US-CERT Vulnerability Summary for the Week of February 3, 2025
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
---|---|---|---|---|
.TUBE gTLD–.TUBE Video Curator | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in .TUBE gTLD .TUBE Video Curator allows Reflected XSS. This issue affects .TUBE Video Curator: from n/a through 1.1.9. | 2025-02-03 | 7.1 | CVE-2025-23799 |
2N–2N Access Commander | 2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. | 2025-02-06 | 8.1 | CVE-2024-47258 |
ABB–ASPECT-Enterprise | Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | 2025-02-06 | 9.8 | CVE-2024-51547 |
Advantive–VeraCore | Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this. | 2025-02-03 | 9.9 | CVE-2024-57968 |
Alexandros Georgiou–Bitcoin and Altcoin Wallets | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alexandros Georgiou Bitcoin and Altcoin Wallets allows Reflected XSS. This issue affects Bitcoin and Altcoin Wallets: from n/a through 6.3.1. | 2025-02-03 | 7.1 | CVE-2025-24544 |
AMD–AMD EPYC 7001 Series | Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP. | 2025-02-03 | 7.2 | CVE-2024-56161 |
Apache Software Foundation–Apache Cassandra | Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue. | 2025-02-04 | 8.8 | CVE-2025-23015 |
Apache Software Foundation–Apache James server | Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals. | 2025-02-06 | 8.6 | CVE-2024-37358 |
Apache Software Foundation–Apache ShardingSphere ElasticJob-UI | The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack. | 2025-02-06 | 8.5 | CVE-2022-31764 |
ApplicantPro–ApplicantPro | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ApplicantPro ApplicantPro allows Reflected XSS. This issue affects ApplicantPro: from n/a through 1.3.9. | 2025-02-03 | 7.1 | CVE-2025-23920 |
Arm Ltd–Valhall GPU Kernel Driver | Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0. | 2025-02-03 | 7.8 | CVE-2025-0015 |
Ashlar-Vellum–Cobalt | In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2025-02-04 | 7.8 | CVE-2023-39943 |
Ashlar-Vellum–Cobalt | In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2025-02-04 | 7.8 | CVE-2023-40222 |
AutomationDirect–C-more EA9 HMI EA9-T6CL | AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device. | 2025-02-04 | 9.8 | CVE-2025-0960 |
BannerSky.com–BSK Forms Validation | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BannerSky.com BSK Forms Validation allows Reflected XSS. This issue affects BSK Forms Validation: from n/a through 1.7. | 2025-02-03 | 7.1 | CVE-2025-24545 |
Baxter/ Hillrom–ELI 380 Resting Electrocardiograph | An improper access control vulnerability may allow privilege escalation.This issue affects: * ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; * ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; * ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior; * ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: Versions 2.2.0 and prior. | 2025-02-07 | 7.7 | CVE-2022-26389 |
BigAntSoft–BigAnt Server | BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the “Cloud Storage Addin,” leading to unauthenticated code execution. | 2025-02-04 | 9.8 | CVE-2025-0364 |
blackandwhitedigital–BookPress For Book Authors | Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BookPress – For Book Authors: from n/a through 1.2.7. | 2025-02-07 | 8.2 | CVE-2025-25167 |
blackandwhitedigital–BookPress For Book Authors | Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7. | 2025-02-07 | 7.1 | CVE-2025-25168 |
blackus3r–WP Keyword Monitor | Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor allows Stored XSS. This issue affects WP Keyword Monitor: from n/a through 1.0.5. | 2025-02-07 | 7.1 | CVE-2025-25088 |
Blu Logistics Pte. Ltd.–blu Logistics | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blu Logistics Pte. Ltd. blu Logistics allows Reflected XSS. This issue affects blu Logistics: from n/a through 1.0.0. | 2025-02-03 | 7.1 | CVE-2025-23591 |
Brainvireinfo–Dynamic URL SEO | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brainvireinfo Dynamic URL SEO allows Reflected XSS. This issue affects Dynamic URL SEO: from n/a through 1.0. | 2025-02-03 | 7.1 | CVE-2025-23984 |
brandtoss–WP Mailster | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.15.0. | 2025-02-03 | 7.1 | CVE-2025-24559 |
brandtoss–WP Mailster | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0. | 2025-02-04 | 7.1 | CVE-2025-24598 |
Burtay Arat–Dezdy | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Burtay Arat Dezdy allows Reflected XSS. This issue affects Dezdy: from n/a through 1.0. | 2025-02-03 | 7.1 | CVE-2025-23590 |
Checkmk–NagVis | The “NagVis” component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. | 2025-02-04 | 7.2 | CVE-2024-13723 |
CheGevara–Tags to Keywords | Cross-Site Request Forgery (CSRF) vulnerability in CheGevara Tags to Keywords allows Stored XSS. This issue affects Tags to Keywords: from n/a through 1.0.1. | 2025-02-03 | 7.1 | CVE-2025-22685 |
Chimpstudio–WP Directorybox Manager | The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the ‘wp_dp_enquiry_agent_contact_form_submit_callback’ function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | 2025-02-08 | 9.8 | CVE-2025-0316 |
Cisco–Cisco Identity Services Engine Software | A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time. | 2025-02-05 | 9.9 | CVE-2025-20124 |
Cisco–Cisco Identity Services Engine Software | A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time. | 2025-02-05 | 9.1 | CVE-2025-20125 |
Cisco–IOS | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. | 2025-02-05 | 7.7 | CVE-2025-20169 |
Cisco–IOS | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. | 2025-02-05 | 7.7 | CVE-2025-20170 |
Cisco–IOS | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. | 2025-02-05 | 7.7 | CVE-2025-20171 |
Cisco–IOS | A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. | 2025-02-05 | 7.7 | CVE-2025-20172 |
Cisco–IOS | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. | 2025-02-05 | 7.7 | CVE-2025-20173 |
Cisco–IOS | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. | 2025-02-05 | 7.7 | CVE-2025-20174 |
Cisco–IOS | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. | 2025-02-05 | 7.7 | CVE-2025-20175 |
Cisco–IOS | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. | 2025-02-05 | 7.7 | CVE-2025-20176 |
ckan–ckan | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could lead to escalation of privileges of the original submitter or other malicious actions. Users must have been registered to the site to exploit this vulnerability. This vulnerability has been fixed in CKAN 2.10.7 and 2.11.2. Users are advised to upgrade. On versions prior to CKAN 2.10.7 and 2.11.2, site maintainers can restrict the file types supported for uploading using the `ckan.upload.user.mimetypes` / `ckan.upload.user.types` and `ckan.upload.group.mimetypes` / `ckan.upload.group.types` config options. To entirely disable file uploads users can use: `ckan.upload.user.types = none` | 2025-02-05 | 7.3 | CVE-2025-24372 |
ClearML–ClearML | A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability. | 2025-02-06 | 9 | CVE-2024-39272 |
ClearML–ClearML | An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability. | 2025-02-06 | 7.7 | CVE-2024-43779 |
clidey–whodb | WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on. Affected versions of WhoDB allow users to connect to Sqlite3 databases. By default, the databases must be present in `/db/` (or alternatively `./tmp/` if development mode is enabled). If no databases are present in the default directory, the UI indicates that the user is unable to open any databases. The database file is an user-controlled value. This value is used in `.Join()` with the default directory, in order to get the full path of the database file to open. No checks are performed whether the database file that is eventually opened actually resides in the default directory `/db`. This allows an attacker to use path traversal (`../../`) in order to open any Sqlite3 database present on the system. This issue has been addressed in version 0.45.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-06 | 10 | CVE-2025-24786 |
clidey–whodb | WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build database connection URIs which are then passed to corresponding libraries responsible for setting up the database connections. This string concatenation is done unsafely and without escaping or encoding the user input. This allows an user, in many cases, to inject arbitrary parameters into the URI string. These parameters can be potentially dangerous depending on the libraries used. One of these dangerous parameters is `allowAllFiles` in the library `github.com/go-sql-driver/mysql`. Should this be set to `true`, the library enables running the `LOAD DATA LOCAL INFILE` query on any file on the host machine (in this case, the machine that WhoDB is running on). By injecting `&allowAllFiles=true` into the connection URI and connecting to any MySQL server (such as an attacker-controlled one), the attacker is able to read local files. This issue has been addressed in version 0.45.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-06 | 8.6 | CVE-2025-24787 |
Contest Gallery–Contest Gallery | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Contest Gallery Contest Gallery allows SQL Injection. This issue affects Contest Gallery: from n/a through 25.1.0. | 2025-02-03 | 7.6 | CVE-2025-22693 |
curl–curl | libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve. | 2025-02-05 | 9.8 | CVE-2025-0665 |
curl–curl | When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. | 2025-02-05 | 7.3 | CVE-2025-0725 |
CyferShepard–Jellystat | Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the route(s). This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admin(s), there is very little scope for abuse. However, the `DELETE` `files/:filename` can be used to delete any file. This issue has been addressed in version 1.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | 8.7 | CVE-2025-24960 |
Cynob IT Consultancy–WP Custom Post RSS Feed | Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed allows Stored XSS. This issue affects WP Custom Post RSS Feed: from n/a through 1.0.0. | 2025-02-07 | 7.1 | CVE-2025-25139 |
CyrilG–Fyrebox Quizzes | Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 2.7. | 2025-02-07 | 7.1 | CVE-2025-25125 |
D-Link–DHP-W310AV | A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-02-07 | 7.3 | CVE-2025-1104 |
Danillo Nunes–Login-box | Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box allows Stored XSS. This issue affects Login-box: from n/a through 2.0.4. | 2025-02-07 | 7.1 | CVE-2025-25149 |
Delta Electronics–CNCSoft-G2 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | 2025-02-07 | 7.8 | CVE-2025-22880 |
DigiTimber–DigiTimber cPanel Integration | Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration allows Stored XSS. This issue affects DigiTimber cPanel Integration: from n/a through 1.4.6. | 2025-02-03 | 7.1 | CVE-2025-22690 |
discourse–discourse | Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value. | 2025-02-04 | 8.2 | CVE-2024-55948 |
discourse–discourse | Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade may disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value. | 2025-02-04 | 8.2 | CVE-2025-23023 |
djjmz–Simple Auto Tag | Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag allows Stored XSS. This issue affects Simple Auto Tag: from n/a through 1.1. | 2025-02-07 | 7.1 | CVE-2025-25153 |
drakkan–sftpgo | SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends. Due to missing sanitization of the client provided `rsync` command, an authenticated remote user can use some options of the rsync command to read or write files with the permissions of the SFTPGo server process. This issue was fixed in version v2.6.5 by checking the client provided arguments. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-07 | 7.5 | CVE-2025-24366 |
Dreamvention–Live AJAX Search Free | A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue is the function searchresults/search of the file /?route=extension/live_search/module/live_search.searchresults. The manipulation of the argument keyword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-02-08 | 7.3 | CVE-2025-1116 |
DualCube–MooWoodle | Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle allows Retrieve Embedded Sensitive Data. This issue affects MooWoodle: from n/a through 3.2.4. | 2025-02-03 | 7.5 | CVE-2025-24556 |
Ederson Peka–Media Downloader | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ederson Peka Media Downloader allows Reflected XSS. This issue affects Media Downloader: from n/a through 0.4.7.5. | 2025-02-03 | 7.1 | CVE-2025-24684 |
Ederson Peka–Unlimited Page Sidebars | Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars allows Stored XSS. This issue affects Unlimited Page Sidebars: from n/a through 0.2.6. | 2025-02-03 | 7.1 | CVE-2025-22688 |
efreja–Music Sheet Viewer | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in efreja Music Sheet Viewer allows Path Traversal. This issue affects Music Sheet Viewer: from n/a through 4.1. | 2025-02-07 | 7.5 | CVE-2025-25155 |
Elber–Signum DVB-S/S2 IRD | Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user’s password within the system. This grants them unauthorized administrative access to protected areas of the application, compromising the device’s system security. | 2025-02-07 | 9.8 | CVE-2025-0674 |
Elber–Signum DVB-S/S2 IRD | Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure. | 2025-02-07 | 7.5 | CVE-2025-0675 |
ElbowRobo–Read More Copy Link | Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link allows Stored XSS. This issue affects Read More Copy Link: from n/a through 1.0.2. | 2025-02-07 | 7.1 | CVE-2025-25148 |
Emili Castells–DK White Label | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Emili Castells DK White Label allows Reflected XSS. This issue affects DK White Label: from n/a through 1.0. | 2025-02-03 | 7.1 | CVE-2025-24541 |
F5–BIG-IP | Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 8.8 | CVE-2025-20029 |
F5–BIG-IP | When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 8.7 | CVE-2025-23239 |
