
In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of the program.
2025-01-22
not yet calculated
CVE-2024-42013
cve@mitre.orgcve@mitre.org 

n/a–n/a 
gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box.
2025-01-23
not yet calculated
CVE-2024-50664
cve@mitre.org 

n/a–n/a 
gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box.
2025-01-23
not yet calculated
CVE-2024-50665
cve@mitre.org 

n/a–n/a 
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates.
2025-01-24
not yet calculated
CVE-2024-50690
cve@mitre.org 

n/a–n/a 
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.
2025-01-24
not yet calculated
CVE-2024-50692
cve@mitre.org 

n/a–n/a 
In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow.
2025-01-24
not yet calculated
CVE-2024-50694
cve@mitre.org 

n/a–n/a 
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks.
2025-01-24
not yet calculated
CVE-2024-50695
cve@mitre.org 

n/a–n/a 
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.
2025-01-24
not yet calculated
CVE-2024-50698
cve@mitre.org 

n/a–n/a 
An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows remote access to properties on reflection types and static properties/fields.
2025-01-21
not yet calculated
CVE-2024-51417
cve@mitre.orgcve@mitre.orgcve@mitre.org 

n/a–n/a 
Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC’s SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-Service via a malformed Client-Hello message.
2025-01-23
not yet calculated
CVE-2024-53379
cve@mitre.org 

n/a–n/a 
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).
2025-01-23
not yet calculated
CVE-2024-55192
cve@mitre.org 

n/a–n/a 
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.
2025-01-23
not yet calculated
CVE-2024-55194
cve@mitre.org 

n/a–n/a 
An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space.
2025-01-23
not yet calculated
CVE-2024-55195
cve@mitre.org 

n/a–n/a 
A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
2025-01-22
not yet calculated
CVE-2024-55488
cve@mitre.orgcve@mitre.org 

n/a–n/a 
An issue in RAR Extractor – Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploit_combined.dylib component on MacOS.
2025-01-21
not yet calculated
CVE-2024-55504
cve@mitre.orgcve@mitre.orgcve@mitre.org 

n/a–n/a 
SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server.
2025-01-23
not yet calculated
CVE-2024-55971
cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org 

n/a–n/a 
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php.
2025-01-21
not yet calculated
CVE-2024-56990
cve@mitre.org 

n/a–n/a 
TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request.
2025-01-21
not yet calculated
CVE-2024-57036
cve@mitre.org 

n/a–n/a 
A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the ‘about me’ section of their profile.
2025-01-24
not yet calculated
CVE-2024-57041
cve@mitre.orgcve@mitre.orgcve@mitre.org 

n/a–n/a 
SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload.
2025-01-24
not yet calculated
CVE-2024-57095
cve@mitre.orgcve@mitre.org 

n/a–n/a 
InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload.
2025-01-24
not yet calculated
CVE-2024-57277
cve@mitre.orgcve@mitre.orgcve@mitre.org 

n/a–n/a 
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (anonymous_protect_status) is copied to the stack without length verification.
2025-01-21
not yet calculated
CVE-2024-57538
cve@mitre.org 

n/a–n/a 
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEmail.
2025-01-21
not yet calculated
CVE-2024-57539
cve@mitre.org 

n/a–n/a 
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (action) is copied to the stack without length verification.
2025-01-21
not yet calculated
CVE-2024-57540
cve@mitre.org 

n/a–n/a 
A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php.
2025-01-22
not yet calculated
CVE-2025-22980
cve@mitre.org 

Node.js–node 
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (–permission) on Node.js v20, v22, and v23.
2025-01-22
not yet calculated
CVE-2025-23090
support@hackerone.com 

nodejs–node 
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (–permission) on Node.js v20, v22, and v23.
2025-01-22
not yet calculated
CVE-2025-23083
support@hackerone.com 

nodejs–node 
This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components). Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.
2025-01-22
not yet calculated
CVE-2025-23087
support@hackerone.comaf854a3a-2127-422b-91ae-364da2661108 

nodejs–node 
This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components). Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.
2025-01-22
not yet calculated
CVE-2025-23088
support@hackerone.comaf854a3a-2127-422b-91ae-364da2661108 

nodejs–node 
This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components). Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.
2025-01-22
not yet calculated
CVE-2025-23089
support@hackerone.comaf854a3a-2127-422b-91ae-364da2661108 

