Bulletins: Vulnerability Summary for the Week of February 3, 2025

Feb 10, 2025

—

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-041
Source: Bulletins
Title: Vulnerability Summary for the Week of February 3, 2025

Feedly Summary: High Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info

.TUBE gTLD–.TUBE Video Curator
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in .TUBE gTLD .TUBE Video Curator allows Reflected XSS. This issue affects .TUBE Video Curator: from n/a through 1.1.9.
2025-02-03
7.1
CVE-2025-23799

2N–2N Access Commander
2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices.
2025-02-06
8.1
CVE-2024-47258

ABB–ASPECT-Enterprise
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
2025-02-06
9.8
CVE-2024-51547

Advantive–VeraCore
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
2025-02-03
9.9
CVE-2024-57968

Alexandros Georgiou–Bitcoin and Altcoin Wallets
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alexandros Georgiou Bitcoin and Altcoin Wallets allows Reflected XSS. This issue affects Bitcoin and Altcoin Wallets: from n/a through 6.3.1.
2025-02-03
7.1
CVE-2025-24544

AMD–AMD EPYC 7001 Series
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
2025-02-03
7.2
CVE-2024-56161

Apache Software Foundation–Apache Cassandra
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.
2025-02-04
8.8
CVE-2025-23015

Apache Software Foundation–Apache James server
Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.
2025-02-06
8.6
CVE-2024-37358

Apache Software Foundation–Apache ShardingSphere ElasticJob-UI
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.
2025-02-06
8.5
CVE-2022-31764

ApplicantPro–ApplicantPro
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ApplicantPro ApplicantPro allows Reflected XSS. This issue affects ApplicantPro: from n/a through 1.3.9.
2025-02-03
7.1
CVE-2025-23920

Arm Ltd–Valhall GPU Kernel Driver
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.
2025-02-03
7.8
CVE-2025-0015

Ashlar-Vellum–Cobalt
In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
2025-02-04
7.8
CVE-2023-39943

Ashlar-Vellum–Cobalt
In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
2025-02-04
7.8
CVE-2023-40222

AutomationDirect–C-more EA9 HMI EA9-T6CL
AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.
2025-02-04
9.8
CVE-2025-0960

BannerSky.com–BSK Forms Validation
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BannerSky.com BSK Forms Validation allows Reflected XSS. This issue affects BSK Forms Validation: from n/a through 1.7.
2025-02-03
7.1
CVE-2025-24545

Baxter/ Hillrom–ELI 380 Resting Electrocardiograph
An improper access control vulnerability may allow privilege escalation.This issue affects: * ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; * ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; * ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior; * ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: Versions 2.2.0 and prior.
2025-02-07
7.7
CVE-2022-26389

BigAntSoft–BigAnt Server
BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the “Cloud Storage Addin," leading to unauthenticated code execution.
2025-02-04
9.8
CVE-2025-0364

blackandwhitedigital–BookPress For Book Authors
Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BookPress – For Book Authors: from n/a through 1.2.7.
2025-02-07
8.2
CVE-2025-25167

blackandwhitedigital–BookPress For Book Authors
Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7.
2025-02-07
7.1
CVE-2025-25168

blackus3r–WP Keyword Monitor
Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor allows Stored XSS. This issue affects WP Keyword Monitor: from n/a through 1.0.5.
2025-02-07
7.1
CVE-2025-25088

Blu Logistics Pte. Ltd.–blu Logistics
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blu Logistics Pte. Ltd. blu Logistics allows Reflected XSS. This issue affects blu Logistics: from n/a through 1.0.0.
2025-02-03
7.1
CVE-2025-23591

Brainvireinfo–Dynamic URL SEO
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brainvireinfo Dynamic URL SEO allows Reflected XSS. This issue affects Dynamic URL SEO: from n/a through 1.0.
2025-02-03
7.1
CVE-2025-23984

brandtoss–WP Mailster
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.15.0.
2025-02-03
7.1
CVE-2025-24559

Burtay Arat–Dezdy
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Burtay Arat Dezdy allows Reflected XSS. This issue affects Dezdy: from n/a through 1.0.
2025-02-03
7.1
CVE-2025-23590

Checkmk–NagVis
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
2025-02-04
7.2
CVE-2024-13723

CheGevara–Tags to Keywords
Cross-Site Request Forgery (CSRF) vulnerability in CheGevara Tags to Keywords allows Stored XSS. This issue affects Tags to Keywords: from n/a through 1.0.1.
2025-02-03
7.1
CVE-2025-22685

Chimpstudio–WP Directorybox Manager
The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the ‘wp_dp_enquiry_agent_contact_form_submit_callback’ function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.
2025-02-08
9.8
CVE-2025-0316

Cisco–Cisco Identity Services Engine Software
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.
2025-02-05
9.9
CVE-2025-20124

Cisco–Cisco Identity Services Engine Software
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.
2025-02-05
9.1
CVE-2025-20125

Cisco–IOS
A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.
2025-02-05
7.7
CVE-2025-20169

Cisco–IOS
A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.
2025-02-05
7.7
CVE-2025-20172

ckan–ckan
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could lead to escalation of privileges of the original submitter or other malicious actions. Users must have been registered to the site to exploit this vulnerability. This vulnerability has been fixed in CKAN 2.10.7 and 2.11.2. Users are advised to upgrade. On versions prior to CKAN 2.10.7 and 2.11.2, site maintainers can restrict the file types supported for uploading using the `ckan.upload.user.mimetypes` / `ckan.upload.user.types` and `ckan.upload.group.mimetypes` / `ckan.upload.group.types` config options. To entirely disable file uploads users can use: `ckan.upload.user.types = none`
2025-02-05
7.3
CVE-2025-24372

ClearML–ClearML
A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability.
2025-02-06
9
CVE-2024-39272

ClearML–ClearML
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.
2025-02-06
7.7
CVE-2024-43779

clidey–whodb
WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on. Affected versions of WhoDB allow users to connect to Sqlite3 databases. By default, the databases must be present in `/db/` (or alternatively `./tmp/` if development mode is enabled). If no databases are present in the default directory, the UI indicates that the user is unable to open any databases. The database file is an user-controlled value. This value is used in `.Join()` with the default directory, in order to get the full path of the database file to open. No checks are performed whether the database file that is eventually opened actually resides in the default directory `/db`. This allows an attacker to use path traversal (`../../`) in order to open any Sqlite3 database present on the system. This issue has been addressed in version 0.45.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-06
10
CVE-2025-24786

clidey–whodb
WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build database connection URIs which are then passed to corresponding libraries responsible for setting up the database connections. This string concatenation is done unsafely and without escaping or encoding the user input. This allows an user, in many cases, to inject arbitrary parameters into the URI string. These parameters can be potentially dangerous depending on the libraries used. One of these dangerous parameters is `allowAllFiles` in the library `github.com/go-sql-driver/mysql`. Should this be set to `true`, the library enables running the `LOAD DATA LOCAL INFILE` query on any file on the host machine (in this case, the machine that WhoDB is running on). By injecting `&allowAllFiles=true` into the connection URI and connecting to any MySQL server (such as an attacker-controlled one), the attacker is able to read local files. This issue has been addressed in version 0.45.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-06
8.6
CVE-2025-24787

Contest Gallery–Contest Gallery
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Contest Gallery Contest Gallery allows SQL Injection. This issue affects Contest Gallery: from n/a through 25.1.0.
2025-02-03
7.6
CVE-2025-22693

curl–curl
libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.
2025-02-05
9.8
CVE-2025-0665

curl–curl
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
2025-02-05
7.3
CVE-2025-0725

CyferShepard–Jellystat
Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the route(s). This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admin(s), there is very little scope for abuse. However, the `DELETE` `files/:filename` can be used to delete any file. This issue has been addressed in version 1.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
8.7
CVE-2025-24960

Cynob IT Consultancy–WP Custom Post RSS Feed
Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed allows Stored XSS. This issue affects WP Custom Post RSS Feed: from n/a through 1.0.0.
2025-02-07
7.1
CVE-2025-25139

CyrilG–Fyrebox Quizzes
Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 2.7.
2025-02-07
7.1
CVE-2025-25125

D-Link–DHP-W310AV
A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-02-07
7.3
CVE-2025-1104

Danillo Nunes–Login-box
Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box allows Stored XSS. This issue affects Login-box: from n/a through 2.0.4.
2025-02-07
7.1
CVE-2025-25149

Delta Electronics–CNCSoft-G2
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
2025-02-07
7.8
CVE-2025-22880

DigiTimber–DigiTimber cPanel Integration
Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration allows Stored XSS. This issue affects DigiTimber cPanel Integration: from n/a through 1.4.6.
2025-02-03
7.1
CVE-2025-22690

discourse–discourse
Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.
2025-02-04
8.2
CVE-2024-55948

discourse–discourse
Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade may disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.
2025-02-04
8.2
CVE-2025-23023

djjmz–Simple Auto Tag
Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag allows Stored XSS. This issue affects Simple Auto Tag: from n/a through 1.1.
2025-02-07
7.1
CVE-2025-25153

drakkan–sftpgo
SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends. Due to missing sanitization of the client provided `rsync` command, an authenticated remote user can use some options of the rsync command to read or write files with the permissions of the SFTPGo server process. This issue was fixed in version v2.6.5 by checking the client provided arguments. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-07
7.5
CVE-2025-24366

Dreamvention–Live AJAX Search Free
A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue is the function searchresults/search of the file /?route=extension/live_search/module/live_search.searchresults. The manipulation of the argument keyword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-02-08
7.3
CVE-2025-1116

DualCube–MooWoodle
Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle allows Retrieve Embedded Sensitive Data. This issue affects MooWoodle: from n/a through 3.2.4.
2025-02-03
7.5
CVE-2025-24556

Ederson Peka–Media Downloader
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ederson Peka Media Downloader allows Reflected XSS. This issue affects Media Downloader: from n/a through 0.4.7.5.
2025-02-03
7.1
CVE-2025-24684

Ederson Peka–Unlimited Page Sidebars
Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars allows Stored XSS. This issue affects Unlimited Page Sidebars: from n/a through 0.2.6.
2025-02-03
7.1
CVE-2025-22688

efreja–Music Sheet Viewer
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in efreja Music Sheet Viewer allows Path Traversal. This issue affects Music Sheet Viewer: from n/a through 4.1.
2025-02-07
7.5
CVE-2025-25155

Elber–Signum DVB-S/S2 IRD
Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user’s password within the system. This grants them unauthorized administrative access to protected areas of the application, compromising the device’s system security.
2025-02-07
9.8
CVE-2025-0674

Elber–Signum DVB-S/S2 IRD
Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.
2025-02-07
7.5
CVE-2025-0675

ElbowRobo–Read More Copy Link
Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link allows Stored XSS. This issue affects Read More Copy Link: from n/a through 1.0.2.
2025-02-07
7.1
CVE-2025-25148

Emili Castells–DK White Label
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Emili Castells DK White Label allows Reflected XSS. This issue affects DK White Label: from n/a through 1.0.
2025-02-03
7.1
CVE-2025-24541

F5–BIG-IP
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
8.8
CVE-2025-20029

F5–BIG-IP
When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
8.7
CVE-2025-23239

F5–BIG-IP
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix for CVE-2024-31156 https://my.f5.com/manage/s/article/K000138636 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
8
CVE-2025-24320

F5–BIG-IP
When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
7.5
CVE-2025-20045

F5–BIG-IP
When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
2025-02-05
7.5
CVE-2025-20058

F5–BIG-IP
When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
2025-02-05
7.5
CVE-2025-21087

F5–BIG-IP
When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
2025-02-05
7.5
CVE-2025-21091

F5–BIG-IP
When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
7.5
CVE-2025-22846

F5–BIG-IP
When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
7.5
CVE-2025-22891

F5–BIG-IP
When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
7.5
CVE-2025-23412

F5–BIG-IP
When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
7.5
CVE-2025-24312

F5–BIG-IP
When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
7.5
CVE-2025-24326

F5–BIG-IP
When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
7.5
CVE-2025-24497

FancyWP–Starter Templates by FancyWP
Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0.
2025-02-07
9.6
CVE-2025-25106

Fatcat Apps–Landing Page Cat
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fatcat Apps Landing Page Cat allows Reflected XSS. This issue affects Landing Page Cat: from n/a through 1.7.7.
2025-02-03
7.1
CVE-2025-24576

Four-Faith–F3x36
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.
2025-02-04
9.8
CVE-2024-9643

Four-Faith–F3x36
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.
2025-02-04
9.8
CVE-2024-9644

gabrieldarezzo–InLocation
Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation allows Stored XSS. This issue affects InLocation: from n/a through 1.8.
2025-02-07
7.1
CVE-2025-25166

GitLab–GitLab VSCode Fork
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE
2025-02-07
8.7
CVE-2024-10383

GitLab–GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names.
2025-02-05
7.5
CVE-2024-2878

GitLab–GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow.
2025-02-05
7.5
CVE-2024-9631

Go toolchain–cmd/go
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2.
2025-02-06
7.5
CVE-2025-22867

GT3 Photo Gallery–Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GT3 Photo Gallery Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery allows Reflected XSS. This issue affects Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.24.
2025-02-03
7.1
CVE-2025-24707

Haider Ali–Bulk Categories Assign
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Haider Ali Bulk Categories Assign allows Reflected XSS. This issue affects Bulk Categories Assign: from n/a through 1.0.
2025-02-03
7.1
CVE-2025-23582