F5–BIG-IP | A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix for CVE-2024-31156 https://my.f5.com/manage/s/article/K000138636 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 8 | CVE-2025-24320 |
F5–BIG-IP | When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 7.5 | CVE-2025-20045 |
F5–BIG-IP | When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2025-02-05 | 7.5 | CVE-2025-20058 |
F5–BIG-IP | When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2025-02-05 | 7.5 | CVE-2025-21087 |
F5–BIG-IP | When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2025-02-05 | 7.5 | CVE-2025-21091 |
F5–BIG-IP | When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 7.5 | CVE-2025-22846 |
F5–BIG-IP | When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 7.5 | CVE-2025-22891 |
F5–BIG-IP | When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 7.5 | CVE-2025-23412 |
F5–BIG-IP | When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 7.5 | CVE-2025-24312 |
F5–BIG-IP | When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 7.5 | CVE-2025-24326 |
F5–BIG-IP | When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 7.5 | CVE-2025-24497 |
FancyWP–Starter Templates by FancyWP | Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0. | 2025-02-07 | 9.6 | CVE-2025-25106 |
Fatcat Apps–Landing Page Cat | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fatcat Apps Landing Page Cat allows Reflected XSS. This issue affects Landing Page Cat: from n/a through 1.7.7. | 2025-02-03 | 7.1 | CVE-2025-24576 |
Four-Faith–F3x36 | The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645. | 2025-02-04 | 9.8 | CVE-2024-9643 |
Four-Faith–F3x36 | The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the “bapply.cgi” endpoint instead of the normal “apply.cgi” endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities. | 2025-02-04 | 9.8 | CVE-2024-9644 |
gabrieldarezzo–InLocation | Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation allows Stored XSS. This issue affects InLocation: from n/a through 1.8. | 2025-02-07 | 7.1 | CVE-2025-25166 |
GitLab–GitLab VSCode Fork | An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE | 2025-02-07 | 8.7 | CVE-2024-10383 |
GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names. | 2025-02-05 | 7.5 | CVE-2024-2878 |
GitLab–GitLab | An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow. | 2025-02-05 | 7.5 | CVE-2024-9631 |
Go toolchain–cmd/go | On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a “#cgo LDFLAGS” directive. This issue only affected go1.24rc2. | 2025-02-06 | 7.5 | CVE-2025-22867 |
GT3 Photo Gallery–Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GT3 Photo Gallery Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery allows Reflected XSS. This issue affects Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.24. | 2025-02-03 | 7.1 | CVE-2025-24707 |
Haider Ali–Bulk Categories Assign | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Haider Ali Bulk Categories Assign allows Reflected XSS. This issue affects Bulk Categories Assign: from n/a through 1.0. | 2025-02-03 | 7.1 | CVE-2025-23582 |
Hakan Ozevin–WP BASE Booking | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hakan Ozevin WP BASE Booking allows Stored XSS. This issue affects WP BASE Booking: from n/a through 5.0.0. | 2025-02-03 | 7.1 | CVE-2025-22684 |
Hesabfa–Hesabfa Accounting | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hesabfa Hesabfa Accounting allows Reflected XSS. This issue affects Hesabfa Accounting: from n/a through 2.1.2. | 2025-02-03 | 7.1 | CVE-2025-22682 |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager | A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges. | 2025-02-04 | 8.8 | CVE-2025-23058 |
Honeywell–OneWireless Network Wireless Device Manager | Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to R322.3, R330.2 or the most recent version of this product2. | 2025-02-06 | 9.1 | CVE-2023-5878 |
Huawei–HarmonyOS | Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-02-06 | 7.7 | CVE-2024-57960 |
IBM–Cognos Analytics | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | 2025-02-05 | 7.1 | CVE-2024-49352 |
IBM–EntireX | IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | 2025-02-06 | 7.1 | CVE-2024-54171 |
IBM–Security Verify Access Appliance | IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges. | 2025-02-06 | 7.8 | CVE-2024-49814 |
IBM–Security Verify Directory | IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 2025-02-06 | 9.1 | CVE-2024-51450 |
idIA Tech–Catalog Importer, Scraper & Crawler | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in idIA Tech Catalog Importer, Scraper & Crawler allows Reflected XSS. This issue affects Catalog Importer, Scraper & Crawler: from n/a through 5.1.3. | 2025-02-03 | 7.1 | CVE-2025-22775 |
Impronta–Janto | Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user’s password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’. | 2025-02-07 | 9.9 | CVE-2025-1107 |
Impronta–Janto | Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into the ‘Xml’ parameter on the ‘/public/cgi/Gateway.php’ endpoint. | 2025-02-07 | 8.6 | CVE-2025-1108 |
Juniper Networks–Junos OS | This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS). This issue affects: Junos OS: * from 22.4 before 22.4R3-S4. Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO. | 2025-02-05 | 7.5 | CVE-2024-39564 |
kleor–Contact Manager | The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible in specific configurations where the first extension is processed over the final. This vulnerability also requires successfully exploiting a race condition in order to exploit. | 2025-02-05 | 8.1 | CVE-2025-1028 |
Landoweb Programador–World Cup Predictor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Landoweb Programador World Cup Predictor allows Reflected XSS. This issue affects World Cup Predictor: from n/a through 1.9.6. | 2025-02-04 | 7.1 | CVE-2025-22794 |
laurent22–joplin | Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin’s HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text Editor and the Markdown viewer. However, unlike the Rich Text Editor, the Markdown viewer is `cross-origin isolated`, which prevents JavaScript from directly accessing functions/variables in the toplevel Joplin `window`. This issue is not present in Joplin 3.1.24 and may have been introduced in `9b50539`. This is an XSS vulnerability that impacts users that open untrusted notes in the Rich Text Editor. This vulnerability has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-07 | 7.8 | CVE-2025-24028 |
laurent22–joplin | Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React’s `dangerouslySetInnerHTML`, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a restrictive `script-src`. This allows arbitrary JavaScript execution via inline `onclick`/`onload` event handlers in unsanitized HTML. Additionally, Joplin’s main window is created with `nodeIntegration` set to `true`, allowing arbitrary JavaScript execution to result in arbitrary code execution. Anyone who 1) receives notes from unknown sources and 2) uses <kbd>ctrl</kbd>-<kbd>p</kbd> to search is impacted. This issue has been addressed in version 3.1.24 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-07 | 7.8 | CVE-2025-25187 |
LukaszWiecek–Smart DoFollow | Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow allows Stored XSS. This issue affects Smart DoFollow: from n/a through 1.0.2. | 2025-02-07 | 7.1 | CVE-2025-25152 |
MagePeople Team–Taxi Booking Manager for WooCommerce | Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Object Injection. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.1.8. | 2025-02-03 | 9.8 | CVE-2025-24661 |
MantraBrain–Sikshya LMS | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MantraBrain Sikshya LMS allows Reflected XSS. This issue affects Sikshya LMS: from n/a through 0.0.21. | 2025-02-03 | 7.1 | CVE-2025-24630 |
manuelvicedo–Forge Front-End Page Builder | Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder allows Stored XSS. This issue affects Forge – Front-End Page Builder: from n/a through 1.4.6. | 2025-02-03 | 7.1 | CVE-2025-22703 |
Mark Barnes–Style Tweaker | Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11. | 2025-02-07 | 7.1 | CVE-2025-25160 |
Maxim Glazunov–XML for Avito | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Maxim Glazunov XML for Avito allows Reflected XSS. This issue affects XML for Avito: from n/a through 2.5.2. | 2025-02-03 | 7.1 | CVE-2025-24646 |
mediatek — nr16 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436. | 2025-02-03 | 9.8 | CVE-2025-20634 |
mediatek — software_development_kit | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00400889; Issue ID: MSV-2491. | 2025-02-03 | 8.8 | CVE-2025-20633 |
mediatek — software_development_kit | In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID: MSV-2380. | 2025-02-03 | 7.5 | CVE-2025-20637 |
MediaTek, Inc.–MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, MT7986 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187. | 2025-02-03 | 7.8 | CVE-2025-20631 |
MediaTek, Inc.–MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, MT7986 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397139; Issue ID: MSV-2188. | 2025-02-03 | 7.8 | CVE-2025-20632 |
Metatagg Inc–Custom WP Store Locator | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Metatagg Inc Custom WP Store Locator allows Reflected XSS. This issue affects Custom WP Store Locator: from n/a through 1.4.7. | 2025-02-03 | 7.1 | CVE-2025-24676 |
MetricThemes–Munk Sites | Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7. | 2025-02-07 | 9.6 | CVE-2025-25101 |
Microsoft–Dynamics 365 Sales | Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network. | 2025-02-06 | 8.7 | CVE-2025-21177 |
Microsoft–Microsoft Edge (Chromium-based) | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2025-02-06 | 8.8 | CVE-2025-21342 |
Microsoft–Microsoft Edge (Chromium-based) | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2025-02-06 | 8.8 | CVE-2025-21408 |
mozilla — firefox | An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | 2025-02-04 | 9.8 | CVE-2025-1009 |
mozilla — firefox | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | 2025-02-04 | 9.8 | CVE-2025-1016 |
mozilla — firefox | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | 2025-02-04 | 9.8 | CVE-2025-1017 |
mozilla — firefox | Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135. | 2025-02-04 | 9.8 | CVE-2025-1020 |
mozilla — firefox | An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | 2025-02-04 | 8.8 | CVE-2025-1010 |
mozilla — firefox | A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | 2025-02-04 | 8.8 | CVE-2025-1011 |
mozilla — firefox | Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | 2025-02-04 | 8.8 | CVE-2025-1014 |
mozilla — firefox | A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | 2025-02-04 | 7.5 | CVE-2025-1012 |
mraliende–URL-Preview-Box | Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box allows Cross Site Request Forgery. This issue affects URL-Preview-Box: from n/a through 1.20. | 2025-02-07 | 7.1 | CVE-2025-25104 |
n/a–cockpit-hq/cockpit | Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter. | 2025-02-05 | 7.5 | CVE-2025-1025 |
n/a–CoinRemitter | A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. This affects an unknown part. The manipulation of the argument coin leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.3 is able to address this issue. It is recommended to upgrade the affected component. | 2025-02-08 | 7.3 | CVE-2025-1117 |
n/a–n/a | SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field. | 2025-02-05 | 9.8 | CVE-2020-36084 |
n/a–n/a | Tiny File Manager v2.4.7 and below is vulnerable to session fixation. | 2025-02-06 | 9.8 | CVE-2022-40916 |
n/a–n/a | An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters. | 2025-02-04 | 9.8 | CVE-2024-48445 |
n/a–n/a | An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register. | 2025-02-07 | 9.8 | CVE-2024-55215 |
n/a–n/a | The latest version of utils-extend (1.0.8) is vulnerable to Prototype Pollution through the entry function(s) lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence. | 2025-02-05 | 9.1 | CVE-2024-57077 |
n/a–n/a | Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter. | 2025-02-03 | 9.8 | CVE-2024-57098 |
n/a–n/a | ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server. | 2025-02-03 | 9.8 | CVE-2024-57099 |
n/a–n/a | A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, malware injection, and session hijacking. | 2025-02-06 | 9.3 | CVE-2024-57428 |
n/a–n/a | An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation. | 2025-02-06 | 9.8 | CVE-2024-57430 |
n/a–n/a | ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. | 2025-02-03 | 9.8 | CVE-2024-57450 |
n/a–n/a | Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function | 2025-02-05 | 9.8 | CVE-2024-57520 |
n/a–n/a | In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability. | 2025-02-06 | 9.8 | CVE-2024-57668 |
n/a–n/a | eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. | 2025-02-03 | 9.8 | CVE-2025-22978 |
n/a–n/a | A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter, allowing attackers to execute arbitrary SQL commands under specific conditions. | 2025-02-06 | 9.8 | CVE-2025-22992 |
n/a–n/a | SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata. | 2025-02-03 | 9.8 | CVE-2025-25064 |
n/a–n/a | Incorrect access control in Geovision GV-ASWeb version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to manage and create new user accounts via supplying a crafted HTTP request. | 2025-02-03 | 8.1 | CVE-2024-56898 |
n/a–n/a | A Cross-Site Request Forgery (CSRF) in the Account Management component of Geovision GV-ASWeb version 6.1.1.0 or less allows attackers to arbitrarily create Admin accounts via a crafted GET request method. | 2025-02-03 | 8.8 | CVE-2024-56901 |
n/a–n/a | A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to execute arbitrary operations via supplying a crafted HTTP request. | 2025-02-03 | 8.8 | CVE-2024-56903 |
n/a–n/a | An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting ‘devpwd’. | 2025-02-07 | 8 | CVE-2024-57357 |
n/a–n/a | An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users who are disconnected from a previous peer-to-peer connection with the device to still have access to live video feed. | 2025-02-03 | 7.5 | CVE-2024-34896 |