OpenSSL–OpenSSL 
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low.
2025-01-20
not yet calculated
CVE-2024-13176
openssl-security@openssl.orgopenssl-security@openssl.orgopenssl-security@openssl.orgopenssl-security@openssl.orgopenssl-security@openssl.orgopenssl-security@openssl.orgopenssl-security@openssl.orgopenssl-security@openssl.orgaf854a3a-2127-422b-91ae-364da2661108af854a3a-2127-422b-91ae-364da2661108 

Payara Platform–Payara Server 
Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Request/Response Splitting’) vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0.
2025-01-21
not yet calculated
CVE-2024-45687
769c9ae7-73c3-4e47-ae19-903170fc3eb8769c9ae7-73c3-4e47-ae19-903170fc3eb8769c9ae7-73c3-4e47-ae19-903170fc3eb8 

PHPOffice–PhpSpreadsheet 
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response.
2025-01-20
not yet calculated
CVE-2025-22131
security-advisories@github.comsecurity-advisories@github.com 

The GNU C Library–glibc 
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
2025-01-22
not yet calculated
CVE-2025-0395
3ff69d7a-14f2-4f67-a097-88dee7810d183ff69d7a-14f2-4f67-a097-88dee7810d183ff69d7a-14f2-4f67-a097-88dee7810d183ff69d7a-14f2-4f67-a097-88dee7810d18af854a3a-2127-422b-91ae-364da2661108af854a3a-2127-422b-91ae-364da2661108 

Traffic Alert and Collision Avoidance System (TCAS) II–Collision Avoidance Systems 
For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition.
2025-01-22
not yet calculated
CVE-2024-11166
ics-cert@hq.dhs.gov 

Traffic Alert and Collision Avoidance System (TCAS) II–Collision Avoidance Systems 
By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories (RAs).
2025-01-22
not yet calculated
CVE-2024-9310
ics-cert@hq.dhs.gov 

updatecli–updatecli 
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a `maven` source configured with basic auth credentials, the credentials are being leaked in the application execution logs in case of failure. Credentials are properly sanitized when the operation is successful but not when for whatever reason there is a failure in the maven repository, e.g. wrong coordinates provided, not existing artifact or version. Version 0.93.0 contains a patch for the issue.
2025-01-24
not yet calculated
CVE-2025-24355
security-advisories@github.comsecurity-advisories@github.com 

Back to top

AI Summary and Description: Yes

**Summary:** The provided text extensively details various vulnerabilities found in multiple software products, including WordPress plugins, web applications, and infrastructure components, each designated with Common Vulnerabilities and Exposures (CVE) identifiers, publication dates, and their respective CVSS scores. This information is highly relevant for security, privacy, and compliance professionals who need to monitor and address software vulnerabilities within their environments.

**Detailed Description:**

– **Vulnerability Overview**:
– Each entry in the list outlines vulnerabilities such as SQL injection, XSS, and server-side request forgery (SSRF). The vulnerabilities are categorized based on the CVSS (Common Vulnerability Scoring System) scores ranging from critical (CVSS score > 9) to low (CVSS score < 4). - **Severity Ratings**: - Vulnerabilities are systematically assigned scores that reflect their severity, which assists organizations in prioritizing remediation efforts. High CVSS scores (like 9.8) indicate critical vulnerabilities that attackers could exploit easily, while lower scores (like 3.1) may require significant effort or specific conditions to exploit. - **Impact Analysis**: - The implications of these vulnerabilities are significant, allowing for actions such as unauthorized access to sensitive data, system crashes, or execution of arbitrary code. The text indicates that several vulnerabilities could lead to a complete compromise of the affected systems. - **Actionable Insights**: - **Remediation**: For each listed vulnerability, it's essential to update or patch the affected software versions to mitigate risks. - **Monitoring**: It’s crucial for security teams to continuously monitor for any indicators of exploitation attempts targeting these vulnerabilities, especially in high-risk environments like production systems. - **Compliance Obligations**: Organizations must align their security response strategies with compliance requirements and best practices in data protection, particularly when dealing with personally identifiable information (PII) or sensitive financial data. - **Vulnerable Products**: - The vulnerabilities cover a wide range of products including popular plugins for WordPress, database solutions like MySQL, and enterprise software from companies like Oracle and IBM. This reflects the widespread issue of vulnerabilities impacting software across various domains. - **Security Culture Enhancement**: - Organizations should consider implementing a robust vulnerability management program, which includes regular updates, employee training about security best practices, and potentially utilizing automated tools for vulnerability scanning to aid in early detection and remediation. The text serves as a comprehensive and detailed resource for understanding current vulnerabilities across various software platforms, essential for security and compliance practitioners in assessing their risk landscape and informing their response strategies.