Hakan Ozevin–WP BASE Booking
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hakan Ozevin WP BASE Booking allows Stored XSS. This issue affects WP BASE Booking: from n/a through 5.0.0.
2025-02-03
7.1
CVE-2025-22684

Hesabfa–Hesabfa Accounting
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hesabfa Hesabfa Accounting allows Reflected XSS. This issue affects Hesabfa Accounting: from n/a through 2.1.2.
2025-02-03
7.1
CVE-2025-22682

Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.
2025-02-04
8.8
CVE-2025-23058

Honeywell–OneWireless Network Wireless Device Manager
Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to R322.3, R330.2 or the most recent version of this product2.
2025-02-06
9.1
CVE-2023-5878

Huawei–HarmonyOS
Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
2025-02-06
7.7
CVE-2024-57960

IBM–Cognos Analytics
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
2025-02-05
7.1
CVE-2024-49352

IBM–EntireX
IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
2025-02-06
7.1
CVE-2024-54171

IBM–Security Verify Access Appliance
IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges.
2025-02-06
7.8
CVE-2024-49814

IBM–Security Verify Directory
IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
2025-02-06
9.1
CVE-2024-51450

idIA Tech–Catalog Importer, Scraper & Crawler
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in idIA Tech Catalog Importer, Scraper & Crawler allows Reflected XSS. This issue affects Catalog Importer, Scraper & Crawler: from n/a through 5.1.3.
2025-02-03
7.1
CVE-2025-22775

Impronta–Janto
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user’s password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.
2025-02-07
9.9
CVE-2025-1107

Impronta–Janto
Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into the ‘Xml’ parameter on the ‘/public/cgi/Gateway.php’ endpoint.
2025-02-07
8.6
CVE-2025-1108

Juniper Networks–Junos OS
This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS). This issue affects: Junos OS: * from 22.4 before 22.4R3-S4. Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.
2025-02-05
7.5
CVE-2024-39564

kleor–Contact Manager
The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible in specific configurations where the first extension is processed over the final. This vulnerability also requires successfully exploiting a race condition in order to exploit.
2025-02-05
8.1
CVE-2025-1028

Landoweb Programador–World Cup Predictor
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Landoweb Programador World Cup Predictor allows Reflected XSS. This issue affects World Cup Predictor: from n/a through 1.9.6.
2025-02-04
7.1
CVE-2025-22794

laurent22–joplin
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin’s HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text Editor and the Markdown viewer. However, unlike the Rich Text Editor, the Markdown viewer is `cross-origin isolated`, which prevents JavaScript from directly accessing functions/variables in the toplevel Joplin `window`. This issue is not present in Joplin 3.1.24 and may have been introduced in `9b50539`. This is an XSS vulnerability that impacts users that open untrusted notes in the Rich Text Editor. This vulnerability has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-07
7.8
CVE-2025-24028

laurent22–joplin
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React’s `dangerouslySetInnerHTML`, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a restrictive `script-src`. This allows arbitrary JavaScript execution via inline `onclick`/`onload` event handlers in unsanitized HTML. Additionally, Joplin’s main window is created with `nodeIntegration` set to `true`, allowing arbitrary JavaScript execution to result in arbitrary code execution. Anyone who 1) receives notes from unknown sources and 2) uses ctrl</kbd>-<kbd>p</kbd> to search is impacted. This issue has been addressed in version 3.1.24 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2025-02-07 7.8 CVE-2025-25187

LukaszWiecek--Smart DoFollow
Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow allows Stored XSS. This issue affects Smart DoFollow: from n/a through 1.0.2.
2025-02-07
7.1
CVE-2025-25152

MagePeople Team--Taxi Booking Manager for WooCommerce
Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Object Injection. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.1.8.
2025-02-03
9.8
CVE-2025-24661

MantraBrain--Sikshya LMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Sikshya LMS allows Reflected XSS. This issue affects Sikshya LMS: from n/a through 0.0.21.
2025-02-03
7.1
CVE-2025-24630

manuelvicedo--Forge Front-End Page Builder
Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge - Front-End Page Builder allows Stored XSS. This issue affects Forge - Front-End Page Builder: from n/a through 1.4.6.
2025-02-03
7.1
CVE-2025-22703

Mark Barnes--Style Tweaker
Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11.
2025-02-07
7.1
CVE-2025-25160

Maxim Glazunov--XML for Avito
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxim Glazunov XML for Avito allows Reflected XSS. This issue affects XML for Avito: from n/a through 2.5.2.
2025-02-03
7.1
CVE-2025-24646

mediatek -- nr16
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.
2025-02-03
9.8
CVE-2025-20634

mediatek -- software_development_kit
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00400889; Issue ID: MSV-2491.
2025-02-03
8.8
CVE-2025-20633

mediatek -- software_development_kit
In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID: MSV-2380.
2025-02-03
7.5
CVE-2025-20637

MediaTek, Inc.--MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, MT7986
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187.
2025-02-03
7.8
CVE-2025-20631

MediaTek, Inc.--MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, MT7986
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397139; Issue ID: MSV-2188.
2025-02-03
7.8
CVE-2025-20632

Metatagg Inc--Custom WP Store Locator
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metatagg Inc Custom WP Store Locator allows Reflected XSS. This issue affects Custom WP Store Locator: from n/a through 1.4.7.
2025-02-03
7.1
CVE-2025-24676

MetricThemes--Munk Sites
Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7.
2025-02-07
9.6
CVE-2025-25101

Microsoft--Dynamics 365 Sales
Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.
2025-02-06
8.7
CVE-2025-21177

Microsoft--Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
2025-02-06
8.8
CVE-2025-21342

Microsoft--Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
2025-02-06
8.8
CVE-2025-21408

mozilla -- firefox
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
2025-02-04
9.8
CVE-2025-1009

mozilla -- firefox
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
2025-02-04
9.8
CVE-2025-1016

mozilla -- firefox
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
2025-02-04
9.8
CVE-2025-1017

mozilla -- firefox
Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135.
2025-02-04
9.8
CVE-2025-1020

mozilla -- firefox
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
2025-02-04
8.8
CVE-2025-1010

mozilla -- firefox
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
2025-02-04
8.8
CVE-2025-1011

mozilla -- firefox
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
2025-02-04
8.8
CVE-2025-1014

mozilla -- firefox
A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
2025-02-04
7.5
CVE-2025-1012

mraliende--URL-Preview-Box
Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box allows Cross Site Request Forgery. This issue affects URL-Preview-Box: from n/a through 1.20.
2025-02-07
7.1
CVE-2025-25104

n/a--cockpit-hq/cockpit
Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter.
2025-02-05
7.5
CVE-2025-1025

n/a--CoinRemitter
A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. This affects an unknown part. The manipulation of the argument coin leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.3 is able to address this issue. It is recommended to upgrade the affected component.
2025-02-08
7.3
CVE-2025-1117

n/a--n/a
SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field.
2025-02-05
9.8
CVE-2020-36084

n/a--n/a
Tiny File Manager v2.4.7 and below is vulnerable to session fixation.
2025-02-06
9.8
CVE-2022-40916

n/a--n/a
An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters.
2025-02-04
9.8
CVE-2024-48445

n/a--n/a
An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.
2025-02-07
9.8
CVE-2024-55215

n/a--n/a
The latest version of utils-extend (1.0.8) is vulnerable to Prototype Pollution through the entry function(s) lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence.
2025-02-05
9.1
CVE-2024-57077

n/a--n/a
Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.
2025-02-03
9.8
CVE-2024-57098

n/a--n/a
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.
2025-02-03
9.8
CVE-2024-57099

n/a--n/a
A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, malware injection, and session hijacking.
2025-02-06
9.3
CVE-2024-57428

n/a--n/a
An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.
2025-02-06
9.8
CVE-2024-57430

n/a--n/a
ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.
2025-02-03
9.8
CVE-2024-57450

n/a--n/a
Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function
2025-02-05
9.8
CVE-2024-57520

n/a--n/a
In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability.
2025-02-06
9.8
CVE-2024-57668

n/a--n/a
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.
2025-02-03
9.8
CVE-2025-22978

n/a--n/a
A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter, allowing attackers to execute arbitrary SQL commands under specific conditions.
2025-02-06
9.8
CVE-2025-22992

n/a--n/a
SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata.
2025-02-03
9.8
CVE-2025-25064

n/a--n/a
Incorrect access control in Geovision GV-ASWeb version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to manage and create new user accounts via supplying a crafted HTTP request.
2025-02-03
8.1
CVE-2024-56898

n/a--n/a
A Cross-Site Request Forgery (CSRF) in the Account Management component of Geovision GV-ASWeb version 6.1.1.0 or less allows attackers to arbitrarily create Admin accounts via a crafted GET request method.
2025-02-03
8.8
CVE-2024-56901

n/a--n/a
A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to execute arbitrary operations via supplying a crafted HTTP request.
2025-02-03
8.8
CVE-2024-56903

n/a--n/a
An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.
2025-02-07
8
CVE-2024-57357

n/a--n/a
An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users who are disconnected from a previous peer-to-peer connection with the device to still have access to live video feed.
2025-02-03
7.5
CVE-2024-34896

n/a--n/a
Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.
2025-02-03
7.5
CVE-2024-34897

n/a--n/a
Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication.
2025-02-06
7.5
CVE-2024-36558

n/a--n/a
In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration and PII to be stolen.
2025-02-06
7.5
CVE-2024-39033

n/a--n/a
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level access on the device. The vulnerability affects version 5.24.3 and before of the software.
2025-02-05
7.8
CVE-2024-48394

n/a--n/a
An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function.
2025-02-07
7.5
CVE-2024-55272

n/a--n/a
Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.
2025-02-06
7.5
CVE-2024-56889

n/a--n/a
An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response.
2025-02-03
7.5
CVE-2024-56921

n/a--n/a
A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57063

n/a--n/a
A prototype pollution in the lib.setValue function of @syncfusion/ej2-spreadsheet v27.2.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57064

n/a--n/a
A prototype pollution in the lib.createPath function of utile v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57065

n/a--n/a
A prototype pollution in the lib.deep function of @ndhoule/defaults v2.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57066

n/a--n/a
A prototype pollution in the lib.parse function of dot-qs v0.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57067

n/a--n/a
A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57068

n/a--n/a
A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57069

n/a--n/a
A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57071

n/a--n/a
A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57072

n/a--n/a
A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57074

n/a--n/a
A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57075

n/a--n/a
A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57076

n/a--n/a
A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57078

n/a--n/a
A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57079

n/a--n/a
A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57080

n/a--n/a
A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57081

n/a--n/a
A prototype pollution in the lib.createUploader function of @rpldy/uploader v1.8.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57082

n/a--n/a
A prototype pollution in the function lib.parse of dot-properties v1.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57084

n/a--n/a
A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57085

n/a--n/a
A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
2025-02-05
7.5
CVE-2024-57086

n/a--n/a
ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory.
2025-02-03
7.5
CVE-2024-57451

n/a--n/a
ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder.
2025-02-03
7.5
CVE-2024-57452

n/a--n/a
SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component.
2025-02-07
7.5
CVE-2024-57606

n/a--n/a
A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The Supplier's position is that the Sylius core software is not intended to address brute-force attacks; instead, customers deploying a Sylius-based system are supposed to use "firewalls, rate-limiting middleware, or authentication providers" for that functionality.
2025-02-06
7.5
CVE-2024-57610

n/a--n/a
Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file.
2025-02-03
7.5
CVE-2024-57669

n/a--n/a
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of '{', a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.
2025-02-05
7.5
CVE-2024-57699

n/a--n/a
Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information.
2025-02-03
7.5
CVE-2025-22918

n/a--spatie/browsershot
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content.
2025-02-05
8.2
CVE-2025-1022

n/a--spatie/browsershot
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **Note:** This is a bypass of the fix for [CVE-2024-21549](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023).
2025-02-05
8.6
CVE-2025-1026

Netgear--FVS336Gv3
The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands.
2025-02-04
7.2
CVE-2024-23690

NETGEAR--XR1000
NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.
2025-02-05
8.1
CVE-2025-25246

nextendweb--Nextend Social Login Pro
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
2025-02-07
9.8
CVE-2025-1061

Nik Sudan--WordPress Additional Logins
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nik Sudan WordPress Additional Logins allows Reflected XSS. This issue affects WordPress Additional Logins: from n/a through 1.0.0.
2025-02-03
7.1
CVE-2025-23614

Nirmal Kumar Ram--WP Social Stream
Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1.
2025-02-07
7.1
CVE-2025-25074

NotFound--Admin and Site Enhancements (ASE) Pro
Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.2.1.
2025-02-03
7.5
CVE-2024-43333

NotFound--AIO Shortcodes
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound AIO Shortcodes allows Stored XSS. This issue affects AIO Shortcodes: from n/a through 1.3.
2025-02-03
7.1
CVE-2025-24620

NotFound--EmailPress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound EmailPress allows Reflected XSS. This issue affects EmailPress: from n/a through 1.0.
2025-02-03
7.1
CVE-2025-23593

NotFound--eMarksheet
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound eMarksheet allows Reflected XSS. This issue affects eMarksheet: from n/a through 5.0.
2025-02-03
7.1
CVE-2025-23599

NotFound--Lockets
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Lockets allows Reflected XSS. This issue affects Lockets: from n/a through 0.999.
2025-02-03
7.1
CVE-2025-23923