n/a–n/a | Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability. | 2025-02-03 | 7.5 | CVE-2024-34897 |
n/a–n/a | Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication. | 2025-02-06 | 7.5 | CVE-2024-36558 |
n/a–n/a | In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user’s configuration and PII to be stolen. | 2025-02-06 | 7.5 | CVE-2024-39033 |
n/a–n/a | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level access on the device. The vulnerability affects version 5.24.3 and before of the software. | 2025-02-05 | 7.8 | CVE-2024-48394 |
n/a–n/a | An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function. | 2025-02-07 | 7.5 | CVE-2024-55272 |
n/a–n/a | Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter. | 2025-02-06 | 7.5 | CVE-2024-56889 |
n/a–n/a | An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response. | 2025-02-03 | 7.5 | CVE-2024-56921 |
n/a–n/a | A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57063 |
n/a–n/a | A prototype pollution in the lib.setValue function of @syncfusion/ej2-spreadsheet v27.2.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57064 |
n/a–n/a | A prototype pollution in the lib.createPath function of utile v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57065 |
n/a–n/a | A prototype pollution in the lib.deep function of @ndhoule/defaults v2.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57066 |
n/a–n/a | A prototype pollution in the lib.parse function of dot-qs v0.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57067 |
n/a–n/a | A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57068 |
n/a–n/a | A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57069 |
n/a–n/a | A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57071 |
n/a–n/a | A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57072 |
n/a–n/a | A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57074 |
n/a–n/a | A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57075 |
n/a–n/a | A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57076 |
n/a–n/a | A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57078 |
n/a–n/a | A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57079 |
n/a–n/a | A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57080 |
n/a–n/a | A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57081 |
n/a–n/a | A prototype pollution in the lib.createUploader function of @rpldy/uploader v1.8.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57082 |
n/a–n/a | A prototype pollution in the function lib.parse of dot-properties v1.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57084 |
n/a–n/a | A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57085 |
n/a–n/a | A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-05 | 7.5 | CVE-2024-57086 |
n/a–n/a | ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory. | 2025-02-03 | 7.5 | CVE-2024-57451 |
n/a–n/a | ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder. | 2025-02-03 | 7.5 | CVE-2024-57452 |
n/a–n/a | SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component. | 2025-02-07 | 7.5 | CVE-2024-57606 |
n/a–n/a | A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The Supplier’s position is that the Sylius core software is not intended to address brute-force attacks; instead, customers deploying a Sylius-based system are supposed to use “firewalls, rate-limiting middleware, or authentication providers” for that functionality. | 2025-02-06 | 7.5 | CVE-2024-57610 |
n/a–n/a | Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file. | 2025-02-03 | 7.5 | CVE-2024-57669 |
n/a–n/a | A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ‘{‘, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370. | 2025-02-05 | 7.5 | CVE-2024-57699 |
n/a–n/a | Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information. | 2025-02-03 | 7.5 | CVE-2025-22918 |
n/a–spatie/browsershot | Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content. | 2025-02-05 | 8.2 | CVE-2025-1022 |
n/a–spatie/browsershot | Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **Note:** This is a bypass of the fix for [CVE-2024-21549](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023). | 2025-02-05 | 8.6 | CVE-2025-1026 |
Netgear–FVS336Gv3 | The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted “util backup_configuration” commands. | 2025-02-04 | 7.2 | CVE-2024-23690 |
NETGEAR–XR1000 | NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users. | 2025-02-05 | 8.1 | CVE-2025-25246 |
nextendweb–Nextend Social Login Pro | The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | 2025-02-07 | 9.8 | CVE-2025-1061 |
Nik Sudan–WordPress Additional Logins | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nik Sudan WordPress Additional Logins allows Reflected XSS. This issue affects WordPress Additional Logins: from n/a through 1.0.0. | 2025-02-03 | 7.1 | CVE-2025-23614 |
Nirmal Kumar Ram–WP Social Stream | Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1. | 2025-02-07 | 7.1 | CVE-2025-25074 |
NotFound–Admin and Site Enhancements (ASE) Pro | Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.2.1. | 2025-02-03 | 7.5 | CVE-2024-43333 |
NotFound–AIO Shortcodes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound AIO Shortcodes allows Stored XSS. This issue affects AIO Shortcodes: from n/a through 1.3. | 2025-02-03 | 7.1 | CVE-2025-24620 |
NotFound–EmailPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound EmailPress allows Reflected XSS. This issue affects EmailPress: from n/a through 1.0. | 2025-02-03 | 7.1 | CVE-2025-23593 |
NotFound–eMarksheet | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound eMarksheet allows Reflected XSS. This issue affects eMarksheet: from n/a through 5.0. | 2025-02-03 | 7.1 | CVE-2025-23599 |
NotFound–Lockets | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Lockets allows Reflected XSS. This issue affects Lockets: from n/a through 0.999. | 2025-02-03 | 7.1 | CVE-2025-23923 |
NotFound–PAFacile | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound PAFacile allows Reflected XSS. This issue affects PAFacile: from n/a through 2.6.1. | 2025-02-03 | 7.1 | CVE-2025-23755 |
NotFound–RomanCart | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound RomanCart allows Reflected XSS. This issue affects RomanCart: from n/a through 0.0.2. | 2025-02-03 | 7.1 | CVE-2025-23685 |
NotFound–Traveler Code | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Traveler Code. This issue affects Traveler Code: from n/a through 3.1.0. | 2025-02-04 | 9 | CVE-2025-22699 |
NotFound–Traveler Code | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Traveler Code. This issue affects Traveler Code: from n/a through 3.1.0. | 2025-02-04 | 8.5 | CVE-2025-22700 |
NotFound–WP Cloud | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in NotFound WP Cloud allows Absolute Path Traversal. This issue affects WP Cloud: from n/a through 1.4.3. | 2025-02-03 | 7.5 | CVE-2025-23819 |
NotFound–WPJobBoard | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WPJobBoard allows Reflected XSS. This issue affects WPJobBoard: from n/a through 5.10.1. | 2025-02-03 | 7.1 | CVE-2025-24781 |
ntop–nDPI | nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c. | 2025-02-03 | 8.1 | CVE-2025-25066 |
nuxt-modules–mdc | MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the `javascript:` protocol scheme in the URL. The parsing logic implement in `props.ts` maintains a deny-list approach to filtering potential malicious payload. It does so by matching protocol schemes like `javascript:` and others. These security guards can be bypassed by an adversarial that provides JavaScript URLs with HTML entities encoded via hex string. Users who consume this library and perform markdown parsing from unvalidated sources could result in rendering vulnerable XSS anchor links. This vulnerability has been addressed in version 0.13.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-06 | 9.3 | CVE-2025-24981 |
Omnissa–Omnissa Horizon Client for MacOS | Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed. | 2025-02-04 | 7.8 | CVE-2024-11467 |
Omnissa–Omnissa Horizon Client for MacOS | Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed. | 2025-02-04 | 7.8 | CVE-2024-11468 |
OpenHarmony–OpenHarmony | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow. | 2025-02-07 | 8.8 | CVE-2025-0303 |
OpenHarmony–OpenHarmony | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. | 2025-02-07 | 8.8 | CVE-2025-0304 |
openPLC–OpenPLC | OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns. | 2025-02-06 | 9.8 | CVE-2025-1066 |
Optimize Worldwide–Find Content IDs | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Optimize Worldwide Find Content IDs allows Reflected XSS. This issue affects Find Content IDs: from n/a through 1.0. | 2025-02-04 | 7.1 | CVE-2025-23645 |
orlandolac–Facilita Form Tracker | Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker allows Stored XSS. This issue affects Facilita Form Tracker: from n/a through 1.0. | 2025-02-07 | 7.1 | CVE-2025-25128 |
Pepro Dev. Group–PeproDev WooCommerce Receipt Uploader | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pepro Dev. Group PeproDev WooCommerce Receipt Uploader allows Reflected XSS. This issue affects PeproDev WooCommerce Receipt Uploader: from n/a through 2.6.9. | 2025-02-03 | 7.1 | CVE-2025-24574 |
Phillip.Gooch–Auto SEO | Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO allows Stored XSS. This issue affects Auto SEO: from n/a through 2.5.6. | 2025-02-07 | 7.1 | CVE-2025-25147 |
PhiloPress–BP Email Assign Templates | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PhiloPress BP Email Assign Templates allows Reflected XSS. This issue affects BP Email Assign Templates: from n/a through 1.5. | 2025-02-03 | 7.1 | CVE-2025-24631 |
PickPlugins–Job Board Manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PickPlugins Job Board Manager allows Reflected XSS. This issue affects Job Board Manager: from n/a through 2.1.60. | 2025-02-03 | 7.1 | CVE-2025-22679 |
plainware.com–PlainInventory | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in plainware.com PlainInventory allows Reflected XSS. This issue affects PlainInventory: from n/a through 3.1.5. | 2025-02-03 | 7.1 | CVE-2025-24557 |
Progress–LoadMaster | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | 2025-02-05 | 8.4 | CVE-2024-56131 |
Progress–LoadMaster | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | 2025-02-05 | 8.4 | CVE-2024-56132 |
Progress–LoadMaster | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | 2025-02-05 | 8.4 | CVE-2024-56133 |
Progress–LoadMaster | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | 2025-02-05 | 8.4 | CVE-2024-56134 |
Progress–LoadMaster | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | 2025-02-05 | 8.4 | CVE-2024-56135 |
PX-lab–BoomBox Theme Extensions | The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the ‘boombox_listing’ shortcode ‘type’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. | 2025-02-03 | 8.8 | CVE-2024-12859 |
qualcomm — aqt1000_firmware | Memory corruption while configuring a Hypervisor based input virtual device. | 2025-02-03 | 8.8 | CVE-2024-38420 |
qualcomm — aqt1000_firmware | Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer. | 2025-02-03 | 7.8 | CVE-2024-45560 |
qualcomm — aqt1000_firmware | Memory corruption while handling IOCTL call from user-space to set latency level. | 2025-02-03 | 7.8 | CVE-2024-45561 |
qualcomm — ar8035_firmware | Memory corruption while parsing the ML IE due to invalid frame content. | 2025-02-03 | 9.8 | CVE-2024-45569 |
qualcomm — ar8035_firmware | Information disclosure while parsing the OCI IE with invalid length. | 2025-02-03 | 8.2 | CVE-2024-49838 |
qualcomm — ar8035_firmware | Memory corruption during management frame processing due to mismatch in T2LM info element. | 2025-02-03 | 8.2 | CVE-2024-49839 |
qualcomm — ar8035_firmware | Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. | 2025-02-03 | 7.5 | CVE-2024-38404 |
qualcomm — ar8035_firmware | Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface. | 2025-02-03 | 7.8 | CVE-2024-45571 |
qualcomm — ar8035_firmware | Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. | 2025-02-03 | 7.8 | CVE-2024-45584 |
qualcomm — c-v2x_9150_firmware | Memory corruption while parsing the memory map info in IOCTL calls. | 2025-02-03 | 7.8 | CVE-2024-38418 |
qualcomm — csra6620_firmware | Memory corruption while power-up or power-down sequence of the camera sensor. | 2025-02-03 | 7.8 | CVE-2024-49834 |
qualcomm — fastconnect_6200_firmware | Memory corruption while processing IOCTL from user space to handle GPU AHB bus error. | 2025-02-03 | 7.8 | CVE-2024-49843 |
qualcomm — fastconnect_6700_firmware | Memory corruption may occour while generating test pattern due to negative indexing of display ID. | 2025-02-03 | 7.8 | CVE-2024-45573 |
qualcomm — fastconnect_6700_firmware | Memory corruption can occur in the camera when an invalid CID is used. | 2025-02-03 | 7.8 | CVE-2024-49833 |
qualcomm — fastconnect_6900_firmware | Memory corruption while validating number of devices in Camera kernel . | 2025-02-03 | 7.8 | CVE-2024-45582 |
qualcomm — fastconnect_6900_firmware | Memory corruption in Camera due to unusually high number of nodes passed to AXI port. | 2025-02-03 | 7.8 | CVE-2024-49832 |
qualcomm — fastconnect_6900_firmware | Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality. | 2025-02-03 | 7.8 | CVE-2024-49840 |
qualcomm — qam8255p_firmware | Memory corruption while reading CPU state data during guest VM suspend. | 2025-02-03 | 7.8 | CVE-2024-49837 |
Realtyna–Realtyna Provisioning | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Realtyna Realtyna Provisioning allows Reflected XSS. This issue affects Realtyna Provisioning: from n/a through 1.2.2. | 2025-02-03 | 7.1 | CVE-2025-24656 |
RedefiningTheWeb–PDF Generator Addon for Elementor Page Builder | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder allows Path Traversal. This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through 1.7.5. | 2025-02-03 | 7.5 | CVE-2025-24569 |
regularlabs.com–Sourcerer for Joomla | Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability. | 2025-02-04 | 9.8 | CVE-2025-22204 |