NotFound--PAFacile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PAFacile allows Reflected XSS. This issue affects PAFacile: from n/a through 2.6.1.
2025-02-03
7.1
CVE-2025-23755

NotFound--RomanCart
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound RomanCart allows Reflected XSS. This issue affects RomanCart: from n/a through 0.0.2.
2025-02-03
7.1
CVE-2025-23685

NotFound--Traveler Code
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Traveler Code. This issue affects Traveler Code: from n/a through 3.1.0.
2025-02-04
9
CVE-2025-22699

NotFound--WP Cloud
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound WP Cloud allows Absolute Path Traversal. This issue affects WP Cloud: from n/a through 1.4.3.
2025-02-03
7.5
CVE-2025-23819

NotFound--WPJobBoard
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WPJobBoard allows Reflected XSS. This issue affects WPJobBoard: from n/a through 5.10.1.
2025-02-03
7.1
CVE-2025-24781

ntop--nDPI
nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c.
2025-02-03
8.1
CVE-2025-25066

nuxt-modules--mdc
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the `javascript:` protocol scheme in the URL. The parsing logic implement in `props.ts` maintains a deny-list approach to filtering potential malicious payload. It does so by matching protocol schemes like `javascript:` and others. These security guards can be bypassed by an adversarial that provides JavaScript URLs with HTML entities encoded via hex string. Users who consume this library and perform markdown parsing from unvalidated sources could result in rendering vulnerable XSS anchor links. This vulnerability has been addressed in version 0.13.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-06
9.3
CVE-2025-24981

Omnissa--Omnissa Horizon Client for MacOS
Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.
2025-02-04
7.8
CVE-2024-11467

Omnissa--Omnissa Horizon Client for MacOS
Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.
2025-02-04
7.8
CVE-2024-11468

OpenHarmony--OpenHarmony
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow.
2025-02-07
8.8
CVE-2025-0303

openPLC--OpenPLC
OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns.
2025-02-06
9.8
CVE-2025-1066

Optimize Worldwide--Find Content IDs
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Optimize Worldwide Find Content IDs allows Reflected XSS. This issue affects Find Content IDs: from n/a through 1.0.
2025-02-04
7.1
CVE-2025-23645

orlandolac--Facilita Form Tracker
Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker allows Stored XSS. This issue affects Facilita Form Tracker: from n/a through 1.0.
2025-02-07
7.1
CVE-2025-25128

Pepro Dev. Group--PeproDev WooCommerce Receipt Uploader
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev WooCommerce Receipt Uploader allows Reflected XSS. This issue affects PeproDev WooCommerce Receipt Uploader: from n/a through 2.6.9.
2025-02-03
7.1
CVE-2025-24574

Phillip.Gooch--Auto SEO
Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO allows Stored XSS. This issue affects Auto SEO: from n/a through 2.5.6.
2025-02-07
7.1
CVE-2025-25147

PhiloPress--BP Email Assign Templates
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PhiloPress BP Email Assign Templates allows Reflected XSS. This issue affects BP Email Assign Templates: from n/a through 1.5.
2025-02-03
7.1
CVE-2025-24631

PickPlugins--Job Board Manager
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager allows Reflected XSS. This issue affects Job Board Manager: from n/a through 2.1.60.
2025-02-03
7.1
CVE-2025-22679

plainware.com--PlainInventory
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plainware.com PlainInventory allows Reflected XSS. This issue affects PlainInventory: from n/a through 3.1.5.
2025-02-03
7.1
CVE-2025-24557

Progress--LoadMaster
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: â€¯Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) â€¯ From 7.2.49.0 to 7.2.54.12 (inclusive) â€¯ 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
2025-02-05
8.4
CVE-2024-56131

Progress--LoadMaster
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: â€¯Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) â€¯ From 7.2.49.0 to 7.2.54.12 (inclusive) â€¯ 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
2025-02-05
8.4
CVE-2024-56132

Progress--LoadMaster
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: â€¯Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) â€¯ From 7.2.49.0 to 7.2.54.12 (inclusive) â€¯ 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
2025-02-05
8.4
CVE-2024-56133

Progress--LoadMaster
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: â€¯Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) â€¯ From 7.2.49.0 to 7.2.54.12 (inclusive) â€¯ 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
2025-02-05
8.4
CVE-2024-56135

PX-lab--BoomBox Theme Extensions
The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
2025-02-03
8.8
CVE-2024-12859

qualcomm -- aqt1000_firmware
Memory corruption while configuring a Hypervisor based input virtual device.
2025-02-03
8.8
CVE-2024-38420

qualcomm -- aqt1000_firmware
Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer.
2025-02-03
7.8
CVE-2024-45560

qualcomm -- aqt1000_firmware
Memory corruption while handling IOCTL call from user-space to set latency level.
2025-02-03
7.8
CVE-2024-45561

qualcomm -- ar8035_firmware
Memory corruption while parsing the ML IE due to invalid frame content.
2025-02-03
9.8
CVE-2024-45569

qualcomm -- ar8035_firmware
Information disclosure while parsing the OCI IE with invalid length.
2025-02-03
8.2
CVE-2024-49838

qualcomm -- ar8035_firmware
Memory corruption during management frame processing due to mismatch in T2LM info element.
2025-02-03
8.2
CVE-2024-49839

qualcomm -- ar8035_firmware
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
2025-02-03
7.5
CVE-2024-38404

qualcomm -- ar8035_firmware
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
2025-02-03
7.8
CVE-2024-45571

qualcomm -- ar8035_firmware
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.
2025-02-03
7.8
CVE-2024-45584

qualcomm -- c-v2x_9150_firmware
Memory corruption while parsing the memory map info in IOCTL calls.
2025-02-03
7.8
CVE-2024-38418

qualcomm -- csra6620_firmware
Memory corruption while power-up or power-down sequence of the camera sensor.
2025-02-03
7.8
CVE-2024-49834

qualcomm -- fastconnect_6200_firmware
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.
2025-02-03
7.8
CVE-2024-49843

qualcomm -- fastconnect_6700_firmware
Memory corruption may occour while generating test pattern due to negative indexing of display ID.
2025-02-03
7.8
CVE-2024-45573

qualcomm -- fastconnect_6700_firmware
Memory corruption can occur in the camera when an invalid CID is used.
2025-02-03
7.8
CVE-2024-49833

qualcomm -- fastconnect_6900_firmware
Memory corruption while validating number of devices in Camera kernel .
2025-02-03
7.8
CVE-2024-45582

qualcomm -- fastconnect_6900_firmware
Memory corruption in Camera due to unusually high number of nodes passed to AXI port.
2025-02-03
7.8
CVE-2024-49832

qualcomm -- fastconnect_6900_firmware
Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
2025-02-03
7.8
CVE-2024-49840

qualcomm -- qam8255p_firmware
Memory corruption while reading CPU state data during guest VM suspend.
2025-02-03
7.8
CVE-2024-49837

Realtyna--Realtyna Provisioning
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Realtyna Realtyna Provisioning allows Reflected XSS. This issue affects Realtyna Provisioning: from n/a through 1.2.2.
2025-02-03
7.1
CVE-2025-24656

RedefiningTheWeb--PDF Generator Addon for Elementor Page Builder
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder allows Path Traversal. This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through 1.7.5.
2025-02-03
7.5
CVE-2025-24569

regularlabs.com--Sourcerer for Joomla
Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability.
2025-02-04
9.8
CVE-2025-22204

Rishi--On Page SEO + Whatsapp Chat Button
Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button allows Stored XSS. This issue affects On Page SEO + Whatsapp Chat Button: from n/a through 2.0.0.
2025-02-07
7.1
CVE-2025-25138

robert_kolatzek--WP doodlez
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robert_kolatzek WP doodlez allows Stored XSS. This issue affects WP doodlez: from n/a through 1.0.10.
2025-02-07
7.1
CVE-2025-25159

sainwp--OneStore Sites
Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1.
2025-02-07
9.6
CVE-2025-25107

Samsung Mobile--Samsung Mobile Devices
Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
2025-02-04
7
CVE-2025-20881

Samsung Mobile--Samsung Mobile Devices
Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
2025-02-04
7
CVE-2025-20882

Samsung Mobile--Samsung Mobile Devices
Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
2025-02-04
7
CVE-2025-20888

Samsung Mobile--Samsung Mobile Devices
Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
2025-02-04
7
CVE-2025-20890

Scriptonite--Simple User Profile
Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9.
2025-02-07
7.1
CVE-2025-25140

scweber--Custom Comment Notifications
Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications allows Stored XSS. This issue affects Custom Comment Notifications: from n/a through 1.0.8.
2025-02-07
7.1
CVE-2025-25154

SMCI--MBD-X12DPG-OA6
There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process
2025-02-04
7.2
CVE-2024-10237

SMCI--MBD-X12DPG-OA6
A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes.
2025-02-04
7.2
CVE-2024-10238

SMCI--MBD-X12DPG-OA6
A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.
2025-02-04
7.2
CVE-2024-10239

Soflyy--WP All Import Pro
The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
2025-02-07
7.2
CVE-2024-9664

sparkle-project--Sparkle
A security issue was found in Sparkle before version 2.64. An attacker can replace an existing signed update with another payload, bypassing Sparkle's (Ed)DSA signing checks.
2025-02-04
7.3
CVE-2025-0509

Stanko Metodiev--Quote Comments
Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments allows Stored XSS. This issue affects Quote Comments: from n/a through 2.2.1.
2025-02-07
7.1
CVE-2025-25156

StylemixThemes--uListing
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes uListing allows SQL Injection. This issue affects uListing: from n/a through 2.1.6.
2025-02-07
8.5
CVE-2025-25151

sudipto--Link to URL / Post
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sudipto Link to URL / Post allows Blind SQL Injection. This issue affects Link to URL / Post: from n/a through 1.3.
2025-02-07
7.6
CVE-2025-25116

Super Store Finder--Super Store Finder
The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the 'ssf_wp_user_name' parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into an already existing query to store cross-site scripting in store reviews.
2025-02-09
7.5
CVE-2024-13440

theasys--Theasys
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theasys Theasys allows Stored XSS. This issue affects Theasys: from n/a through 1.0.1.
2025-02-07
7.1
CVE-2025-25144

ThriveDesk--ThriveDesk
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThriveDesk ThriveDesk allows Reflected XSS. This issue affects ThriveDesk: from n/a through 2.0.6.
2025-02-03
7.1
CVE-2025-24536

thunderbax--WP Admin Custom Page
Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page allows Stored XSS. This issue affects WP Admin Custom Page: from n/a through 1.5.0.
2025-02-07
7.1
CVE-2025-25072

topplugins--Vignette Ads
Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2.
2025-02-07
7.1
CVE-2025-25071

Tribulant--Newsletters
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6.
2025-02-04
7.1
CVE-2025-24599

Unknown--JustRows free
The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
2025-02-04
7.1
CVE-2024-13330

Unknown--Legull
The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
2025-02-07
7.1
CVE-2024-13352

Unknown--Solidres
The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
2025-02-04
7.1
CVE-2024-13329

uzzal mondal--Google Map With Fancybox
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uzzal mondal Google Map With Fancybox allows Reflected XSS. This issue affects Google Map With Fancybox: from n/a through 2.1.0.
2025-02-03
7.1
CVE-2025-23594

Venugopal--Show notice or message on admin area
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0.
2025-02-07
7.1
CVE-2025-25075

Victor Barkalov--Custom Links On Admin Dashboard Toolbar
Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3.
2025-02-07
7.1
CVE-2025-25135

vikashsrivastava1111989--VSTEMPLATE Creator
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikashsrivastava1111989 VSTEMPLATE Creator allows Reflected XSS. This issue affects VSTEMPLATE Creator: from n/a through 2.0.2.
2025-02-03
7.1
CVE-2025-23491

villatheme--CURCY Multi Currency for WooCommerce The best free currency exchange plugin Run smoothly on WooCommerce 9.x
The The CURCY - Multi Currency for WooCommerce - The best free currency exchange plugin - Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
2025-02-06
7.3
CVE-2024-13487

vitest-dev--vitest
Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks. When `api` option is enabled (Vitest UI enables it), Vitest starts a WebSocket server. This WebSocket server did not check Origin header and did not have any authorization mechanism and was vulnerable to CSWSH attacks. This WebSocket server has `saveTestFile` API that can edit a test file and `rerun` API that can rerun the tests. An attacker can execute arbitrary code by injecting a code in a test file by the `saveTestFile` API and then running that file by calling the `rerun` API. This vulnerability can result in remote code execution for users that are using Vitest serve API. This issue has been patched in versions 1.6.1, 2.1.9 and 3.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-04
9.6
CVE-2025-24964

wazuh--wazuh
Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. The root cause is an improper ACL applied on the installation folder when a non-default installation path is specified (e.g,: C:\wazuh). Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUTHORITY\SYSTEM. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
7.8
CVE-2024-35177

WOW WordPress--WOW Best CSS Compiler
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WOW WordPress WOW Best CSS Compiler allows Reflected XSS. This issue affects WOW Best CSS Compiler: from n/a through 2.0.2.
2025-02-03
7.1
CVE-2025-23588

WP All Import--WP All Export Pro
The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentially leading to a complete site compromise. As a prerequisite, the custom export field should include fields containing user-supplied data.
2025-02-07
8.3
CVE-2024-7419