Rishi–On Page SEO + Whatsapp Chat Button | Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button allows Stored XSS. This issue affects On Page SEO + Whatsapp Chat Button: from n/a through 2.0.0. | 2025-02-07 | 7.1 | CVE-2025-25138 |
robert_kolatzek–WP doodlez | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in robert_kolatzek WP doodlez allows Stored XSS. This issue affects WP doodlez: from n/a through 1.0.10. | 2025-02-07 | 7.1 | CVE-2025-25159 |
sainwp–OneStore Sites | Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1. | 2025-02-07 | 9.6 | CVE-2025-25107 |
Samsung Mobile–Samsung Mobile Devices | Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. | 2025-02-04 | 7 | CVE-2025-20881 |
Samsung Mobile–Samsung Mobile Devices | Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. | 2025-02-04 | 7 | CVE-2025-20882 |
Samsung Mobile–Samsung Mobile Devices | Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. | 2025-02-04 | 7 | CVE-2025-20888 |
Samsung Mobile–Samsung Mobile Devices | Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. | 2025-02-04 | 7 | CVE-2025-20890 |
Scriptonite–Simple User Profile | Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9. | 2025-02-07 | 7.1 | CVE-2025-25140 |
scweber–Custom Comment Notifications | Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications allows Stored XSS. This issue affects Custom Comment Notifications: from n/a through 1.0.8. | 2025-02-07 | 7.1 | CVE-2025-25154 |
SMCI–MBD-X12DPG-OA6 | There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process | 2025-02-04 | 7.2 | CVE-2024-10237 |
SMCI–MBD-X12DPG-OA6 | A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes. | 2025-02-04 | 7.2 | CVE-2024-10238 |
SMCI–MBD-X12DPG-OA6 | A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld. | 2025-02-04 | 7.2 | CVE-2024-10239 |
Soflyy–WP All Import Pro | The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2025-02-07 | 7.2 | CVE-2024-9664 |
sparkle-project–Sparkle | A security issue was found in Sparkle before version 2.64. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks. | 2025-02-04 | 7.3 | CVE-2025-0509 |
Stanko Metodiev–Quote Comments | Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments allows Stored XSS. This issue affects Quote Comments: from n/a through 2.2.1. | 2025-02-07 | 7.1 | CVE-2025-25156 |
StylemixThemes–uListing | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in StylemixThemes uListing allows SQL Injection. This issue affects uListing: from n/a through 2.1.6. | 2025-02-07 | 8.5 | CVE-2025-25151 |
sudipto–Link to URL / Post | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in sudipto Link to URL / Post allows Blind SQL Injection. This issue affects Link to URL / Post: from n/a through 1.3. | 2025-02-07 | 7.6 | CVE-2025-25116 |
Super Store Finder–Super Store Finder | The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into an already existing query to store cross-site scripting in store reviews. | 2025-02-09 | 7.5 | CVE-2024-13440 |
theasys–Theasys | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in theasys Theasys allows Stored XSS. This issue affects Theasys: from n/a through 1.0.1. | 2025-02-07 | 7.1 | CVE-2025-25144 |
ThriveDesk–ThriveDesk | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThriveDesk ThriveDesk allows Reflected XSS. This issue affects ThriveDesk: from n/a through 2.0.6. | 2025-02-03 | 7.1 | CVE-2025-24536 |
thunderbax–WP Admin Custom Page | Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page allows Stored XSS. This issue affects WP Admin Custom Page: from n/a through 1.5.0. | 2025-02-07 | 7.1 | CVE-2025-25072 |
topplugins–Vignette Ads | Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2. | 2025-02-07 | 7.1 | CVE-2025-25071 |
Tribulant–Newsletters | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6. | 2025-02-04 | 7.1 | CVE-2025-24599 |
Unknown–JustRows free | The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-02-04 | 7.1 | CVE-2024-13330 |
Unknown–Legull | The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-02-07 | 7.1 | CVE-2024-13352 |
Unknown–Solidres | The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-02-04 | 7.1 | CVE-2024-13329 |
uzzal mondal–Google Map With Fancybox | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in uzzal mondal Google Map With Fancybox allows Reflected XSS. This issue affects Google Map With Fancybox: from n/a through 2.1.0. | 2025-02-03 | 7.1 | CVE-2025-23594 |
Venugopal–Show notice or message on admin area | Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0. | 2025-02-07 | 7.1 | CVE-2025-25075 |
Victor Barkalov–Custom Links On Admin Dashboard Toolbar | Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3. | 2025-02-07 | 7.1 | CVE-2025-25135 |
vikashsrivastava1111989–VSTEMPLATE Creator | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in vikashsrivastava1111989 VSTEMPLATE Creator allows Reflected XSS. This issue affects VSTEMPLATE Creator: from n/a through 2.0.2. | 2025-02-03 | 7.1 | CVE-2025-23491 |
villatheme–CURCY Multi Currency for WooCommerce The best free currency exchange plugin Run smoothly on WooCommerce 9.x | The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-02-06 | 7.3 | CVE-2024-13487 |
vitest-dev–vitest | Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks. When `api` option is enabled (Vitest UI enables it), Vitest starts a WebSocket server. This WebSocket server did not check Origin header and did not have any authorization mechanism and was vulnerable to CSWSH attacks. This WebSocket server has `saveTestFile` API that can edit a test file and `rerun` API that can rerun the tests. An attacker can execute arbitrary code by injecting a code in a test file by the `saveTestFile` API and then running that file by calling the `rerun` API. This vulnerability can result in remote code execution for users that are using Vitest serve API. This issue has been patched in versions 1.6.1, 2.1.9 and 3.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-04 | 9.6 | CVE-2025-24964 |
wazuh–wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. The root cause is an improper ACL applied on the installation folder when a non-default installation path is specified (e.g,: C:\wazuh). Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUTHORITY\SYSTEM. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | 7.8 | CVE-2024-35177 |
WOW WordPress–WOW Best CSS Compiler | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WOW WordPress WOW Best CSS Compiler allows Reflected XSS. This issue affects WOW Best CSS Compiler: from n/a through 2.0.2. | 2025-02-03 | 7.1 | CVE-2025-23588 |
WP All Import–WP All Export Pro | The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentially leading to a complete site compromise. As a prerequisite, the custom export field should include fields containing user-supplied data. | 2025-02-07 | 8.3 | CVE-2024-7419 |
WP Travel–WP Travel | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Travel WP Travel allows SQL Injection. This issue affects WP Travel: from n/a through 10.1.0. | 2025-02-03 | 7.6 | CVE-2025-22691 |
wp.insider–Simple Membership Custom Messages | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wp.insider Simple Membership Custom Messages allows Reflected XSS. This issue affects Simple Membership Custom Messages: from n/a through 2.4. | 2025-02-03 | 7.1 | CVE-2025-24660 |
WP24–WP24 Domain Check | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP24 WP24 Domain Check allows Reflected XSS. This issue affects WP24 Domain Check: from n/a through 1.10.14. | 2025-02-04 | 7.1 | CVE-2025-24602 |
wpase.com–Admin and Site Enhancements (ASE) | Incorrect Privilege Assignment vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.1. | 2025-02-04 | 7.5 | CVE-2025-24648 |
WPGear–Import Excel to Gravity Forms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPGear Import Excel to Gravity Forms allows Reflected XSS. This issue affects Import Excel to Gravity Forms: from n/a through 1.18. | 2025-02-03 | 7.1 | CVE-2025-24629 |
WPSpins–Post/Page Copying Tool | Improper Control of Generation of Code (‘Code Injection’) vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. This issue affects Post/Page Copying Tool: from n/a through 2.0.3. | 2025-02-04 | 9.9 | CVE-2025-24677 |
www.admiror-design-studio.com–Admiror Gallery component for Joomla | Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x. | 2025-02-04 | 7.5 | CVE-2025-22205 |
xdark–Easy Related Posts | Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts allows Stored XSS. This issue affects Easy Related Posts: from n/a through 2.0.2. | 2025-02-07 | 7.1 | CVE-2025-25123 |
Xerox–Versalink B400 | With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access. | 2025-02-03 | 7.6 | CVE-2024-12511 |
yogeshojha–rengine | reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds. | 2025-02-04 | 8.8 | CVE-2025-24968 |
Zach Swetz–Plugin A/B Image Optimizer | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3. | 2025-02-07 | 7.5 | CVE-2025-25163 |
zankover–Fami Sales Popup | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in zankover Fami Sales Popup allows PHP Local File Inclusion. This issue affects Fami Sales Popup: from n/a through 2.0.0. | 2025-02-07 | 7.5 | CVE-2025-25141 |
zephyrproject-rtos–Zephyr | No proper validation of the length of user input in http_server_get_content_type_from_extension. | 2025-02-03 | 8.6 | CVE-2024-10395 |
zmseo–ZMSEO | Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO allows Stored XSS. This issue affects ZMSEO: from n/a through 1.14.1. | 2025-02-07 | 7.1 | CVE-2025-25126 |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
---|---|---|---|---|
2N–2N Access Commander | Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older. | 2025-02-06 | 6 | CVE-2024-47256 |
2N–2N OS | Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. | 2025-02-06 | 4.3 | CVE-2024-13416 |
2N–2N OS | Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state. | 2025-02-06 | 4.6 | CVE-2024-13417 |
Abinav Thakuri–WordPress Signature | Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri WordPress Signature allows Cross Site Request Forgery. This issue affects WordPress Signature: from n/a through 0.1. | 2025-02-03 | 5.4 | CVE-2025-22704 |
Adobe–Adobe Experience Manager | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2025-02-05 | 5.4 | CVE-2024-53962 |
Adobe–Adobe Experience Manager | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim’s browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated link or input data into a vulnerable page. | 2025-02-05 | 5.4 | CVE-2024-53963 |
Adobe–Adobe Experience Manager | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2025-02-05 | 5.4 | CVE-2024-53964 |
Adobe–Adobe Experience Manager | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim’s browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated link or input data into a vulnerable page. | 2025-02-05 | 5.4 | CVE-2024-53965 |
Adobe–Adobe Experience Manager | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2025-02-05 | 5.4 | CVE-2024-53966 |
Advantive–VeraCore | A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. | 2025-02-03 | 5.8 | CVE-2025-25181 |
Alex Polonski–Smart Countdown FX | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alex Polonski Smart Countdown FX allows Stored XSS. This issue affects Smart Countdown FX: from n/a through 1.5.5. | 2025-02-07 | 6.5 | CVE-2025-25117 |
Amento Tech Pvt ltd–WPGuppy | Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0. | 2025-02-03 | 6.5 | CVE-2025-24643 |
Amitythemes.com–Breaking News Ticker | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Amitythemes.com Breaking News Ticker allows Stored XSS. This issue affects Breaking News Ticker: from n/a through 2.4.4. | 2025-02-07 | 6.5 | CVE-2025-25094 |
Andrew Norcross–Google Earth Embed | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andrew Norcross Google Earth Embed allows Stored XSS. This issue affects Google Earth Embed: from n/a through 1.0. | 2025-02-07 | 6.5 | CVE-2025-25078 |
Animati–PACS | A vulnerability, which was classified as problematic, was found in Animati PACS up to 1.24.12.09.03. This affects an unknown part of the file /login. The manipulation of the argument p leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-02-07 | 4.3 | CVE-2025-1085 |
Apache Software Foundation–Apache Cassandra | In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations. This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10. This issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11. Operators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue. | 2025-02-04 | 5.3 | CVE-2024-27137 |
Apache Software Foundation–Apache Cassandra | Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue. | 2025-02-04 | 5.4 | CVE-2025-24860 |
Apache Software Foundation–Apache Doris | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue. | 2025-02-04 | 5.4 | CVE-2024-48019 |
Apache Software Foundation–Apache James server | Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue. | 2025-02-06 | 6.5 | CVE-2024-45626 |
AppHouseKitchen–AlDente Charge Limiter | A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component XPC Service. The manipulation leads to improper authorization. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.30 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional. | 2025-02-06 | 5.3 | CVE-2025-1078 |
Arm Ltd–Bifrost GPU Kernel Driver | Loop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a non-privileged user process to make valid GPU memory processing operations, including via WebGL or WebGPU, to cause the whole system to become unresponsive.This issue affects Bifrost GPU Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0; Valhall GPU Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0; Arm 5th Gen GPU Architecture Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0. | 2025-02-03 | 4 | CVE-2024-6790 |
backdropcms–backdrop | An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn’t sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an administrator attempts to edit a piece of content. This vulnerability is mitigated by the fact that an attacker must have the ability to create long text content (such as through the node or comment forms) and an administrator must edit (not view) the content that contains the malicious content. This problem only exists when using the CKEditor 5 module. | 2025-02-03 | 4.4 | CVE-2025-25062 |
backdropcms–backdrop | An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, it is possible to execute scripting in the browser when an SVG image is viewed. This issue is mitigated by the attacker needing to be able to upload SVG images, and that Backdrop embeds all uploaded SVG images within <img> tags, which prevents scripting from executing. The SVG must be viewed directly by its URL in order to run any embedded scripting. | 2025-02-03 | 4.4 | CVE-2025-25063 |
bnielsen–Indeed API | Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API allows Cross Site Request Forgery. This issue affects Indeed API: from n/a through 0.5. | 2025-02-07 | 4.3 | CVE-2025-25103 |
boldgrid–Post and Page Builder by BoldGrid Visual Drag and Drop Editor | The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-02-06 | 6.5 | CVE-2025-0859 |
bPlugins–Alert Box Block Display notice/alerts in the front end | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins Alert Box Block – Display notice/alerts in the front end allows Stored XSS. This issue affects Alert Box Block – Display notice/alerts in the front end: from n/a through 1.1.0. | 2025-02-04 | 6.5 | CVE-2025-22675 |
bplugins–B Slider- Gutenberg Slider Block for WP | The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the ‘bsb-slider’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to. | 2025-02-04 | 4.3 | CVE-2024-13514 |
By Averta–Shortcodes and extra features for Phlox theme | Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2. | 2025-02-03 | 4.3 | CVE-2024-50500 |
Checkmk–NagVis | The “NagVis” component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users. | 2025-02-04 | 5.4 | CVE-2024-13722 |
checkpoint–Multi-Domain Security Management, Quantum Security Management | In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway’s CRL cache. | 2025-02-06 | 5.3 | CVE-2024-24911 |
Cisco–Cisco Identity Services Engine Software | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. | 2025-02-05 | 4.8 | CVE-2025-20204 |
Cisco–Cisco Identity Services Engine Software | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. | 2025-02-05 | 4.8 | CVE-2025-20205 |
Cisco–Cisco Secure Email | A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid administrator credentials. This vulnerability is due to insufficient validation of XML configuration files by an affected device. An attacker could exploit this vulnerability by uploading a crafted XML configuration file. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. | 2025-02-05 | 6.5 | CVE-2025-20184 |
Cisco–Cisco Secure Email | A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Operator. | 2025-02-05 | 4.8 | CVE-2025-20180 |
Cisco–Cisco Secure Email | A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating system. This vulnerability exists because the appliances do not protect confidential information at rest in response to SNMP poll requests. An attacker could exploit this vulnerability by sending a crafted SNMP poll request to the affected appliance. A successful exploit could allow the attacker to discover confidential information that should be restricted. To exploit this vulnerability, an attacker must have the configured SNMP credentials. | 2025-02-05 | 4.3 | CVE-2025-20207 |
Cisco–Cisco Secure Web Appliance | A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a malicious file onto an endpoint. The vulnerability is due to improper handling of a crafted range request header. An attacker could exploit this vulnerability by sending an HTTP request with a crafted range request header through the affected device. A successful exploit could allow the attacker to evade the antivirus scanner and download malware onto the endpoint without detection by Cisco Secure Web Appliance. | 2025-02-05 | 5.8 | CVE-2025-20183 |
Cisco–Cisco TelePresence Video Communication Server (VCS) Expressway | A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. | 2025-02-05 | 6.1 | CVE-2025-20179 |
coffeestudios–Pop Up | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in coffeestudios Pop Up allows Stored XSS. This issue affects Pop Up: from n/a through 0.1. | 2025-02-07 | 5.9 | CVE-2025-25105 |
CyberArk–Privileged Access Manager | PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection. | 2025-02-03 | 4.2 | CVE-2024-54840 |
CyberArk–Privileged Access Manager | PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping. | 2025-02-03 | 4.2 | CVE-2024-57967 |
CyberChimps–Responsive Blocks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CyberChimps Responsive Blocks allows Reflected XSS. This issue affects Responsive Blocks: from n/a through 1.9.9. | 2025-02-04 | 6.5 | CVE-2025-22697 |
D-Link–DIR-823X | A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-02-07 | 6.5 | CVE-2025-1103 |
daveshine–Builder Shortcode Extras WordPress Shortcodes Collection to Save You Time | The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the ‘bse-elementor-template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to. | 2025-02-07 | 4.3 | CVE-2024-13841 |
DeannaS–Embed RSS | Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1. | 2025-02-07 | 4.2 | CVE-2025-25081 |
Dell–Avamar | Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user. | 2025-02-05 | 6.6 | CVE-2025-21117 |
Digital Zoom Studio–Demo User DZS | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Digital Zoom Studio Demo User DZS allows Stored XSS. This issue affects Demo User DZS: from n/a through 1.1.0. | 2025-02-03 | 6.5 | CVE-2025-23581 |
discourse–discourse | Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users’ browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP, disable inline Oneboxes globally, or allow specific domains for Oneboxing. | 2025-02-04 | 6.5 | CVE-2024-56328 |
discourse–discourse | Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users’ browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP. | 2025-02-04 | 6.5 | CVE-2025-22602 |
discourse–discourse | Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user’s profile page may be vulnerable to XSS. This has been patched in the latest version of Discourse core. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled. | 2025-02-04 | 4.3 | CVE-2024-53266 |
discourse–discourse | Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn’t enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This vulnerability is only exploitable by authenticated users. This issue has been patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade should turn off the `enable inline onebox on all domains` site setting and remove all entries from the `allowed inline onebox domains` site setting. | 2025-02-04 | 4.3 | CVE-2024-53851 |
discourse–discourse | Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings. | 2025-02-04 | 4.3 | CVE-2024-53994 |
dugbug–Easy Chart Builder for WordPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n/a through 1.3. | 2025-02-07 | 6.5 | CVE-2025-25077 |
EmbedPress–Document Block Upload & Embed Docs | Missing Authorization vulnerability in EmbedPress Document Block – Upload & Embed Docs. This issue affects Document Block – Upload & Embed Docs: from n/a through 1.1.0. | 2025-02-04 | 5.4 | CVE-2025-22696 |
Enalean–tuleap | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | 5.3 | CVE-2025-24029 |
Enalean–tuleap | Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | 4.3 | CVE-2025-22129 |
F5–BIG-IP Next Central Manager | When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node’s Kubernetes service to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 6.5 | CVE-2025-24319 |
F5–BIG-IP Next Central Manager | When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 4.4 | CVE-2025-23413 |
F5–NGINX Open Source | When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 4.3 | CVE-2025-23419 |
FameThemes–OnePress | Missing Authorization vulnerability in FameThemes OnePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OnePress: from n/a through 2.3.11. | 2025-02-04 | 4.3 | CVE-2025-22643 |
Felipe Peixoto–Powerful Auto Chat | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Felipe Peixoto Powerful Auto Chat allows Stored XSS. This issue affects Powerful Auto Chat: from n/a through 1.9.8. | 2025-02-03 | 6.5 | CVE-2025-22292 |
Garrett Grimm–Simple Select All Text Box | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Garrett Grimm Simple Select All Text Box allows Stored XSS. This issue affects Simple Select All Text Box: from n/a through 3.2. | 2025-02-07 | 6.5 | CVE-2025-25079 |
Get Bowtied–Product Blocks for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Get Bowtied Product Blocks for WooCommerce allows Stored XSS. This issue affects Product Blocks for WooCommerce: from n/a through 1.9.1. | 2025-02-04 | 6.5 | CVE-2025-22674 |
GitLab–GitLab | A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation. | 2025-02-05 | 6.5 | CVE-2023-6386 |
GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to unauthorised instance users. | 2025-02-05 | 6.5 | CVE-2024-3976 |
GitLab–GitLab | A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer. | 2025-02-07 | 6.5 | CVE-2025-1072 |
GitLab–GitLab | An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API. | 2025-02-05 | 4.3 | CVE-2024-1539 |
GitLab–GitLab | An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot. | 2025-02-05 | 4.4 | CVE-2024-6356 |
google — android | In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073. | 2025-02-03 | 6.6 | CVE-2024-20141 |
google — android | In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070. | 2025-02-03 | 6.6 | CVE-2024-20142 |
google — android | In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431. | 2025-02-03 | 6.7 | CVE-2025-20636 |
google — android | In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060. | 2025-02-03 | 6.6 | CVE-2025-20639 |
google — android | In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058. | 2025-02-03 | 6.6 | CVE-2025-20641 |
google — android | In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057. | 2025-02-03 | 6.6 | CVE-2025-20642 |
google — android | In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066. | 2025-02-03 | 4.3 | CVE-2025-20638 |
google — android | In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059. | 2025-02-03 | 4.3 | CVE-2025-20640 |
Google–Chrome | Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-02-04 | 6.3 | CVE-2025-0444 |
Google–Chrome | Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) | 2025-02-04 | 6.3 | CVE-2025-0451 |
Google–Chrome | Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-02-04 | 5.4 | CVE-2025-0445 |
GREYS–Korea for WooCommerce | Insertion of Sensitive Information Into Sent Data vulnerability in GREYS Korea for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Korea for WooCommerce: from n/a through 1.1.11. | 2025-02-03 | 6.5 | CVE-2025-24639 |
GSheetConnector–CF7 Google Sheets Connector | Missing Authorization vulnerability in GSheetConnector CF7 Google Sheets Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Google Sheets Connector: from n/a through 5.0.17. | 2025-02-03 | 5.3 | CVE-2025-22686 |
gubbigubbi–Kona Gallery Block | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gubbigubbi Kona Gallery Block allows Stored XSS. This issue affects Kona Gallery Block: from n/a through 1.7. | 2025-02-07 | 6.5 | CVE-2025-25080 |
hasthemes — ht_mega | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_css’ and ‘inner_css’ parameters in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-02-04 | 6.4 | CVE-2024-12597 |
HCL Software–iAutomate | HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim’s session ID from their authenticated session. | 2025-02-05 | 5.5 | CVE-2024-42207 |
Hemnath Mouli–WC Wallet | Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WC Wallet: from n/a through 2.2.0. | 2025-02-03 | 6.5 | CVE-2025-23527 |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager | A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system. | 2025-02-04 | 6.8 | CVE-2025-23059 |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager | A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering. | 2025-02-04 | 6.6 | CVE-2025-23060 |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager | A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. | 2025-02-04 | 4.7 | CVE-2025-25039 |
Holded–Holded | A Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality. | 2025-02-06 | 4.8 | CVE-2025-1076 |
Huawei–HarmonyOS | Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-02-06 | 6.2 | CVE-2024-12602 |
Huawei–HarmonyOS | Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-02-06 | 6.2 | CVE-2024-57954 |
Huawei–HarmonyOS | Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-02-06 | 6.1 | CVE-2024-57955 |
Huawei–HarmonyOS | Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-02-06 | 6.6 | CVE-2024-57957 |
Huawei–HarmonyOS | Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-02-06 | 6.1 | CVE-2024-57959 |
Huawei–HarmonyOS | Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-02-06 | 6.8 | CVE-2024-57961 |
Huawei–HarmonyOS | Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-02-06 | 6.1 | CVE-2024-57962 |
Huawei–HarmonyOS | Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-02-06 | 5.7 | CVE-2024-57958 |
ibasit–GlobalQuran | Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran allows Cross Site Request Forgery. This issue affects GlobalQuran: from n/a through 1.0. | 2025-02-07 | 4.3 | CVE-2025-25143 |
IBM–ApplinX | IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-02-06 | 6.4 | CVE-2024-49791 |
IBM–ApplinX | IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-02-06 | 5.4 | CVE-2024-49792 |
IBM–ApplinX | IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-02-06 | 5.4 | CVE-2024-49793 |
IBM–ApplinX | IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. | 2025-02-06 | 5.4 | CVE-2024-49796 |
IBM–ApplinX | IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | 2025-02-06 | 5.9 | CVE-2024-49797 |
IBM–ApplinX | IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 2025-02-06 | 4.3 | CVE-2024-49794 |
IBM–ApplinX | IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 2025-02-06 | 4.3 | CVE-2024-49795 |
IBM–ApplinX | IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-02-06 | 4.3 | CVE-2024-49798 |
IBM–ApplinX | IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. | 2025-02-06 | 4.3 | CVE-2024-49800 |
IBM–Aspera Shares | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-02-05 | 6.4 | CVE-2024-56472 |