WP Travel--WP Travel
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel allows SQL Injection. This issue affects WP Travel: from n/a through 10.1.0.
2025-02-03
7.6
CVE-2025-22691

wp.insider--Simple Membership Custom Messages
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership Custom Messages allows Reflected XSS. This issue affects Simple Membership Custom Messages: from n/a through 2.4.
2025-02-03
7.1
CVE-2025-24660

WP24--WP24 Domain Check
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP24 WP24 Domain Check allows Reflected XSS. This issue affects WP24 Domain Check: from n/a through 1.10.14.
2025-02-04
7.1
CVE-2025-24602

wpase.com--Admin and Site Enhancements (ASE)
Incorrect Privilege Assignment vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.1.
2025-02-04
7.5
CVE-2025-24648

WPGear--Import Excel to Gravity Forms
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPGear Import Excel to Gravity Forms allows Reflected XSS. This issue affects Import Excel to Gravity Forms: from n/a through 1.18.
2025-02-03
7.1
CVE-2025-24629

WPSpins--Post/Page Copying Tool
Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. This issue affects Post/Page Copying Tool: from n/a through 2.0.3.
2025-02-04
9.9
CVE-2025-24677

www.admiror-design-studio.com--Admiror Gallery component for Joomla
Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.
2025-02-04
7.5
CVE-2025-22205

xdark--Easy Related Posts
Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts allows Stored XSS. This issue affects Easy Related Posts: from n/a through 2.0.2.
2025-02-07
7.1
CVE-2025-25123

Xerox--Versalink B400
With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.
2025-02-03
7.6
CVE-2024-12511

yogeshojha--rengine
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.
2025-02-04
8.8
CVE-2025-24968

Zach Swetz--Plugin A/B Image Optimizer
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3.
2025-02-07
7.5
CVE-2025-25163

zankover--Fami Sales Popup
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami Sales Popup allows PHP Local File Inclusion. This issue affects Fami Sales Popup: from n/a through 2.0.0.
2025-02-07
7.5
CVE-2025-25141

zephyrproject-rtos--Zephyr
No proper validation of the length of user input in http_server_get_content_type_from_extension.
2025-02-03
8.6
CVE-2024-10395

zmseo--ZMSEO
Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO allows Stored XSS. This issue affects ZMSEO: from n/a through 1.14.1.
2025-02-07
7.1
CVE-2025-25126

PrimaryVendor -- Product
Description
Published
CVSS Score
Source Info

2N--2N Access Commander
Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older.
2025-02-06
6
CVE-2024-47256

2N--2N OS
Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log.
2025-02-06
4.3
CVE-2024-13416

2N--2N OS
Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state.
2025-02-06
4.6
CVE-2024-13417

Abinav Thakuri--WordPress Signature
Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri WordPress Signature allows Cross Site Request Forgery. This issue affects WordPress Signature: from n/a through 0.1.
2025-02-03
5.4
CVE-2025-22704

Adobe--Adobe Experience Manager
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2025-02-05
5.4
CVE-2024-53962

Adobe--Adobe Experience Manager
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated link or input data into a vulnerable page.
2025-02-05
5.4
CVE-2024-53963

Advantive--VeraCore
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
2025-02-03
5.8
CVE-2025-25181

Alex Polonski--Smart Countdown FX
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Polonski Smart Countdown FX allows Stored XSS. This issue affects Smart Countdown FX: from n/a through 1.5.5.
2025-02-07
6.5
CVE-2025-25117

Amento Tech Pvt ltd--WPGuppy
Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0.
2025-02-03
6.5
CVE-2025-24643

Amitythemes.com--Breaking News Ticker
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amitythemes.com Breaking News Ticker allows Stored XSS. This issue affects Breaking News Ticker: from n/a through 2.4.4.
2025-02-07
6.5
CVE-2025-25094

Andrew Norcross--Google Earth Embed
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrew Norcross Google Earth Embed allows Stored XSS. This issue affects Google Earth Embed: from n/a through 1.0.
2025-02-07
6.5
CVE-2025-25078

Animati--PACS
A vulnerability, which was classified as problematic, was found in Animati PACS up to 1.24.12.09.03. This affects an unknown part of the file /login. The manipulation of the argument p leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-02-07
4.3
CVE-2025-1085

Apache Software Foundation--Apache Cassandra
In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations. This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10. This issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11. Operators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.
2025-02-04
5.3
CVE-2024-27137

Apache Software Foundation--Apache Cassandra
Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue.
2025-02-04
5.4
CVE-2025-24860

Apache Software Foundation--Apache Doris
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue.
2025-02-04
5.4
CVE-2024-48019

Apache Software Foundation--Apache James server
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue.
2025-02-06
6.5
CVE-2024-45626

AppHouseKitchen--AlDente Charge Limiter
A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component XPC Service. The manipulation leads to improper authorization. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.30 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional.
2025-02-06
5.3
CVE-2025-1078

Arm Ltd--Bifrost GPU Kernel Driver
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a non-privileged user process to make valid GPU memory processing operations, including via WebGL or WebGPU, to cause the whole system to become unresponsive.This issue affects Bifrost GPU Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0; Valhall GPU Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0; Arm 5th Gen GPU Architecture Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0.
2025-02-03
4
CVE-2024-6790

backdropcms--backdrop
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an administrator attempts to edit a piece of content. This vulnerability is mitigated by the fact that an attacker must have the ability to create long text content (such as through the node or comment forms) and an administrator must edit (not view) the content that contains the malicious content. This problem only exists when using the CKEditor 5 module.
2025-02-03
4.4
CVE-2025-25062

backdropcms--backdrop
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, it is possible to execute scripting in the browser when an SVG image is viewed. This issue is mitigated by the attacker needing to be able to upload SVG images, and that Backdrop embeds all uploaded SVG images within <img> tags, which prevents scripting from executing. The SVG must be viewed directly by its URL in order to run any embedded scripting.
2025-02-03
4.4
CVE-2025-25063

bnielsen--Indeed API
Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API allows Cross Site Request Forgery. This issue affects Indeed API: from n/a through 0.5.
2025-02-07
4.3
CVE-2025-25103

boldgrid--Post and Page Builder by BoldGrid Visual Drag and Drop Editor
The Post and Page Builder by BoldGrid - Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
2025-02-06
6.5
CVE-2025-0859

bPlugins--Alert Box Block Display notice/alerts in the front end
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Alert Box Block - Display notice/alerts in the front end allows Stored XSS. This issue affects Alert Box Block - Display notice/alerts in the front end: from n/a through 1.1.0.
2025-02-04
6.5
CVE-2025-22675

bplugins--B Slider- Gutenberg Slider Block for WP
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to.
2025-02-04
4.3
CVE-2024-13514

By Averta--Shortcodes and extra features for Phlox theme
Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2.
2025-02-03
4.3
CVE-2024-50500

Checkmk--NagVis
The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users.
2025-02-04
5.4
CVE-2024-13722

checkpoint--Multi-Domain Security Management, Quantum Security Management
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache.
2025-02-06
5.3
CVE-2024-24911

Cisco--Cisco Identity Services Engine Software
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.  This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.
2025-02-05
4.8
CVE-2025-20204

Cisco--Cisco Secure Email
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid administrator credentials. This vulnerability is due to insufficient validation of XML configuration files by an affected device. An attacker could exploit this vulnerability by uploading a crafted XML configuration file. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
2025-02-05
6.5
CVE-2025-20184

Cisco--Cisco Secure Email
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Operator.
2025-02-05
4.8
CVE-2025-20180

Cisco--Cisco Secure Email
A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating system. This vulnerability exists because the appliances do not protect confidential information at rest in response to SNMP poll requests. An attacker could exploit this vulnerability by sending a crafted SNMP poll request to the affected appliance. A successful exploit could allow the attacker to discover confidential information that should be restricted. To exploit this vulnerability, an attacker must have the configured SNMP credentials.
2025-02-05
4.3
CVE-2025-20207

Cisco--Cisco Secure Web Appliance
A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a malicious file onto an endpoint.  The vulnerability is due to improper handling of a crafted range request header. An attacker could exploit this vulnerability by sending an HTTP request with a crafted range request header through the affected device. A successful exploit could allow the attacker to evade the antivirus scanner and download malware onto the endpoint without detection by Cisco Secure Web Appliance.
2025-02-05
5.8
CVE-2025-20183

Cisco--Cisco TelePresence Video Communication Server (VCS) Expressway
A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
2025-02-05
6.1
CVE-2025-20179

coffeestudios--Pop Up
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in coffeestudios Pop Up allows Stored XSS. This issue affects Pop Up: from n/a through 0.1.
2025-02-07
5.9
CVE-2025-25105

CyberArk--Privileged Access Manager
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.
2025-02-03
4.2
CVE-2024-54840

CyberArk--Privileged Access Manager
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.
2025-02-03
4.2
CVE-2024-57967

CyberChimps--Responsive Blocks
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Reflected XSS. This issue affects Responsive Blocks: from n/a through 1.9.9.
2025-02-04
6.5
CVE-2025-22697

D-Link--DIR-823X
A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-02-07
6.5
CVE-2025-1103

daveshine--Builder Shortcode Extras WordPress Shortcodes Collection to Save You Time
The Builder Shortcode Extras - WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to.
2025-02-07
4.3
CVE-2024-13841

DeannaS--Embed RSS
Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1.
2025-02-07
4.2
CVE-2025-25081

Dell--Avamar
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user.
2025-02-05
6.6
CVE-2025-21117

Digital Zoom Studio--Demo User DZS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Zoom Studio Demo User DZS allows Stored XSS. This issue affects Demo User DZS: from n/a through 1.1.0.
2025-02-03
6.5
CVE-2025-23581

discourse--discourse
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP, disable inline Oneboxes globally, or allow specific domains for Oneboxing.
2025-02-04
6.5
CVE-2024-56328

discourse--discourse
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP.
2025-02-04
6.5
CVE-2025-22602

discourse--discourse
Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. This has been patched in the latest version of Discourse core. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled.
2025-02-04
4.3
CVE-2024-53266

discourse--discourse
Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This vulnerability is only exploitable by authenticated users. This issue has been patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade should turn off the `enable inline onebox on all domains` site setting and remove all entries from the `allowed inline onebox domains` site setting.
2025-02-04
4.3
CVE-2024-53851

discourse--discourse
Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings.
2025-02-04
4.3
CVE-2024-53994

dugbug--Easy Chart Builder for WordPress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n/a through 1.3.
2025-02-07
6.5
CVE-2025-25077

EmbedPress--Document Block Upload & Embed Docs
Missing Authorization vulnerability in EmbedPress Document Block - Upload & Embed Docs. This issue affects Document Block - Upload & Embed Docs: from n/a through 1.1.0.
2025-02-04
5.4
CVE-2025-22696

Enalean--tuleap
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
5.3
CVE-2025-24029

Enalean--tuleap
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
4.3
CVE-2025-22129

F5--BIG-IP Next Central Manager
When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
6.5
CVE-2025-24319

F5--BIG-IP Next Central Manager
When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
4.4
CVE-2025-23413

F5--NGINX Open Source
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
4.3
CVE-2025-23419

FameThemes--OnePress
Missing Authorization vulnerability in FameThemes OnePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OnePress: from n/a through 2.3.11.
2025-02-04
4.3
CVE-2025-22643

Felipe Peixoto--Powerful Auto Chat
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felipe Peixoto Powerful Auto Chat allows Stored XSS. This issue affects Powerful Auto Chat: from n/a through 1.9.8.
2025-02-03
6.5
CVE-2025-22292

Garrett Grimm--Simple Select All Text Box
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Select All Text Box allows Stored XSS. This issue affects Simple Select All Text Box: from n/a through 3.2.
2025-02-07
6.5
CVE-2025-25079

Get Bowtied--Product Blocks for WooCommerce
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Get Bowtied Product Blocks for WooCommerce allows Stored XSS. This issue affects Product Blocks for WooCommerce: from n/a through 1.9.1.
2025-02-04
6.5
CVE-2025-22674

GitLab--GitLab
A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation.
2025-02-05
6.5
CVE-2023-6386

GitLab--GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to unauthorised instance users.
2025-02-05
6.5
CVE-2024-3976

GitLab--GitLab
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer.
2025-02-07
6.5
CVE-2025-1072

GitLab--GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API.
2025-02-05
4.3
CVE-2024-1539

GitLab--GitLab
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot.
2025-02-05
4.4
CVE-2024-6356

google -- android
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.
2025-02-03
6.6
CVE-2024-20141

google -- android
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070.
2025-02-03
6.6
CVE-2024-20142

google -- android
In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431.
2025-02-03
6.7
CVE-2025-20636

google -- android
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.
2025-02-03
6.6
CVE-2025-20639

google -- android
In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066.
2025-02-03
4.3
CVE-2025-20638

google -- android
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.
2025-02-03
4.3
CVE-2025-20640

Google--Chrome
Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
2025-02-04
6.3
CVE-2025-0444

Google--Chrome
Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
2025-02-04
6.3
CVE-2025-0451

Google--Chrome
Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
2025-02-04
5.4
CVE-2025-0445

GREYS--Korea for WooCommerce
Insertion of Sensitive Information Into Sent Data vulnerability in GREYS Korea for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Korea for WooCommerce: from n/a through 1.1.11.
2025-02-03
6.5
CVE-2025-24639