IBM–Aspera Shares | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 2025-02-05 | 5.4 | CVE-2024-56470 |
IBM–Aspera Shares | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 2025-02-05 | 5.4 | CVE-2024-56471 |
IBM–Aspera Shares | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of ‘Client-IP’ headers. | 2025-02-05 | 5.3 | CVE-2024-56473 |
IBM–Aspera Shares | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. | 2025-02-05 | 4.3 | CVE-2024-38316 |
IBM–Aspera Shares | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-02-05 | 4.8 | CVE-2024-38317 |
IBM–Aspera Shares | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. | 2025-02-05 | 4.8 | CVE-2024-38318 |
IBM–Cloud Pak for Business Automation | IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-02-05 | 6.4 | CVE-2024-52365 |
IBM–Cloud Pak for Business Automation | IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-02-05 | 5.4 | CVE-2024-52364 |
IBM–Cloud Pak for Business Automation | IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context. | 2025-02-05 | 4.3 | CVE-2024-49348 |
IBM–EntireX | IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation. | 2025-02-06 | 5.5 | CVE-2025-0158 |
IBM–IBM App Connect Enterprise | IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories. | 2025-02-06 | 6.5 | CVE-2025-0799 |
IBM–Jazz for Service Management | IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-02-06 | 6.1 | CVE-2024-52892 |
IBM–Security Verify Access Appliance | IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 2025-02-04 | 6.5 | CVE-2024-35138 |
IBM–Security Verify Access Appliance | IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-02-04 | 6.1 | CVE-2024-40700 |
IBM–Security Verify Access Appliance | IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | 2025-02-04 | 5.9 | CVE-2024-43187 |
IBM–Security Verify Access Appliance | IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. | 2025-02-04 | 5 | CVE-2024-45657 |
IBM–Security Verify Access Appliance | IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | 2025-02-04 | 5.3 | CVE-2024-45659 |
IBM–UrbanCode Deploy | IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | 2025-02-08 | 4.3 | CVE-2024-54176 |
ietf — generic_routing_encapsulation | GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136. | 2025-02-05 | 6.5 | CVE-2024-7595 |
ietf — generic_udp_encapsulation | Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136. | 2025-02-05 | 6.5 | CVE-2024-7596 |
imithemes–Eventer – WordPress Event & Booking Manager Plugin | The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-02-03 | 6.4 | CVE-2024-11132 |
imithemes–Eventer – WordPress Event & Booking Manager Plugin | The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘handle_pdf_download_request’ function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets. | 2025-02-03 | 5.3 | CVE-2024-11133 |
imithemes–Eventer – WordPress Event & Booking Manager Plugin | The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘eventer_export_bookings_csv’ function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to download bookings, which contains customers’ personal data. | 2025-02-03 | 4.3 | CVE-2024-11134 |
iqonicdesign–SocialV – Social Network and Community BuddyPress Theme | The SocialV – Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘socialv_send_download_file’ function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download arbitrary files from the target system. | 2025-02-04 | 6.5 | CVE-2024-13529 |
joomsky.com–JS Jobs component for Joomla | A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the ‘fieldfor’ parameter in the GDPR Field feature. | 2025-02-04 | 4.7 | CVE-2025-22206 |
jordan.hatch–Infusionsoft Analytics | Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0. | 2025-02-07 | 5.4 | CVE-2025-25145 |
Kaspersky–Kaspersky Anti-Virus SDK for Windows | Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products. | 2025-02-06 | 5.3 | CVE-2024-13614 |
KDE–ark | libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive. | 2025-02-03 | 5 | CVE-2024-57966 |
Ksher–Ksher | Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ksher: from n/a through 1.1.2. | 2025-02-04 | 6.5 | CVE-2025-22730 |
kwiliarty–External Video For Everybody | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in kwiliarty External Video For Everybody allows Stored XSS. This issue affects External Video For Everybody: from n/a through 2.1.1. | 2025-02-07 | 6.5 | CVE-2025-25097 |
Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don’t fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044interval_overlap_0 Expected: 0-2 . 0-3, got: W: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1 Insertion must ignore duplicate but expired entries. Moreover, there is a strange asymmetry in nft_pipapo_activate: It refetches the current element, whereas the other ->activate callbacks (bitmap, hash, rhash, rbtree) use elem->priv. Same for .remove: other set implementations take elem->priv, nft_pipapo_remove fetches elem->priv, then does a relookup, remove this. I suspect this was the reason for the change that prompted the removal of the expired check in pipapo_get() in the first place, but skipping exired elements there makes no sense to me, this helper is used for normal get requests, insertions (duplicate check) and deactivate callback. In first two cases expired elements must be skipped. For ->deactivate(), this gets called for DELSETELEM, so it seems to me that expired elements should be skipped as well, i.e. delete request should fail with -ENOENT error. | 2025-02-05 | 6.2 | CVE-2023-52925 |
linuxfoundation — yocto | In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434. | 2025-02-03 | 6.6 | CVE-2025-20635 |
matt_mcbrien–WP SimpleWeather | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in matt_mcbrien WP SimpleWeather allows Stored XSS. This issue affects WP SimpleWeather: from n/a through 0.2.5. | 2025-02-07 | 6.5 | CVE-2025-25085 |
Max Chirkov–FlexIDX Home Search | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Max Chirkov FlexIDX Home Search allows Stored XSS. This issue affects FlexIDX Home Search: from n/a through 2.1.2. | 2025-02-07 | 6.5 | CVE-2025-25082 |
MaxD–Lightning Module | A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | 2025-02-03 | 5 | CVE-2025-0974 |
MediaTek, Inc.–MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6985, MT6989, MT6990, MT7902, MT7920, MT7921, MT7922, MT7925, MT7927, MT8195, MT8370, MT8390, MT8395, MT8518S, MT8532, MT8678 | In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797. | 2025-02-03 | 5.3 | CVE-2024-20147 |
Melodic Media–Slide Banners | Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3. | 2025-02-07 | 4.3 | CVE-2025-25120 |
Metagauss–Event Kikfyre | Missing Authorization vulnerability in Metagauss Event Kikfyre allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Kikfyre: from n/a through 2.1.8. | 2025-02-07 | 5.4 | CVE-2025-25110 |
Microsoft–Microsoft Edge (Chromium-based) | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2025-02-06 | 6.5 | CVE-2025-21279 |
Microsoft–Microsoft Edge (Chromium-based) | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2025-02-06 | 6.5 | CVE-2025-21283 |
Microsoft–Microsoft Edge (Chromium-based) | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2025-02-06 | 4.4 | CVE-2025-21267 |
Microsoft–Microsoft Edge (Chromium-based) | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2025-02-06 | 4.3 | CVE-2025-21404 |
Microsoft–Microsoft Edge for Android | Microsoft Edge for IOS and Android Spoofing Vulnerability | 2025-02-06 | 5.3 | CVE-2025-21253 |
Mindskip–xzs-mysql | A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql å¦ä¹‹æ€å¼€æºè€ƒè¯•ç³»ç»Ÿ 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-02-07 | 4.3 | CVE-2025-1084 |
mlfactory–DSGVO All in one for WP | The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the user_remove_form.php file. This makes it possible for unauthenticated attackers to delete admin user accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-02-04 | 6.5 | CVE-2024-13356 |
mozilla — firefox | The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135. | 2025-02-04 | 5.3 | CVE-2025-1018 |
mozilla — firefox | The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135. | 2025-02-04 | 4.3 | CVE-2025-1019 |
mozilla — thunderbird | Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135. | 2025-02-04 | 6.5 | CVE-2025-0510 |
mozilla — thunderbird | The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7. | 2025-02-04 | 5.4 | CVE-2025-1015 |
Mozilla–Firefox | A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | 2025-02-04 | 6.5 | CVE-2025-1013 |
n/a–CmsEasy | A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument select[] leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-02-03 | 5.4 | CVE-2025-0973 |
n/a–CmsEasy | A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-02-07 | 5.4 | CVE-2025-1106 |
n/a–n/a | The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component. | 2025-02-03 | 6.5 | CVE-2024-36437 |
n/a–n/a | Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page. | 2025-02-03 | 6.1 | CVE-2024-44449 |
n/a–n/a | itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. | 2025-02-03 | 6.1 | CVE-2024-50656 |
n/a–n/a | An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID field. If an administrator logs into the device, the injected script runs in their browser, executing the malicious payload. | 2025-02-03 | 6.1 | CVE-2024-53943 |
n/a–n/a | lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell | 2025-02-03 | 6.5 | CVE-2024-55456 |
n/a–n/a | An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to be able to request information about other accounts via a crafted HTTP request. | 2025-02-03 | 6.5 | CVE-2024-56902 |
n/a–n/a | PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim’s browser. Attackers can craft malicious links to steal session cookies or conduct phishing attacks. | 2025-02-06 | 6.1 | CVE-2024-57427 |
n/a–n/a | SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation. | 2025-02-03 | 6.4 | CVE-2024-57522 |
n/a–n/a | A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability. | 2025-02-05 | 6.5 | CVE-2024-57598 |
n/a–n/a | Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2025-02-03 | 5.9 | CVE-2023-52163 |
n/a–n/a | access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2025-02-03 | 5.1 | CVE-2023-52164 |
n/a–n/a | A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspecting victim’s browser. | 2025-02-05 | 5.4 | CVE-2024-54853 |
n/a–n/a | Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads. | 2025-02-03 | 5.3 | CVE-2024-56946 |
n/a–n/a | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php. | 2025-02-03 | 5.4 | CVE-2024-57175 |
n/a–n/a | A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript payloads. When a victim accesses a crafted URL containing the malicious input, the script executes in the victim’s browser context. | 2025-02-07 | 5.4 | CVE-2024-57278 |
n/a–n/a | A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the LDAP User Manager <= ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input, allowing an attacker to inject malicious JavaScript. | 2025-02-07 | 5.4 | CVE-2024-57279 |
n/a–n/a | A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request. | 2025-02-06 | 5.4 | CVE-2024-57429 |
n/a–n/a | An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module. | 2025-02-06 | 5.5 | CVE-2024-57672 |
n/a–n/a | An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module | 2025-02-06 | 5.5 | CVE-2024-57673 |
n/a–n/a | SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints. | 2025-02-03 | 5.3 | CVE-2025-25065 |
n/a–n/a | Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file. | 2025-02-06 | 4.8 | CVE-2022-40490 |
n/a–n/a | ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php. | 2025-02-03 | 4.8 | CVE-2024-57097 |
n/a–n/a | Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function. | 2025-02-03 | 4.8 | CVE-2024-57498 |
n/a–n/a | Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user. | 2025-02-06 | 4.5 | CVE-2024-57523 |
n/a–n/a | Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php | 2025-02-06 | 4.8 | CVE-2024-57599 |
n/a–SiberianCMS | A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-02-07 | 4.3 | CVE-2025-1105 |
nicheaddons–Medical Addon for Elementor | The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the ‘namedical_elementor_template’ shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of draft, pending, and private posts. | 2025-02-04 | 4.3 | CVE-2024-12046 |
nicholaswilson–Graceful Email Obfuscation | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in nicholaswilson Graceful Email Obfuscation allows Stored XSS. This issue affects Graceful Email Obfuscation: from n/a through 0.2.2. | 2025-02-07 | 6.5 | CVE-2025-25076 |
NirWp Team–Nirweb support | Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support. This issue affects Nirweb support: from n/a through 3.0.3. | 2025-02-03 | 4.3 | CVE-2025-22695 |
Nitesh Singh–Awesome Timeline | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nitesh Singh Awesome Timeline allows Stored XSS. This issue affects Awesome Timeline: from n/a through 1.0.1. | 2025-02-03 | 6.5 | CVE-2025-23747 |
NotFound–MLL Audio Player MP3 Ajax | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound MLL Audio Player MP3 Ajax allows Stored XSS. This issue affects MLL Audio Player MP3 Ajax: from n/a through 0.7. | 2025-02-03 | 6.5 | CVE-2025-23561 |
NotFound–Traveler Layout Essential For Elementor | Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8. | 2025-02-03 | 5.4 | CVE-2025-22701 |
OpenHarmony–OpenHarmony | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow. | 2025-02-07 | 5.5 | CVE-2025-0302 |
paulswarthout–Child Themes Helper | Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child Themes Helper allows Path Traversal. This issue affects Child Themes Helper: from n/a through 2.2.7. | 2025-02-07 | 6.1 | CVE-2025-25093 |
Pixelite–Meta Tag Manager | Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1. | 2025-02-03 | 4.3 | CVE-2025-22260 |
Prem Tiwari–FM Notification Bar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Prem Tiwari FM Notification Bar allows Stored XSS. This issue affects FM Notification Bar: from n/a through 1.0.2. | 2025-02-04 | 5.9 | CVE-2025-22641 |