GSheetConnector--CF7 Google Sheets Connector
Missing Authorization vulnerability in GSheetConnector CF7 Google Sheets Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Google Sheets Connector: from n/a through 5.0.17.
2025-02-03
5.3
CVE-2025-22686

gubbigubbi--Kona Gallery Block
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gubbigubbi Kona Gallery Block allows Stored XSS. This issue affects Kona Gallery Block: from n/a through 1.7.
2025-02-07
6.5
CVE-2025-25080

hasthemes -- ht_mega
The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_css' and 'inner_css' parameters in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-02-04
6.4
CVE-2024-12597

HCL Software--iAutomate
HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim's session ID from their authenticated session.
2025-02-05
5.5
CVE-2024-42207

Hemnath Mouli--WC Wallet
Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WC Wallet: from n/a through 2.2.0.
2025-02-03
6.5
CVE-2025-23527

Hewlett Packard Enterprise (HPE)--HPE Aruba Networking ClearPass Policy Manager
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.
2025-02-04
6.8
CVE-2025-23059

Hewlett Packard Enterprise (HPE)--HPE Aruba Networking ClearPass Policy Manager
A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.
2025-02-04
6.6
CVE-2025-23060

Hewlett Packard Enterprise (HPE)--HPE Aruba Networking ClearPass Policy Manager
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
2025-02-04
4.7
CVE-2025-25039

Holded--Holded
A Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable 'name' and 'icon' parameters of the Activities functionality.
2025-02-06
4.8
CVE-2025-1076

Huawei--HarmonyOS
Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
2025-02-06
6.2
CVE-2024-12602

Huawei--HarmonyOS
Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
2025-02-06
6.2
CVE-2024-57954

Huawei--HarmonyOS
Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
2025-02-06
6.1
CVE-2024-57955

Huawei--HarmonyOS
Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
2025-02-06
6.6
CVE-2024-57957

Huawei--HarmonyOS
Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
2025-02-06
6.1
CVE-2024-57959

Huawei--HarmonyOS
Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
2025-02-06
6.8
CVE-2024-57961

Huawei--HarmonyOS
Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability.
2025-02-06
6.1
CVE-2024-57962

Huawei--HarmonyOS
Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
2025-02-06
5.7
CVE-2024-57958

ibasit--GlobalQuran
Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran allows Cross Site Request Forgery. This issue affects GlobalQuran: from n/a through 1.0.
2025-02-07
4.3
CVE-2025-25143

IBM--ApplinX
IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2025-02-06
6.4
CVE-2024-49791

IBM--ApplinX
IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
2025-02-06
5.4
CVE-2024-49796

IBM--ApplinX
IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
2025-02-06
5.9
CVE-2024-49797

IBM--ApplinX
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
2025-02-06
4.3
CVE-2024-49794

IBM--ApplinX
IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
2025-02-06
4.3
CVE-2024-49798

IBM--ApplinX
IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user.
2025-02-06
4.3
CVE-2024-49800

IBM--Aspera Shares
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2025-02-05
6.4
CVE-2024-56472

IBM--Aspera Shares
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
2025-02-05
5.4
CVE-2024-56470

IBM--Aspera Shares
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers.
2025-02-05
5.3
CVE-2024-56473

IBM--Aspera Shares
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
2025-02-05
4.3
CVE-2024-38316

IBM--Aspera Shares
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2025-02-05
4.8
CVE-2024-38317

IBM--Aspera Shares
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
2025-02-05
4.8
CVE-2024-38318

IBM--Cloud Pak for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2025-02-05
6.4
CVE-2024-52365

IBM--Cloud Pak for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2025-02-05
5.4
CVE-2024-52364

IBM--Cloud Pak for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context.
2025-02-05
4.3
CVE-2024-49348

IBM--EntireX
IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation.
2025-02-06
5.5
CVE-2025-0158

IBM--IBM App Connect Enterprise
IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.
2025-02-06
6.5
CVE-2025-0799

IBM--Jazz for Service Management
IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2025-02-06
6.1
CVE-2024-52892

IBM--Security Verify Access Appliance
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
2025-02-04
6.5
CVE-2024-35138

IBM--Security Verify Access Appliance
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2025-02-04
6.1
CVE-2024-40700

IBM--Security Verify Access Appliance
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
2025-02-04
5.9
CVE-2024-43187

IBM--Security Verify Access Appliance
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
2025-02-04
5
CVE-2024-45657

IBM--Security Verify Access Appliance
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
2025-02-04
5.3
CVE-2024-45659

IBM--UrbanCode Deploy
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
2025-02-08
4.3
CVE-2024-54176

ietf -- generic_routing_encapsulation
GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.
2025-02-05
6.5
CVE-2024-7595

ietf -- generic_udp_encapsulation
Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.
2025-02-05
6.5
CVE-2024-7596

imithemes--Eventer - WordPress Event & Booking Manager Plugin
The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-02-03
6.4
CVE-2024-11132

imithemes--Eventer - WordPress Event & Booking Manager Plugin
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets.
2025-02-03
5.3
CVE-2024-11133

imithemes--Eventer - WordPress Event & Booking Manager Plugin
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to download bookings, which contains customers' personal data.
2025-02-03
4.3
CVE-2024-11134

iqonicdesign--SocialV - Social Network and Community BuddyPress Theme
The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download arbitrary files from the target system.
2025-02-04
6.5
CVE-2024-13529

joomsky.com--JS Jobs component for Joomla
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.
2025-02-04
4.7
CVE-2025-22206

jordan.hatch--Infusionsoft Analytics
Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0.
2025-02-07
5.4
CVE-2025-25145

Kaspersky--Kaspersky Anti-Virus SDK for Windows
Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products.
2025-02-06
5.3
CVE-2024-13614

KDE--ark
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
2025-02-03
5
CVE-2024-57966

Ksher--Ksher
Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ksher: from n/a through 1.1.2.
2025-02-04
6.5
CVE-2025-22730

kwiliarty--External Video For Everybody
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kwiliarty External Video For Everybody allows Stored XSS. This issue affects External Video For Everybody: from n/a through 2.1.1.
2025-02-07
6.5
CVE-2025-25097

Linux--Linux
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044interval_overlap_0 Expected: 0-2 . 0-3, got: W: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1 Insertion must ignore duplicate but expired entries. Moreover, there is a strange asymmetry in nft_pipapo_activate: It refetches the current element, whereas the other ->activate callbacks (bitmap, hash, rhash, rbtree) use elem->priv. Same for .remove: other set implementations take elem->priv, nft_pipapo_remove fetches elem->priv, then does a relookup, remove this. I suspect this was the reason for the change that prompted the removal of the expired check in pipapo_get() in the first place, but skipping exired elements there makes no sense to me, this helper is used for normal get requests, insertions (duplicate check) and deactivate callback. In first two cases expired elements must be skipped. For ->deactivate(), this gets called for DELSETELEM, so it seems to me that expired elements should be skipped as well, i.e. delete request should fail with -ENOENT error.
2025-02-05
6.2
CVE-2023-52925

linuxfoundation -- yocto
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434.
2025-02-03
6.6
CVE-2025-20635

matt_mcbrien--WP SimpleWeather
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matt_mcbrien WP SimpleWeather allows Stored XSS. This issue affects WP SimpleWeather: from n/a through 0.2.5.
2025-02-07
6.5
CVE-2025-25085

Max Chirkov--FlexIDX Home Search
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Chirkov FlexIDX Home Search allows Stored XSS. This issue affects FlexIDX Home Search: from n/a through 2.1.2.
2025-02-07
6.5
CVE-2025-25082

MaxD--Lightning Module
A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
2025-02-03
5
CVE-2025-0974

MediaTek, Inc.--MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6985, MT6989, MT6990, MT7902, MT7920, MT7921, MT7922, MT7925, MT7927, MT8195, MT8370, MT8390, MT8395, MT8518S, MT8532, MT8678
In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.
2025-02-03
5.3
CVE-2024-20147

Melodic Media--Slide Banners
Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3.
2025-02-07
4.3
CVE-2025-25120

Metagauss--Event Kikfyre
Missing Authorization vulnerability in Metagauss Event Kikfyre allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Kikfyre: from n/a through 2.1.8.
2025-02-07
5.4
CVE-2025-25110

Microsoft--Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
2025-02-06
6.5
CVE-2025-21279

Microsoft--Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
2025-02-06
6.5
CVE-2025-21283

Microsoft--Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based) Spoofing Vulnerability
2025-02-06
4.4
CVE-2025-21267

Microsoft--Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based) Spoofing Vulnerability
2025-02-06
4.3
CVE-2025-21404

Microsoft--Microsoft Edge for Android
Microsoft Edge for IOS and Android Spoofing Vulnerability
2025-02-06
5.3
CVE-2025-21253

Mindskip--xzs-mysql
A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql å¦ä¹‹æ€å¼€æºè€ƒè¯•ç³»ç»Ÿ 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.
2025-02-07
4.3
CVE-2025-1084

mlfactory--DSGVO All in one for WP
The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the user_remove_form.php file. This makes it possible for unauthenticated attackers to delete admin user accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2025-02-04
6.5
CVE-2024-13356

mozilla -- firefox
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
2025-02-04
5.3
CVE-2025-1018

mozilla -- firefox
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
2025-02-04
4.3
CVE-2025-1019

mozilla -- thunderbird
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.
2025-02-04
6.5
CVE-2025-0510

mozilla -- thunderbird
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the "Other" field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7.
2025-02-04
5.4
CVE-2025-1015

Mozilla--Firefox
A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
2025-02-04
6.5
CVE-2025-1013

n/a--CmsEasy
A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument select[] leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-02-03
5.4
CVE-2025-0973

n/a--CmsEasy
A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-02-07
5.4
CVE-2025-1106

n/a--n/a
The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component.
2025-02-03
6.5
CVE-2024-36437

n/a--n/a
Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page.
2025-02-03
6.1
CVE-2024-44449

n/a--n/a
itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.
2025-02-03
6.1
CVE-2024-50656

n/a--n/a
An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID field. If an administrator logs into the device, the injected script runs in their browser, executing the malicious payload.
2025-02-03
6.1
CVE-2024-53943

n/a--n/a
lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell
2025-02-03
6.5
CVE-2024-55456

n/a--n/a
An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to be able to request information about other accounts via a crafted HTTP request.
2025-02-03
6.5
CVE-2024-56902

n/a--n/a
PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim's browser. Attackers can craft malicious links to steal session cookies or conduct phishing attacks.
2025-02-06
6.1
CVE-2024-57427

n/a--n/a
SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.
2025-02-03
6.4
CVE-2024-57522

n/a--n/a
A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability.
2025-02-05
6.5
CVE-2024-57598

n/a--n/a
Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2025-02-03
5.9
CVE-2023-52163

n/a--n/a
access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2025-02-03
5.1
CVE-2023-52164

n/a--n/a
A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspecting victim's browser.
2025-02-05
5.4
CVE-2024-54853

n/a--n/a
Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads.
2025-02-03
5.3
CVE-2024-56946

n/a--n/a
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php.
2025-02-03
5.4
CVE-2024-57175

n/a--n/a
A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript payloads. When a victim accesses a crafted URL containing the malicious input, the script executes in the victim's browser context.
2025-02-07
5.4
CVE-2024-57278

n/a--n/a
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the LDAP User Manager <= ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input, allowing an attacker to inject malicious JavaScript.
2025-02-07
5.4
CVE-2024-57279

n/a--n/a
A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request.
2025-02-06
5.4
CVE-2024-57429

n/a--n/a
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.
2025-02-06
5.5
CVE-2024-57672

n/a--n/a
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module
2025-02-06
5.5
CVE-2024-57673

n/a--n/a
SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.
2025-02-03
5.3
CVE-2025-25065

n/a--n/a
Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file.
2025-02-06
4.8
CVE-2022-40490

n/a--n/a
ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.
2025-02-03
4.8
CVE-2024-57097

n/a--n/a
Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function.
2025-02-03
4.8
CVE-2024-57498

n/a--n/a
Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user.
2025-02-06
4.5
CVE-2024-57523

n/a--n/a
Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php
2025-02-06
4.8
CVE-2024-57599

n/a--SiberianCMS
A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-02-07
4.3
CVE-2025-1105

nicheaddons--Medical Addon for Elementor
The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of draft, pending, and private posts.
2025-02-04
4.3
CVE-2024-12046

nicholaswilson--Graceful Email Obfuscation
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicholaswilson Graceful Email Obfuscation allows Stored XSS. This issue affects Graceful Email Obfuscation: from n/a through 0.2.2.
2025-02-07
6.5
CVE-2025-25076

NirWp Team--Nirweb support
Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support. This issue affects Nirweb support: from n/a through 3.0.3.
2025-02-03
4.3
CVE-2025-22695

Nitesh Singh--Awesome Timeline
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nitesh Singh Awesome Timeline allows Stored XSS. This issue affects Awesome Timeline: from n/a through 1.0.1.
2025-02-03
6.5
CVE-2025-23747

NotFound--MLL Audio Player MP3 Ajax
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MLL Audio Player MP3 Ajax allows Stored XSS. This issue affects MLL Audio Player MP3 Ajax: from n/a through 0.7.
2025-02-03
6.5
CVE-2025-23561

NotFound--Traveler Layout Essential For Elementor
Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8.
2025-02-03
5.4
CVE-2025-22701

OpenHarmony--OpenHarmony
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow.
2025-02-07
5.5
CVE-2025-0302

paulswarthout--Child Themes Helper
Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child Themes Helper allows Path Traversal. This issue affects Child Themes Helper: from n/a through 2.2.7.
2025-02-07
6.1
CVE-2025-25093

Pixelite--Meta Tag Manager
Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1.
2025-02-03
4.3
CVE-2025-22260

Prem Tiwari--FM Notification Bar
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prem Tiwari FM Notification Bar allows Stored XSS. This issue affects FM Notification Bar: from n/a through 1.0.2.
2025-02-04
5.9
CVE-2025-22641

PuppetPu--Puppet Agent
Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release.
2025-02-07
6.6
CVE-2021-27017

qodeinteractive -- qi_addons_for_elementor
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cursor' parameter in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in versions 1.8.5, 1.8.6, and 1.8.7.
2025-02-04
6.4
CVE-2024-13699

qualcomm -- ar8035_firmware
Information disclosure during audio playback.
2025-02-03
6.1
CVE-2024-38416

qualcomm -- ar8035_firmware
Information disclosure while processing IO control commands.
2025-02-03
6.1
CVE-2024-38417

qualcomm -- fastconnect_6900_firmware
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.
2025-02-03
6.6
CVE-2024-38411

qualcomm -- fastconnect_6900_firmware
Information disclosure while processing information on firmware image during core initialization.
2025-02-03
6.1
CVE-2024-38414

qualcomm -- fastconnect_7800_firmware
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.
2025-02-03
6.6
CVE-2024-38412

qualcomm -- fastconnect_7800_firmware
Memory corruption while processing frame packets.
2025-02-03
6.6
CVE-2024-38413

rabilal--JS Help Desk The Ultimate Help Desk & Support Plugin
The JS Help Desk - The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user.
2025-02-04
4.3
CVE-2024-13607

ramon-fincken--Simple add pages or posts
The Simple add pages or posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
2025-02-08
5.5
CVE-2024-13850

realmag777--WOLF
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal. This issue affects WOLF: from n/a through 1.0.8.5.
2025-02-03
4.9
CVE-2025-24605

Realwebcare--Image Gallery Responsive Photo Gallery
Missing Authorization vulnerability in Realwebcare Image Gallery - Responsive Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Gallery - Responsive Photo Gallery: from n/a through 1.0.5.
2025-02-03
6.5
CVE-2025-24697

reverbnationdev--ReverbNation Widgets
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reverbnationdev ReverbNation Widgets allows Stored XSS. This issue affects ReverbNation Widgets: from n/a through 2.1.
2025-02-07
6.5
CVE-2025-25095

RTO GmbH--Dynamic Conditions
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RTO GmbH Dynamic Conditions allows Stored XSS. This issue affects Dynamic Conditions: from n/a through 1.7.4.
2025-02-04
6.5
CVE-2025-22642

Safetytest--Cloud-Master Server
A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-02-07
5.3
CVE-2025-1086

saleandro--Songkick Concerts and Festivals
Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals allows Cross Site Request Forgery. This issue affects Songkick Concerts and Festivals: from n/a through 0.9.7.
2025-02-07
4.3
CVE-2025-25146

Samsung Mobile--Blockchain Keystore
Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.
2025-02-04
6.3
CVE-2025-20900

Samsung Mobile--Blockchain Keystore
Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory.
2025-02-04
4.4
CVE-2025-20901

Samsung Mobile--EasySetup
Use of implicit intent for sensitive communication in EasySetup prior to version 11.1.18 allows local attackers to access sensitive information.
2025-02-04
4
CVE-2025-20896

Samsung Mobile--Media Controller
Improper access control in Media Controller prior to version 1.0.24.5282 allows local attacker to launch activities in MediaController's privilege.
2025-02-04
5.1
CVE-2025-20902

Samsung Mobile--PushNotification
Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information.
2025-02-04
4
CVE-2025-20899

Samsung Mobile--Samsung Email
Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.
2025-02-04
4.6
CVE-2025-20894

Samsung Mobile--Samsung Members
Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles.
2025-02-04
4.6
CVE-2025-20898

Samsung Mobile--Samsung Mobile Devices
Out-of-bounds write in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.
2025-02-04
6.4
CVE-2025-20885

Samsung Mobile--Samsung Mobile Devices
Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.
2025-02-04
6.3
CVE-2025-20904

Samsung Mobile--Samsung Mobile Devices
Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.
2025-02-04
6.3
CVE-2025-20905

Samsung Mobile--Samsung Mobile Devices
Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.
2025-02-04
6
CVE-2025-20907

Samsung Mobile--Samsung Mobile Devices
Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
2025-02-04
5.3
CVE-2025-20887

Samsung Mobile--Samsung Mobile Devices
Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
2025-02-04
5.3
CVE-2025-20889

Samsung Mobile--Samsung Mobile Devices
Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
2025-02-04
5.3
CVE-2025-20891

Samsung Mobile--Samsung Mobile Devices
Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.
2025-02-04
5.9
CVE-2025-20892

Samsung Mobile--Samsung Mobile Devices
Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.
2025-02-04
5.1
CVE-2025-20893

Samsung Mobile--Samsung Mobile Devices
Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB.
2025-02-04
5.5
CVE-2025-20906

Samsung Mobile--Samsung Mobile Devices
Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
2025-02-04
4.6
CVE-2025-20883

Samsung Mobile--Samsung Mobile Devices
Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
2025-02-04
4.6
CVE-2025-20884

Samsung Mobile--Samsung Mobile Devices
Inclusion of sensitive information in test code in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
2025-02-04
4.1
CVE-2025-20886

Samsung Mobile--Secure Folder
Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder.
2025-02-04
6.8
CVE-2025-20897

scriptsbundle--DWT - Directory & Listing WordPress Theme
The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-02-08
6.4
CVE-2025-0169

SendPulse--SendPulse Email Marketing Newsletter
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS. This issue affects SendPulse Email Marketing Newsletter: from n/a through 2.1.5.
2025-02-04
6.5
CVE-2025-22662

shopsite--ShopSite
The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2025-02-04
6.1
CVE-2024-13510

shujahat21--Optimate Ads
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shujahat21 Optimate Ads allows Stored XSS. This issue affects Optimate Ads: from n/a through 1.0.3.
2025-02-07
6.5
CVE-2025-25136

smub--WPForms Easy Form Builder for WordPress Contact Forms, Payment Forms, Surveys, & More
The WPForms - Easy Form Builder for WordPress - Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fieldHTML' parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-02-04
6.4
CVE-2024-13403

Soflyy--WP All Import Pro
The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported content (posts, comments, users, etc.) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
2025-02-07
4.3
CVE-2024-9661

sonalsinha21--SKT Blocks Gutenberg based Page Builder
The SKT Blocks - Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks/post-carousel block in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-02-04
6.4
CVE-2024-13733

Survey Maker team--Survey Maker
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS. This issue affects Survey Maker: from n/a through 5.1.3.5.
2025-02-04
5.9
CVE-2025-22664

taisan--tarzan-cms
A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-02-07
6.3
CVE-2025-1113

templaza--Music Press Pro
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in templaza Music Press Pro allows Stored XSS. This issue affects Music Press Pro: from n/a through 1.4.6.
2025-02-04
6.5
CVE-2025-22653

theDotstore--Hide Shipping Method For WooCommerce
Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0.
2025-02-03
4.3
CVE-2025-22694

theme funda--Setup Default Featured Image
Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2.
2025-02-03
6.5
CVE-2025-24642

titusbicknell--RSS in Page
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titusbicknell RSS in Page allows Stored XSS. This issue affects RSS in Page: from n/a through 2.9.1.
2025-02-07
6.5
CVE-2025-25096

tripetto--WordPress form builder plugin for contact forms, surveys and quizzes Tripetto
The WordPress form builder plugin for contact forms, surveys and quizzes - Tripetto plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.0.8 via the 'attachments.php' file. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via forms.
2025-02-05
5.3
CVE-2024-13829

UIUX Lab--Uix Shortcodes
Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3.
2025-02-03
4.8
CVE-2025-22677

Unknown--Banner Garden Plugin for WordPress
The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.
2025-02-04
6.1
CVE-2025-0368

Unknown--Essential WP Real Estate
The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
2025-02-03
6.8
CVE-2024-13347

Unknown--Giga Messenger
The Giga Messenger WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
2025-02-04
6.1
CVE-2024-13328

Unknown--Glossy
The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
2025-02-04
6.1
CVE-2024-13325

Unknown--Guten Free Options
The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
2025-02-07
6.1
CVE-2024-13492

Unknown--iBuildApp
The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
2025-02-04
6.1
CVE-2024-13326

Unknown--LikeBot
The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
2025-02-06
6.1
CVE-2025-0522

Unknown--Musicbox
The Musicbox WordPress plugin through 2.0.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
2025-02-04
6.1
CVE-2024-13327

Unknown--Sensei LMS
The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.
2025-02-04
5.3
CVE-2025-0466

Unknown--TransFinanz
The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
2025-02-04
6.1
CVE-2024-13332

Unknown--WP Dream Carousel
The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
2025-02-04
6.1
CVE-2024-13331

Unknown--WP Projects Portfolio with Client Testimonials
The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
2025-02-04
6.1
CVE-2024-13114

Unknown--WP Projects Portfolio with Client Testimonials
The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
2025-02-04
6.1
CVE-2024-13115

Vasilis Triantafyllou--Easy WP Tiles
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vasilis Triantafyllou Easy WP Tiles allows Stored XSS. This issue affects Easy WP Tiles: from n/a through 1.
2025-02-07
5.9
CVE-2025-25073

vitest-dev--vitest
Vitest is a testing framework powered by Vite. The `__screenshot-error` handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by `browser.api.host: true`, an attacker can send a request to that handler from remote to get the content of arbitrary files.This `__screenshot-error` handler on the browser mode HTTP server responds any file on the file system. This code was added by commit `2d62051`. Users explicitly exposing the browser mode server to the network by `browser.api.host: true` may get any files exposed. This issue has been addressed in versions 2.1.9 and 3.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-04
5.9
CVE-2025-24963

wazuh--wazuh
Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
4.6
CVE-2024-47770

Webkul--QloApps
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. They are aware about it and are working on resolving it.
2025-02-06
4.3
CVE-2025-1074

Welch Allyn--ELI 380 Resting Electrocardiograph
A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: Versions 2.2.0 and prior.
2025-02-07
6.4
CVE-2022-26388

Western Telematic Inc--Network Power Switch (NPS Series)
Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local file inclusion attack (LFI), where any authenticated user has privileged access to files on the device's filesystem.
2025-02-04
6.5
CVE-2025-0630

WP All Import--WP All Export Pro
The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
2025-02-07
6.8
CVE-2024-7425

WP Spell Check--WP Spell Check
Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross Site Request Forgery. This issue affects WP Spell Check: from n/a through 9.21.
2025-02-07
5.4
CVE-2025-25111

WPDeveloper--NotificationX
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper NotificationX allows Stored XSS. This issue affects NotificationX: from n/a through 2.9.5.
2025-02-03
6.5
CVE-2025-22683

Xerox--Versalink B400
If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.
2025-02-03
6.7
CVE-2024-12510

Xfinity Soft--Content Cloner
Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1.
2025-02-03
4.3
CVE-2025-22681

Zack Katz--Links in Captions
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Links in Captions allows Stored XSS. This issue affects Links in Captions: from n/a through 1.2.
2025-02-07
6.5
CVE-2025-25098

zackdesign--NextGen Cooliris Gallery
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zackdesign NextGen Cooliris Gallery allows Stored XSS. This issue affects NextGen Cooliris Gallery: from n/a through 0.7.
2025-02-07
6.5
CVE-2025-25091

PrimaryVendor -- Product
Description
Published
CVSS Score
Source Info

Bharti Airtel--Xstream Fiber
A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.
2025-02-06
3.1
CVE-2025-1081

Cisco--Cisco Secure Email
A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.
2025-02-05
3.4
CVE-2025-20185

curl--curl
When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
2025-02-05
3.4
CVE-2025-0167

dell -- data_domain_operating_system
Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.
2025-02-04
3.7
CVE-2025-22475

Dell--Update Manager Plugin
Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
2025-02-07
2.6
CVE-2025-22402

discourse--discourse
Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-04
3.1
CVE-2025-22601

discourse--discourse
Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. Users are advised to upgrade. Users unable to upgrade should remove all groups from the the "PM tags allowed for groups" option.
2025-02-04
2.2
CVE-2024-56197

F5--BIG-IP
An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN client for Windows, macOS and Linux. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2025-02-05
3.1
CVE-2025-23415

GitLab--GitLab
An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages.
2025-02-05
3.5
CVE-2024-5528

google -- android
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.
2025-02-03
3.9
CVE-2025-20643

Huawei--HarmonyOS
Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability.
2025-02-06
2.8
CVE-2024-57956

IBM--EntireX
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
2025-02-06
3.3
CVE-2024-56467

laurent22--joplin
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `document` property (e.g. `querySelector`), that property is replaced with the element. This vulnerability's only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has been addressed in version 3.2.8 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-07
3.3
CVE-2024-55630

ManageEngine--Endpoint Central
ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.
2025-02-05
3.5
CVE-2024-9097

Mindskip--xzs-mysql
A vulnerability classified as problematic has been found in Mindskip xzs-mysql å¦ä¹‹æ€å¼€æºè€ƒè¯•ç³»ç»Ÿ 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-02-06
3.5
CVE-2025-1082