PuppetPu–Puppet Agent | Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release. | 2025-02-07 | 6.6 | CVE-2021-27017 |
qodeinteractive — qi_addons_for_elementor | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor’ parameter in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in versions 1.8.5, 1.8.6, and 1.8.7. | 2025-02-04 | 6.4 | CVE-2024-13699 |
qualcomm — ar8035_firmware | Information disclosure during audio playback. | 2025-02-03 | 6.1 | CVE-2024-38416 |
qualcomm — ar8035_firmware | Information disclosure while processing IO control commands. | 2025-02-03 | 6.1 | CVE-2024-38417 |
qualcomm — fastconnect_6900_firmware | Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls. | 2025-02-03 | 6.6 | CVE-2024-38411 |
qualcomm — fastconnect_6900_firmware | Information disclosure while processing information on firmware image during core initialization. | 2025-02-03 | 6.1 | CVE-2024-38414 |
qualcomm — fastconnect_7800_firmware | Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors. | 2025-02-03 | 6.6 | CVE-2024-38412 |
qualcomm — fastconnect_7800_firmware | Memory corruption while processing frame packets. | 2025-02-03 | 6.6 | CVE-2024-38413 |
rabilal–JS Help Desk The Ultimate Help Desk & Support Plugin | The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the ‘exportusereraserequest’ due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user. | 2025-02-04 | 4.3 | CVE-2024-13607 |
ramon-fincken–Simple add pages or posts | The Simple add pages or posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-02-08 | 5.5 | CVE-2024-13850 |
realmag777–WOLF | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in realmag777 WOLF allows Path Traversal. This issue affects WOLF: from n/a through 1.0.8.5. | 2025-02-03 | 4.9 | CVE-2025-24605 |
Realwebcare–Image Gallery Responsive Photo Gallery | Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Gallery – Responsive Photo Gallery: from n/a through 1.0.5. | 2025-02-03 | 6.5 | CVE-2025-24697 |
reverbnationdev–ReverbNation Widgets | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in reverbnationdev ReverbNation Widgets allows Stored XSS. This issue affects ReverbNation Widgets: from n/a through 2.1. | 2025-02-07 | 6.5 | CVE-2025-25095 |
RTO GmbH–Dynamic Conditions | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RTO GmbH Dynamic Conditions allows Stored XSS. This issue affects Dynamic Conditions: from n/a through 1.7.4. | 2025-02-04 | 6.5 | CVE-2025-22642 |
Safetytest–Cloud-Master Server | A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: ‘../filedir’. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-02-07 | 5.3 | CVE-2025-1086 |
saleandro–Songkick Concerts and Festivals | Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals allows Cross Site Request Forgery. This issue affects Songkick Concerts and Festivals: from n/a through 0.9.7. | 2025-02-07 | 4.3 | CVE-2025-25146 |
Samsung Mobile–Blockchain Keystore | Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory. | 2025-02-04 | 6.3 | CVE-2025-20900 |
Samsung Mobile–Blockchain Keystore | Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory. | 2025-02-04 | 4.4 | CVE-2025-20901 |
Samsung Mobile–EasySetup | Use of implicit intent for sensitive communication in EasySetup prior to version 11.1.18 allows local attackers to access sensitive information. | 2025-02-04 | 4 | CVE-2025-20896 |
Samsung Mobile–Media Controller | Improper access control in Media Controller prior to version 1.0.24.5282 allows local attacker to launch activities in MediaController’s privilege. | 2025-02-04 | 5.1 | CVE-2025-20902 |
Samsung Mobile–PushNotification | Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information. | 2025-02-04 | 4 | CVE-2025-20899 |
Samsung Mobile–Samsung Email | Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles. | 2025-02-04 | 4.6 | CVE-2025-20894 |
Samsung Mobile–Samsung Members | Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles. | 2025-02-04 | 4.6 | CVE-2025-20898 |
Samsung Mobile–Samsung Mobile Devices | Out-of-bounds write in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. | 2025-02-04 | 6.4 | CVE-2025-20885 |
Samsung Mobile–Samsung Mobile Devices | Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption. | 2025-02-04 | 6.3 | CVE-2025-20904 |
Samsung Mobile–Samsung Mobile Devices | Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory. | 2025-02-04 | 6.3 | CVE-2025-20905 |
Samsung Mobile–Samsung Mobile Devices | Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find. | 2025-02-04 | 6 | CVE-2025-20907 |
Samsung Mobile–Samsung Mobile Devices | Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. | 2025-02-04 | 5.3 | CVE-2025-20887 |
Samsung Mobile–Samsung Mobile Devices | Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. | 2025-02-04 | 5.3 | CVE-2025-20889 |
Samsung Mobile–Samsung Mobile Devices | Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. | 2025-02-04 | 5.3 | CVE-2025-20891 |
Samsung Mobile–Samsung Mobile Devices | Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability. | 2025-02-04 | 5.9 | CVE-2025-20892 |
Samsung Mobile–Samsung Mobile Devices | Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications. | 2025-02-04 | 5.1 | CVE-2025-20893 |
Samsung Mobile–Samsung Mobile Devices | Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB. | 2025-02-04 | 5.5 | CVE-2025-20906 |
Samsung Mobile–Samsung Mobile Devices | Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. | 2025-02-04 | 4.6 | CVE-2025-20883 |
Samsung Mobile–Samsung Mobile Devices | Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. | 2025-02-04 | 4.6 | CVE-2025-20884 |
Samsung Mobile–Samsung Mobile Devices | Inclusion of sensitive information in test code in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. | 2025-02-04 | 4.1 | CVE-2025-20886 |
Samsung Mobile–Secure Folder | Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder. | 2025-02-04 | 6.8 | CVE-2025-20897 |
scriptsbundle–DWT – Directory & Listing WordPress Theme | The DWT – Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-02-08 | 6.4 | CVE-2025-0169 |
SendPulse–SendPulse Email Marketing Newsletter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS. This issue affects SendPulse Email Marketing Newsletter: from n/a through 2.1.5. | 2025-02-04 | 6.5 | CVE-2025-22662 |
shopsite–ShopSite | The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-02-04 | 6.1 | CVE-2024-13510 |
shujahat21–Optimate Ads | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in shujahat21 Optimate Ads allows Stored XSS. This issue affects Optimate Ads: from n/a through 1.0.3. | 2025-02-07 | 6.5 | CVE-2025-25136 |
smub–WPForms Easy Form Builder for WordPress Contact Forms, Payment Forms, Surveys, & More | The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-02-04 | 6.4 | CVE-2024-13403 |
Soflyy–WP All Import Pro | The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported content (posts, comments, users, etc.) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-02-07 | 4.3 | CVE-2024-9661 |
sonalsinha21–SKT Blocks Gutenberg based Page Builder | The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s skt-blocks/post-carousel block in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-02-04 | 6.4 | CVE-2024-13733 |
Survey Maker team–Survey Maker | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Survey Maker team Survey Maker allows Stored XSS. This issue affects Survey Maker: from n/a through 5.1.3.5. | 2025-02-04 | 5.9 | CVE-2025-22664 |
taisan–tarzan-cms | A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-02-07 | 6.3 | CVE-2025-1113 |
templaza–Music Press Pro | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in templaza Music Press Pro allows Stored XSS. This issue affects Music Press Pro: from n/a through 1.4.6. | 2025-02-04 | 6.5 | CVE-2025-22653 |
theDotstore–Hide Shipping Method For WooCommerce | Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0. | 2025-02-03 | 4.3 | CVE-2025-22694 |
theme funda–Setup Default Featured Image | Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2. | 2025-02-03 | 6.5 | CVE-2025-24642 |
titusbicknell–RSS in Page | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in titusbicknell RSS in Page allows Stored XSS. This issue affects RSS in Page: from n/a through 2.9.1. | 2025-02-07 | 6.5 | CVE-2025-25096 |
tripetto–WordPress form builder plugin for contact forms, surveys and quizzes Tripetto | The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.0.8 via the ‘attachments.php’ file. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via forms. | 2025-02-05 | 5.3 | CVE-2024-13829 |
UIUX Lab–Uix Shortcodes | Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3. | 2025-02-03 | 4.8 | CVE-2025-22677 |
Unknown–Banner Garden Plugin for WordPress | The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users. | 2025-02-04 | 6.1 | CVE-2025-0368 |
Unknown–Essential WP Real Estate | The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. | 2025-02-03 | 6.8 | CVE-2024-13347 |
Unknown–Giga Messenger | The Giga Messenger WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-02-04 | 6.1 | CVE-2024-13328 |
Unknown–Glossy | The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-02-04 | 6.1 | CVE-2024-13325 |
Unknown–Guten Free Options | The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-02-07 | 6.1 | CVE-2024-13492 |
Unknown–iBuildApp | The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-02-04 | 6.1 | CVE-2024-13326 |
Unknown–LikeBot | The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2025-02-06 | 6.1 | CVE-2025-0522 |
Unknown–Musicbox | The Musicbox WordPress plugin through 2.0.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-02-04 | 6.1 | CVE-2024-13327 |
Unknown–Sensei LMS | The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information. | 2025-02-04 | 5.3 | CVE-2025-0466 |
Unknown–TransFinanz | The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-02-04 | 6.1 | CVE-2024-13332 |
Unknown–WP Dream Carousel | The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-02-04 | 6.1 | CVE-2024-13331 |
Unknown–WP Projects Portfolio with Client Testimonials | The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-02-04 | 6.1 | CVE-2024-13114 |
Unknown–WP Projects Portfolio with Client Testimonials | The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2025-02-04 | 6.1 | CVE-2024-13115 |
Vasilis Triantafyllou–Easy WP Tiles | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vasilis Triantafyllou Easy WP Tiles allows Stored XSS. This issue affects Easy WP Tiles: from n/a through 1. | 2025-02-07 | 5.9 | CVE-2025-25073 |
vitest-dev–vitest | Vitest is a testing framework powered by Vite. The `__screenshot-error` handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by `browser.api.host: true`, an attacker can send a request to that handler from remote to get the content of arbitrary files.This `__screenshot-error` handler on the browser mode HTTP server responds any file on the file system. This code was added by commit `2d62051`. Users explicitly exposing the browser mode server to the network by `browser.api.host: true` may get any files exposed. This issue has been addressed in versions 2.1.9 and 3.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-04 | 5.9 | CVE-2025-24963 |
wazuh–wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | 4.6 | CVE-2024-47770 |
Webkul–QloApps | A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. They are aware about it and are working on resolving it. | 2025-02-06 | 4.3 | CVE-2025-1074 |
Welch Allyn–ELI 380 Resting Electrocardiograph | A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: Versions 2.2.0 and prior. | 2025-02-07 | 6.4 | CVE-2022-26388 |
Western Telematic Inc–Network Power Switch (NPS Series) | Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local file inclusion attack (LFI), where any authenticated user has privileged access to files on the device’s filesystem. | 2025-02-04 | 6.5 | CVE-2025-0630 |
WP All Import–WP All Export Pro | The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-02-07 | 6.8 | CVE-2024-7425 |
WP Spell Check–WP Spell Check | Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross Site Request Forgery. This issue affects WP Spell Check: from n/a through 9.21. | 2025-02-07 | 5.4 | CVE-2025-25111 |
WPDeveloper–NotificationX | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPDeveloper NotificationX allows Stored XSS. This issue affects NotificationX: from n/a through 2.9.5. | 2025-02-03 | 6.5 | CVE-2025-22683 |
Xerox–Versalink B400 | If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup. | 2025-02-03 | 6.7 | CVE-2024-12510 |
Xfinity Soft–Content Cloner | Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1. | 2025-02-03 | 4.3 | CVE-2025-22681 |
Zack Katz–Links in Captions | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Zack Katz Links in Captions allows Stored XSS. This issue affects Links in Captions: from n/a through 1.2. | 2025-02-07 | 6.5 | CVE-2025-25098 |
zackdesign–NextGen Cooliris Gallery | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in zackdesign NextGen Cooliris Gallery allows Stored XSS. This issue affects NextGen Cooliris Gallery: from n/a through 0.7. | 2025-02-07 | 6.5 | CVE-2025-25091 |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
---|---|---|---|---|
Bharti Airtel–Xstream Fiber | A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-02-06 | 3.1 | CVE-2025-1081 |
Cisco–Cisco Secure Email | A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker. | 2025-02-05 | 3.4 | CVE-2025-20185 |
curl–curl | When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance. | 2025-02-05 | 3.4 | CVE-2025-0167 |
dell — data_domain_operating_system | Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering. | 2025-02-04 | 3.7 | CVE-2025-22475 |
Dell–Update Manager Plugin | Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | 2025-02-07 | 2.6 | CVE-2025-22402 |
discourse–discourse | Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-04 | 3.1 | CVE-2025-22601 |
discourse–discourse | Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the “PM tags allowed for groups” option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. Users are advised to upgrade. Users unable to upgrade should remove all groups from the the “PM tags allowed for groups” option. | 2025-02-04 | 2.2 | CVE-2024-56197 |