Mindskip--xzs-mysql
A vulnerability classified as problematic was found in Mindskip xzs-mysql å¦ä¹‹æ€å¼€æºè€ƒè¯•ç³»ç»Ÿ 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-02-06
3.1
CVE-2025-1083

n/a--newbee-mall
A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
2025-02-07
3.5
CVE-2025-1114

n/a--RT-Thread
A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_thread_create of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument arg[0] leads to information disclosure. An attack has to be approached locally.
2025-02-08
3.3
CVE-2025-1115

Samsung Mobile--Galaxy Store
Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.
2025-02-04
3.2
CVE-2025-20895

vllm-project--vllm
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-07
2.6
CVE-2025-25183

Zenvia--Movidesk
A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component.
2025-02-03
3.5
CVE-2025-0971

Zenvia--Movidesk
A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component.
2025-02-03
3.5
CVE-2025-0972

Zoom Communications, Inc--Zoom Jenkins Marketplace plugin
Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access.
2025-02-03
2.6
CVE-2025-0148

PrimaryVendor -- Product
Description
Published
CVSS Score
Source Info

adamghill--django-unicorn
Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality `set_property_value`, which can be remotely triggered by users by crafting appropriate component requests and feeding in values of second and third parameter to the vulnerable function, leading to arbitrary changes to the python runtime status. With this finding at least five ways of vulnerability exploitation have been observed, stably resulting in Cross-Site Scripting (XSS), Denial of Service (DoS), and Authentication Bypass attacks in almost every Django-Unicorn-based application. This issue has been addressed in version 0.62.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
not yet calculated
CVE-2025-24370

Apache Software Foundation--Apache Kvrocks
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained with SSRF. It is similiar to CVE-2016-10517 in Redis. This issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0. Users are recommended to upgrade to version 2.11.1, which fixes the issue.
2025-02-07
not yet calculated
CVE-2025-25069

cometbft--cometbft
CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send their `base` and `latest` heights when they connect to a new node (`A`), which is syncing to the tip of a network. `base` acts as a lower ground and informs `A` that the peer only has blocks starting from height `base`. `latest` height informs `A` about the latest block in a network. Normally, nodes would only report increasing heights. If `B` fails to provide the latest block, `B` is removed and the `latest` height (target height) is recalculated based on other nodes `latest` heights. The existing code however doesn't check for the case where `B` first reports `latest` height `X` and immediately after height `Y`, where `X > Y`. `A` will be trying to catch up to 2000 indefinitely. This condition requires the introduction of malicious code in the full node first reporting some non-existing `latest` height, then reporting lower `latest` height and nodes which are syncing using `blocksync` protocol. This issue has been patched in versions 1.0.1 and 0.38.17 and all users are advised to upgrade. Operators may attempt to ban malicious peers from the network as a workaround.
2025-02-03
not yet calculated
CVE-2025-24371

DumbWareio--DumbDrop
DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely when the **Apprise Notification** enabled. This issue has been addressed in commit `4ff8469d` and all users are advised to patch. There are no known workarounds for this vulnerability.
2025-02-04
not yet calculated
CVE-2025-24971

Flexera--RISC Platform
An error related to the 2-factor authorization (2FA) on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn't been completed.
2025-02-07
not yet calculated
CVE-2021-41527

Flexera--RISC Platform
An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to access the import / export functionality with low privileges.
2025-02-07
not yet calculated
CVE-2021-41528

gaul--s3proxy
org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been addressed in version 2.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
not yet calculated
CVE-2025-24961

Go standard library--crypto/internal/nistec
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
2025-02-06
not yet calculated
CVE-2025-22866

goauthentik--authentik
Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. This action could only be performed by an authenticated admin user. The issue was fixed in 2024.10.4 release.
2025-02-04
not yet calculated
CVE-2024-11623

Google Cloud--Application Integration
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.
2025-02-06
not yet calculated
CVE-2025-0982

google--zx
zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through `dotenv.stringify` are particularly vulnerable. This issue has been patched in version 8.3.2. Users should immediately upgrade to this version to mitigate the vulnerability. If upgrading is not feasible, users can mitigate the vulnerability by sanitizing user-controlled environment variable values before passing them to `dotenv.stringify`. Specifically, avoid using `"`, `'`, and backticks in values, or enforce strict validation of environment variables before usage.
2025-02-03
not yet calculated
CVE-2025-24959

HP Inc.--Certain HP LaserJet Pro Printers
Certain HP LaserJet Pro printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer via IPP (Internet Printing Protocol).
2025-02-06
not yet calculated
CVE-2025-1004

HP, Inc.--HP Anyware Linux Agent
A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.
2025-02-04
not yet calculated
CVE-2025-1003

HP, Inc.--Poly Edge E
A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in Poly Edge E devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure.
2025-02-05
not yet calculated
CVE-2025-0858

Humming Heads Inc.--Defense Platform Home Edition
Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be executed with SYSTEM privilege.
2025-02-06
not yet calculated
CVE-2025-20094

Humming Heads Inc.--Defense Platform Home Edition
Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained.
2025-02-06
not yet calculated
CVE-2025-22890

Humming Heads Inc.--Defense Platform Home Edition
Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a result, an arbitrary DLL may be executed with SYSTEM privilege.
2025-02-06
not yet calculated
CVE-2025-22894

Humming Heads Inc.--Defense Platform Home Edition
Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained.
2025-02-06
not yet calculated
CVE-2025-23236

Humming Heads Inc.--Defense Platform Home Edition
NULL pointer dereference vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system where the product is running, the system may cause a Blue Screen of Death (BSOD), and as a result, cause a denial-of-service (DoS) condition.
2025-02-06
not yet calculated
CVE-2025-24483

Humming Heads Inc.--Defense Platform Home Edition
Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system where the product is running, the system may cause a Blue Screen of Death (BSOD), and as a result, cause a denial-of-service (DoS) condition.
2025-02-06
not yet calculated
CVE-2025-24845

IBL Software Engineering--Visual Weather
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled. A remote unauthenticated attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account-contrary to the documented installation best practices. Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).
2025-02-07
not yet calculated
CVE-2025-1077

LabRedesCefetRJ--WeGIA
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
not yet calculated
CVE-2025-24901

LabRedesCefetRJ--WeGIA
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
not yet calculated
CVE-2025-24902

LabRedesCefetRJ--WeGIA
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
not yet calculated
CVE-2025-24905

LabRedesCefetRJ--WeGIA
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
not yet calculated
CVE-2025-24906

LabRedesCefetRJ--WeGIA
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
not yet calculated
CVE-2025-24957

LabRedesCefetRJ--WeGIA
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_tag.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
not yet calculated
CVE-2025-24958

Linux--Linux
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map ("1.2.3.4 : jump foo") 2. timeouts are enabled In this case, following sequence is problematic: 1. element E in set S refers to chain C 2. userspace requests removal of set S 3. kernel does a set walk to decrement chain->use count for all elements from preparation phase 4. kernel does another set walk to remove elements from the commit phase (or another walk to do a chain->use increment for all elements from abort phase) If E has already expired in 1), it will be ignored during list walk, so its use count won't have been changed. Then, when set is culled, ->destroy callback will zap the element via nf_tables_set_elem_destroy(), but this function is only safe for elements that have been deactivated earlier from the preparation phase: lack of earlier deactivate removes the element but leaks the chain use count, which results in a WARN splat when the chain gets removed later, plus a leak of the nft_chain structure. Update pipapo_get() not to skip expired elements, otherwise flush command reports bogus ENOENT errors.
2025-02-05
not yet calculated
CVE-2023-52924

Linux--Linux
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_affinity() irq_get_desc_lock() raw_spin_lock_irqsave() <--- Disable interrupts its_irq_set_vcpu_affinity() guard(raw_spinlock_irq) <--- Enables interrupts when leaving the guard() irq_put_desc_unlock() <--- Warns because interrupts are enabled This was broken in commit b97e8a2f7130, which replaced the original raw_spin_[un]lock() pair with guard(raw_spinlock_irq). Fix the issue by using guard(raw_spinlock). [ tglx: Massaged change log ]
2025-02-09
not yet calculated
CVE-2024-57949

Linux--Linux
In the Linux kernel, the following vulnerability has been resolved: gpio: xilinx: Convert gpio_lock to raw spinlock irq_chip functions may be called in raw spinlock context. Therefore, we must also use a raw spinlock for our own internal locking. This fixes the following lockdep splat: [ 5.349336] ============================= [ 5.353349] [ BUG: Invalid wait context ] [ 5.357361] 6.13.0-rc5+ #69 Tainted: G W [ 5.363031] ----------------------------- [ 5.367045] kworker/u17:1/44 is trying to lock: [ 5.371587] ffffff88018b02c0 (&chip->gpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8)) [ 5.380079] other info that might help us debug this: [ 5.385138] context-{5:5} [ 5.387762] 5 locks held by kworker/u17:1/44: [ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204) [ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205) [ 5.411528] #2: ffffff880172c900 (&dev->mutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006) [ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596) [ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614) [ 5.436472] stack backtrace: [ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69 [ 5.448690] Tainted: [W]=WARN [ 5.451656] Hardware name: xlnx,zynqmp (DT) [ 5.455845] Workqueue: events_unbound deferred_probe_work_func [ 5.461699] Call trace: [ 5.464147] show_stack+0x18/0x24 C [ 5.467821] dump_stack_lvl (lib/dump_stack.c:123) [ 5.471501] dump_stack (lib/dump_stack.c:130) [ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176) [ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814) [ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8)) [ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345) [ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250) [ 5.497645] irq_startup (kernel/irq/chip.c:270) [ 5.501143] __setup_irq (kernel/irq/manage.c:1807) [ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)
2025-02-09
not yet calculated
CVE-2025-21684

Linux--Linux
In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open() before setting the client ops via serdev_device_set_client_ops(). This ordering can trigger a NULL pointer dereference in the serdev controller's receive_buf handler, as it assumes serdev->ops is valid when SERPORT_ACTIVE is set. This is similar to the issue fixed in commit 5e700b384ec1 ("platform/chrome: cros_ec_uart: properly fix race condition") where devm_serdev_device_open() was called before fully initializing the device. Fix the race by ensuring client ops are set before enabling the port via devm_serdev_device_open(). Note, serdev_device_set_baudrate() and serdev_device_set_flow_control() calls should be after the devm_serdev_device_open() call.
2025-02-09
not yet calculated
CVE-2025-21685

mitmproxy--mitmproxy
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server (bound to `*:8080` by default) to access mitmweb's internal API (bound to `127.0.0.1:8081` by default). In other words, while the cannot access the API directly, they can access the API through the proxy. An attacker may be able to escalate this SSRF-style access to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. This vulnerability has been fixed in mitmproxy 11.1.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-06
not yet calculated
CVE-2025-23217

MobSF--Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A-Z, a-z, and 0-9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `<key>CFBundleIdentifier</key>` value. The `dynamic_analysis.html` file does not sanitize the received bundle value from Corellium and as a result, it is possible to break the HTML context and achieve Stored XSS. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-05
not yet calculated
CVE-2025-24803

MobSF--Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A-Z, a-z, and 0-9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `<key>CFBundleIdentifier</key>` value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-05
not yet calculated
CVE-2025-24804

MobSF--Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-05
not yet calculated
CVE-2025-24805

n/a--n/a
Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply For This Job Form.
2025-02-06
not yet calculated
CVE-2020-36085

n/a--n/a
The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors.
2025-02-06
not yet calculated
CVE-2024-25883

n/a--n/a
NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. This vulnerability allows attackers to cause a Denial of Service (DoS) or potentially arbitrary code execution via a crafted POST request.
2025-02-07
not yet calculated
CVE-2024-35106

n/a--n/a
Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h is vulnerable to MITM attack.
2025-02-06
not yet calculated
CVE-2024-36553

n/a--n/a
Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the device which returns sensitive information.
2025-02-06
not yet calculated
CVE-2024-36554

n/a--n/a
Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allows malicious users to change the device IMEI-number which allows for forging the identity of the device.
2025-02-06
not yet calculated
CVE-2024-36555

n/a--n/a
Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b have a Hardcoded password vulnerability.
2025-02-06
not yet calculated
CVE-2024-36556

n/a--n/a
The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b. If a malicious user changes the IMEI to the IMEI of a unit they registered in the mobile app, it is possible to hijack the device and control it from the app.
2025-02-06
not yet calculated
CVE-2024-36557

n/a--n/a
Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.
2025-02-07
not yet calculated
CVE-2024-48091

n/a--n/a
Cross Site Scripting vulnerability in Gilnei Moraes phpABook v.0.9 allows a remote attacker to execute arbitrary code via the rol parameter in index.php
2025-02-06
not yet calculated
CVE-2024-48589

n/a--n/a
An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file.
2025-02-07
not yet calculated
CVE-2024-52881

n/a--n/a
An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions.
2025-02-07
not yet calculated
CVE-2024-52882

n/a--n/a
An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication.
2025-02-07
not yet calculated
CVE-2024-52883

n/a--n/a
An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.
2025-02-07
not yet calculated
CVE-2024-52884

n/a--n/a
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory.
2025-02-06
not yet calculated
CVE-2024-53586

n/a--n/a
An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device (with root-level permissions) via crafted input.
2025-02-03
not yet calculated
CVE-2024-53942

n/a--n/a
A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download.
2025-02-06
not yet calculated
CVE-2024-54909

n/a--n/a
Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.
2025-02-07
not yet calculated
CVE-2024-55213

n/a--n/a
Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality.
2025-02-07
not yet calculated
CVE-2024-55214

n/a--n/a
An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component.
2025-02-06
not yet calculated
CVE-2024-55241

n/a--n/a
Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.
2025-02-03
not yet calculated
CVE-2024-57004

n/a--n/a
Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the browser to execute injected JavaScript code.
2025-02-03
not yet calculated
CVE-2024-57237

n/a--n/a
Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter.
2025-02-03
not yet calculated
CVE-2024-57238

n/a--n/a
Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files.
2025-02-07
not yet calculated
CVE-2024-57248

n/a--n/a
Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials.
2025-02-07
not yet calculated
CVE-2024-57249

n/a--n/a
Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.
2025-02-06
not yet calculated
CVE-2024-57392

n/a--n/a
NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads dependencies. This vulnerability arises due to the improper validation of dynamically loaded libraries.
2025-02-06
not yet calculated
CVE-2024-57426

n/a--n/a
An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive information and execute arbitrary code via the redirect_path parameter of the login redirection function.
2025-02-06
not yet calculated
CVE-2024-57609

n/a--n/a
An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.
2025-02-07
not yet calculated
CVE-2024-57707

n/a--n/a
cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.
2025-02-04
not yet calculated
CVE-2025-0825

n/a--n/a
An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password generation algorithm in WiFi routers.
2025-02-06
not yet calculated
CVE-2025-22936

n/a--n/a
The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges.
2025-02-06
not yet calculated
CVE-2025-23093

n/a--n/a
The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the same privilege level as the web access process.
2025-02-06
not yet calculated
CVE-2025-23094

nodejs--node
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
2025-02-07
not yet calculated
CVE-2025-23085

OpenText--Content Management (Extended ECM)
Improper Validation of Specified Type of Input vulnerability in OpenTextâ„¢ Content Management (Extended ECM) allows Parameter Injection. A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. This issue affects Content Management (Extended ECM): from 10.0 through 24.4 with WebReports module installed and enabled.
2025-02-04
not yet calculated
CVE-2024-8125

Parallels--Desktop
Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Technical Data Reporter component. By creating a symbolic link, an attacker can abuse the service to change the permissions of arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-25014.
2025-02-05
not yet calculated
CVE-2025-0413

PHPOffice--PhpSpreadsheet
phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1.8, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
not yet calculated
CVE-2025-23210

pimcore--admin-ui-classic-bundle
pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-07
not yet calculated
CVE-2025-24980

sfackler--rust-openssl
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's lifetime is shorter than the `client` buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate`openssl` version 0.10.70 fixes the signature of `ssl::select_next_proto` to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of `ssl::select_next_proto` in the callback passed to `SslContextBuilder::set_alpn_select_callback`, code is only affected if the `server` buffer is constructed *within* the callback.
2025-02-03
not yet calculated
CVE-2025-24898

SWIT--Activity Log WinterLock
Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted.
2025-02-04
not yet calculated
CVE-2025-24982

Trimble--Cityworks
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server.
2025-02-06
not yet calculated
CVE-2025-0994

Veeam--Backup for AWS
A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.
2025-02-05
not yet calculated
CVE-2025-23114

wpovernight--woocommerce-pdf-invoices-packing-slips
woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document link and 2. Replace the URL variable `my-account` with `bulk`. The issue occurs when: 1. The store's document access is set to "guest." and 2. The user is logged out. This vulnerability compromises the confidentiality of sensitive documents, affecting all stores using the plugin with the guest access option enabled. This issue has been addressed in version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-04
not yet calculated
CVE-2025-24373

yogeshojha--rengine
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2025-02-03
not yet calculated
CVE-2025-24899

yogeshojha--rengine
reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user input and monitor the project for a new release.
2025-02-03
not yet calculated
CVE-2025-24962

yogeshojha--rengine
reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the application, where the Target Organization and Target Description fields accept HTML payloads. The injected HTML is rendered and executed in the target area, potentially leading to malicious actions. Exploitation of HTML Injection can compromise the application's integrity and user trust. Attackers can execute unauthorized actions, steal sensitive information, or trick users into performing harmful actions. The organization's reputation, customer trust, and regulatory compliance could be negatively affected. This issue affects all versions up to and including 2.2.0. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.
2025-02-04
not yet calculated
CVE-2025-24966

yogeshojha--rengine
reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This vulnerability allows unauthorized script execution whenever the admin views or interacts with the affected user entry, posing a significant risk to sensitive admin functionalities. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.
2025-02-04
not yet calculated
CVE-2025-24967

AI Summary and Description: Yes

Summary: The text primarily discusses security vulnerabilities associated with various software and hardware products, detailing their significance, CVSS scores, and potential impacts. This information is essential for professionals in security, compliance, and risk management.

Detailed Description:
The provided content lists numerous vulnerabilities affecting a wide range of software products, including web applications, plugins, and cloud services. Each entry outlines specific vulnerabilities, their severity as indicated by CVSS scores, the context in which they occur, and recommended remediation measures. The significance of such vulnerabilities lies in their potential to lead to unauthorized access, data breaches, and operational interruptions. Below are key takeaways and insights derived from the text:

* **General Observations:**
- Many vulnerabilities relate to Cross-Site Scripting (XSS), SQL Injection, and Path Traversal, which are common threats in web applications.
- Several entries cite severe vulnerabilities (CVSS scores above 7), indicating high risk and the potential for significant impact if exploited.

* **Noteworthy Vulnerabilities:**
- **CVE-2025-23799**: Reflected XSS vulnerability in the .TUBE Video Curator, with a CVSS score of 7.1, showcasing potential exploitation via crafted input during web page generation.
- **CVE-2024-51547**: Use of hard-coded credentials in ABB ASPECT-Enterprise, with a CVSS score of 9.8, signifies a critical security risk where attackers can gain unauthorized access using fixed internal credentials.
- **CVE-2025-20124**: A vulnerability in Cisco Identity Services Engine Software allowing command execution as root, rated 9.9. This could lead to severe exploitation of the device's functionalities.
- **CVE-2025-24968**: The reNgine framework exposes sensitive information to users with minimum privileges, exemplifying insider threats and the importance of rigorous access control measures.

* **Mitigation Strategies:**
- Patching disclosed vulnerabilities as soon as vendor updates are available is critical.
- Conducting regular security audits and employing threat modeling to identify potential vulnerabilities before they are exploited.
- Implementing least privilege principles to minimize the risk of insider attacks and unauthorized data access.

In conclusion, this information highlights the importance of diligent monitoring of software and service vulnerabilities for security professionals and emphasizes proactive management of risk and compliance in software deployment and use.

-5647 .NET 01 1 2 2024 24 2FA 3 3d 4 5 5 Pro 7 a A4 abuse access access control Access Control Mechanisms access controls access privileges access token account account compromise Act actions administrative access administrative credentials administrator privileges administrators Adobe adversarial after age verification agent AGI AI alerts Alexa algorithm AMD analysis analytics and Android anti antivirus Apache Apache Cassandra API API keys Apple Application applications arbitrary code execution Arch architectural architecture Argo Aria ARM art Aruba as assessment async attack attackers attacks audio audit Audits authentication Authentication Bypass authentication bypass vulnerability Authentication Process authentication token authentication tokens authenticity authenticity verification authorization authorization bypass authors Auto automated reconnaissance automation AutomationDirect availability AWS backend backup based based buffer overflow Behavior bert Best best practices BGP Bitcoin blockchain Bluetooth board brain breach breaches browser Buffer Overflow Bug bugs business by bypass C C2 caching campaigns Cassandra catalog cell certificate certificates chain chat Chatbot checking chip chips chipset chipsets Chrome Chrome extension Chromium CIA CISA Cisco class CleaR client closed Cloud cloud service cloud services cloud storage cloud-based cluster code code execution code generation code inclusion code injection coding Col collaboration command command execution command injection Command Injection Vulnerability commerce communication community compiler complexity compliance compression confidential information confidentiality Configuration configuration settings configurations connectivity connectivity issues constant container content content management Context control control mechanism control plane controlled environment controls cookies core CORS crawler creation credential credentials critical cross cross-site scripting cross-site scripting (XSS) Crypto cryptographic css Curl Current Cursor Customer customer trust CVE CVSS cyber D dashboard data data access Data Authenticity data breach Data breaches data center data control data management data vulnerability database database management databases datacenter dataset DDoS de decryption default settings defense DeFi Dell Delta Delta Electronics demo denial Denial of Service dependencies deployment deserialization deserialization vulnerability design Desktop detection developer developers development DevOps digital directive directory traversal disclosure Django DNS document documentation domain domain management domain takeover domains DoS DoT Double downloader driven dual dynamics 365 e e-learning edge Edge Devices editing effective efficient email encoder encoding encryption end endpoint endpoint security endpoints engineering enterprise Enterprise Server Entra enumeration environment environment variables Epyc ERP error error handling errors EU event Excel execution exp experience exploit Exploitation export eXtended extensions External F5 face fact fail fast fault feature features fees filtering fine firefox firewall firewalls firmware firmware update first for framework free frequency full functionality future g Gateway GDPR Gen generated generation geo GIS git GitHub GitLab Go Google Google Chrome Google Cloud GPU Grace grade grading graph Group gs hardware hashing headers heap heap-based buffer overflow Hewlett Packard Enterprise high high-throughput Highlight hijacking hosted hosting HPE HR http HTTPS Huawei Hyper hypervisor IaC IAM IBM ICO identity Identity Services Engine identity verification image image authentication image files image verification implementation in Inclusion indexing Inference information information disclosure information leak information technology injection Injection vulnerability input validation insider attacks Insider Threat insider threats insights installation institutions integration integrity inter interaction intern internal network internet internet security interpret interpreter inux IoC iOS IRS isolation ite J jack Java JavaScript JavaScript code job json Juniper Networks Just k Kaspersky kernel Key keys Kia knowledge Kubernetes l Labor land language large latency law learning least least privilege least privilege principle led Lee Lenovo level access libraries library life limitations limiting Link Linux Linux Kernel Lite llm llms lm local privilege escalation log data logging logic logistics logs long loop low mac machine MacOS maintainers making malicious actions malicious code malicious JavaScript malvertising malware malware analysis man-in-the-middle attack management Management System manipulation markdown market marketing marketplace mass Matrix matt max media MediaTek memory memory allocation memory consumption memory corruption memory leak memory safety messaging Messenger Meta metadata Micro microcode Microsoft Microsoft Edge middleware Mila mini Mir mission Mitel mitigation mitigation strategies ML mlx Mobile Mobile App mobile devices mobile security model model management modeling models Modern ModI Monitor monitoring mozilla multi multi-tenant my MySQL nation native Netgear network network access network behavior network management network resources Networking networks neutral news next nicholas NIST no Node Node.js non notebook notes notifications NPU NSA NTP o o1 OAuth obfuscation oE of off Omnissa on onboarding one open open-source operating system operation Operator OPM opt optimizer Orb organization ory out over parameter parsing passphrase password management passwords Patch patching path traversal path traversal vulnerability pdf peer-to-peer permissions personal data phi phishing phishing attack Phishing Attacks phishing campaign phishing campaigns physical access Pipeline Pixel platform play plugin plugins point policy polling portfolio porting post potential Power pre premises preparation prevention Preview price principles printer privacy private key privilege access privilege escalation privilege management privileged access Privileged Access Manager proactive problem process processing product products professionals programming programming language Progress projects prompt prompts protocol protocols provisioning proxy public Py Python Qualcomm quantum question QUIC R R1 R2 race condition rack rag ransom ransomware rate rate limiting Ray RCE RDP react reading real real estate recovery red Redis regulatory regulatory compliance release releases remediation Remote Access remote attackers Remote Code Execution remote execution rendering replication report reporting reputation Requirements resource resource usage resource utilization resources response responsible restore return right RISC Risk risk management RMF Ro Rock ROI Role Root Root Privileges RoT routers routing RSA rsync RTOS Rust Rust programming language s s Position S3 SaaS Sable safe safety sales Samsung sandbox sandbox escape SAP satellite screenshot SD search sec secure security security assessment security audit security audits security framework security management security professionals security risk Security Vulnerabilities security vulnerability Segment segmentation self sensitive data sensitive files sensitive information sequence server server configuration Server-Side Request Forgery servers service service account Service Management services session hijacking session resumption settings severity SHA sharding short side Sig signature verification signatures Sim Simple single site request forgery site scripting SMB Snap Snyk SoC social software software deployment software developers software development software engineer software engineering software update solving source source Platform Spark spoofing sql SQL Server sqlite SSE SSH SSL stack Stack Overflow start startup state storage SuperMicro supply SVG syscall system system compromise system security system takeover T Tails tampering Task tasks tech technical support techniques technology templates test Testing testing framework text the third Threads threat threat model Threat Modeling threats throughput Time timeouts TLS to token tokens tolerant tool tools Tor TP Tplink traffic Traffic Management transport security trie Trimble Trimble Cityworks trojan trust TSA two Uber UI UK unauthenticated unauthorized access up update update process updates upgrade ups US usage use user User Access user control user credentials user information user inputs user interaction user management user preferences user queries user trust Users uth utilization utils V V2X V3 v6 val Validation value function Vault Veeam vendor vendor updates verification verification process version video virtualization visibility Vision voice VPN vulnerabilities vulnerability Vulnerability Exploitation web web applications web browser web browsing web interface web server WebAssembly webgpu website websocket Well WhatsApp Wi widgets Wind Windows Windows system WordPress workload workloads workqueue x XML XR XSS Zen zero Zimbra Zoom