F5–BIG-IP | An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN client for Windows, macOS and Linux. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-02-05 | 3.1 | CVE-2025-23415 |
GitLab–GitLab | An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages. | 2025-02-05 | 3.5 | CVE-2024-5528 |
google — android | In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056. | 2025-02-03 | 3.9 | CVE-2025-20643 |
Huawei–HarmonyOS | Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-02-06 | 2.8 | CVE-2024-57956 |
IBM–EntireX | IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | 2025-02-06 | 3.3 | CVE-2024-56467 |
IBM–Security Verify Access Appliance | IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | 2025-02-04 | 2.7 | CVE-2024-45658 |
laurent22–joplin | Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin’s HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `document` property (e.g. `querySelector`), that property is replaced with the element. This vulnerability’s only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has been addressed in version 3.2.8 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-07 | 3.3 | CVE-2024-55630 |
ManageEngine–Endpoint Central | ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. | 2025-02-05 | 3.5 | CVE-2024-9097 |
Mindskip–xzs-mysql | A vulnerability classified as problematic has been found in Mindskip xzs-mysql å¦ä¹‹æ€å¼€æºè€ƒè¯•ç³»ç»Ÿ 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-02-06 | 3.5 | CVE-2025-1082 |
Mindskip–xzs-mysql | A vulnerability classified as problematic was found in Mindskip xzs-mysql å¦ä¹‹æ€å¼€æºè€ƒè¯•ç³»ç»Ÿ 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-02-06 | 3.1 | CVE-2025-1083 |
n/a–newbee-mall | A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | 2025-02-07 | 3.5 | CVE-2025-1114 |
n/a–RT-Thread | A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_thread_create of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument arg[0] leads to information disclosure. An attack has to be approached locally. | 2025-02-08 | 3.3 | CVE-2025-1115 |
Samsung Mobile–Galaxy Store | Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard. | 2025-02-04 | 3.2 | CVE-2025-20895 |
vllm-project–vllm | vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python’s built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-07 | 2.6 | CVE-2025-25183 |
Zenvia–Movidesk | A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component. | 2025-02-03 | 3.5 | CVE-2025-0971 |
Zenvia–Movidesk | A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component. | 2025-02-03 | 3.5 | CVE-2025-0972 |
Zoom Communications, Inc–Zoom Jenkins Marketplace plugin | Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access. | 2025-02-03 | 2.6 | CVE-2025-0148 |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
---|---|---|---|---|
adamghill–django-unicorn | Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality `set_property_value`, which can be remotely triggered by users by crafting appropriate component requests and feeding in values of second and third parameter to the vulnerable function, leading to arbitrary changes to the python runtime status. With this finding at least five ways of vulnerability exploitation have been observed, stably resulting in Cross-Site Scripting (XSS), Denial of Service (DoS), and Authentication Bypass attacks in almost every Django-Unicorn-based application. This issue has been addressed in version 0.62.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | not yet calculated | CVE-2025-24370 |
Apache Software Foundation–Apache Kvrocks | A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn’t detect if “Host:” or “POST” appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained with SSRF. It is similiar to CVE-2016-10517 in Redis. This issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0. Users are recommended to upgrade to version 2.11.1, which fixes the issue. | 2025-02-07 | not yet calculated | CVE-2025-25069 |
cometbft–cometbft | CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send their `base` and `latest` heights when they connect to a new node (`A`), which is syncing to the tip of a network. `base` acts as a lower ground and informs `A` that the peer only has blocks starting from height `base`. `latest` height informs `A` about the latest block in a network. Normally, nodes would only report increasing heights. If `B` fails to provide the latest block, `B` is removed and the `latest` height (target height) is recalculated based on other nodes `latest` heights. The existing code however doesn’t check for the case where `B` first reports `latest` height `X` and immediately after height `Y`, where `X > Y`. `A` will be trying to catch up to 2000 indefinitely. This condition requires the introduction of malicious code in the full node first reporting some non-existing `latest` height, then reporting lower `latest` height and nodes which are syncing using `blocksync` protocol. This issue has been patched in versions 1.0.1 and 0.38.17 and all users are advised to upgrade. Operators may attempt to ban malicious peers from the network as a workaround. | 2025-02-03 | not yet calculated | CVE-2025-24371 |
DumbWareio–DumbDrop | DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely when the **Apprise Notification** enabled. This issue has been addressed in commit `4ff8469d` and all users are advised to patch. There are no known workarounds for this vulnerability. | 2025-02-04 | not yet calculated | CVE-2025-24971 |
Flexera–RISC Platform | An error related to the 2-factor authorization (2FA) on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed. | 2025-02-07 | not yet calculated | CVE-2021-41527 |
Flexera–RISC Platform | An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to access the import / export functionality with low privileges. | 2025-02-07 | not yet calculated | CVE-2021-41528 |
gaul–s3proxy | org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been addressed in version 2.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | not yet calculated | CVE-2025-24961 |
Go standard library–crypto/internal/nistec | Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols. | 2025-02-06 | not yet calculated | CVE-2025-22866 |
goauthentik–authentik | Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. This action could only be performed by an authenticated admin user. The issue was fixed in 2024.10.4 release. | 2025-02-04 | not yet calculated | CVE-2024-11623 |
Google Cloud–Application Integration | Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed. | 2025-02-06 | not yet calculated | CVE-2025-0982 |
google–zx | zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through `dotenv.stringify` are particularly vulnerable. This issue has been patched in version 8.3.2. Users should immediately upgrade to this version to mitigate the vulnerability. If upgrading is not feasible, users can mitigate the vulnerability by sanitizing user-controlled environment variable values before passing them to `dotenv.stringify`. Specifically, avoid using `”`, `’`, and backticks in values, or enforce strict validation of environment variables before usage. | 2025-02-03 | not yet calculated | CVE-2025-24959 |
HP Inc.–Certain HP LaserJet Pro Printers | Certain HP LaserJet Pro printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer via IPP (Internet Printing Protocol). | 2025-02-06 | not yet calculated | CVE-2025-1004 |
HP, Inc.–HP Anyware Linux Agent | A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability. | 2025-02-04 | not yet calculated | CVE-2025-1003 |
HP, Inc.–Poly Edge E | A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in Poly Edge E devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. | 2025-02-05 | not yet calculated | CVE-2025-0858 |
Humming Heads Inc.–Defense Platform Home Edition | Unprotected Windows messaging channel (‘Shatter’) issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be executed with SYSTEM privilege. | 2025-02-06 | not yet calculated | CVE-2025-20094 |
Humming Heads Inc.–Defense Platform Home Edition | Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained. | 2025-02-06 | not yet calculated | CVE-2025-22890 |
Humming Heads Inc.–Defense Platform Home Edition | Unprotected Windows messaging channel (‘Shatter’) issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a result, an arbitrary DLL may be executed with SYSTEM privilege. | 2025-02-06 | not yet calculated | CVE-2025-22894 |
Humming Heads Inc.–Defense Platform Home Edition | Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained. | 2025-02-06 | not yet calculated | CVE-2025-23236 |
Humming Heads Inc.–Defense Platform Home Edition | NULL pointer dereference vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system where the product is running, the system may cause a Blue Screen of Death (BSOD), and as a result, cause a denial-of-service (DoS) condition. | 2025-02-06 | not yet calculated | CVE-2025-24483 |
Humming Heads Inc.–Defense Platform Home Edition | Improper neutralization of argument delimiters in a command (‘Argument Injection’) issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system where the product is running, the system may cause a Blue Screen of Death (BSOD), and as a result, cause a denial-of-service (DoS) condition. | 2025-02-06 | not yet calculated | CVE-2025-24845 |
IBL Software Engineering–Visual Weather | A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled. A remote unauthenticated attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account-contrary to the documented installation best practices. Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher). | 2025-02-07 | not yet calculated | CVE-2025-1077 |
LabRedesCefetRJ–WeGIA | WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | not yet calculated | CVE-2025-24901 |
LabRedesCefetRJ–WeGIA | WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | not yet calculated | CVE-2025-24902 |
LabRedesCefetRJ–WeGIA | WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | not yet calculated | CVE-2025-24905 |
LabRedesCefetRJ–WeGIA | WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | not yet calculated | CVE-2025-24906 |
LabRedesCefetRJ–WeGIA | WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | not yet calculated | CVE-2025-24957 |
LabRedesCefetRJ–WeGIA | WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_tag.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | not yet calculated | CVE-2025-24958 |
Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don’t skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map (“1.2.3.4 : jump foo”) 2. timeouts are enabled In this case, following sequence is problematic: 1. element E in set S refers to chain C 2. userspace requests removal of set S 3. kernel does a set walk to decrement chain->use count for all elements from preparation phase 4. kernel does another set walk to remove elements from the commit phase (or another walk to do a chain->use increment for all elements from abort phase) If E has already expired in 1), it will be ignored during list walk, so its use count won’t have been changed. Then, when set is culled, ->destroy callback will zap the element via nf_tables_set_elem_destroy(), but this function is only safe for elements that have been deactivated earlier from the preparation phase: lack of earlier deactivate removes the element but leaks the chain use count, which results in a WARN splat when the chain gets removed later, plus a leak of the nft_chain structure. Update pipapo_get() not to skip expired elements, otherwise flush command reports bogus ENOENT errors. | 2025-02-05 | not yet calculated | CVE-2023-52924 |
Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don’t enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_affinity() irq_get_desc_lock() raw_spin_lock_irqsave() <— Disable interrupts its_irq_set_vcpu_affinity() guard(raw_spinlock_irq) <— Enables interrupts when leaving the guard() irq_put_desc_unlock() <— Warns because interrupts are enabled This was broken in commit b97e8a2f7130, which replaced the original raw_spin_[un]lock() pair with guard(raw_spinlock_irq). Fix the issue by using guard(raw_spinlock). [ tglx: Massaged change log ] | 2025-02-09 | not yet calculated | CVE-2024-57949 |
Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: gpio: xilinx: Convert gpio_lock to raw spinlock irq_chip functions may be called in raw spinlock context. Therefore, we must also use a raw spinlock for our own internal locking. This fixes the following lockdep splat: [ 5.349336] ============================= [ 5.353349] [ BUG: Invalid wait context ] [ 5.357361] 6.13.0-rc5+ #69 Tainted: G W [ 5.363031] —————————– [ 5.367045] kworker/u17:1/44 is trying to lock: [ 5.371587] ffffff88018b02c0 (&chip->gpio_lock){….}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8)) [ 5.380079] other info that might help us debug this: [ 5.385138] context-{5:5} [ 5.387762] 5 locks held by kworker/u17:1/44: [ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204) [ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205) [ 5.411528] #2: ffffff880172c900 (&dev->mutex){….}-{4:4}, at: __device_attach (drivers/base/dd.c:1006) [ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596) [ 5.428331] #4: ffffff88039c80c8 (lock_class#2){….}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614) [ 5.436472] stack backtrace: [ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69 [ 5.448690] Tainted: [W]=WARN [ 5.451656] Hardware name: xlnx,zynqmp (DT) [ 5.455845] Workqueue: events_unbound deferred_probe_work_func [ 5.461699] Call trace: [ 5.464147] show_stack+0x18/0x24 C [ 5.467821] dump_stack_lvl (lib/dump_stack.c:123) [ 5.471501] dump_stack (lib/dump_stack.c:130) [ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176) [ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814) [ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8)) [ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345) [ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250) [ 5.497645] irq_startup (kernel/irq/chip.c:270) [ 5.501143] __setup_irq (kernel/irq/manage.c:1807) [ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208) | 2025-02-09 | not yet calculated | CVE-2025-21684 |
Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open() before setting the client ops via serdev_device_set_client_ops(). This ordering can trigger a NULL pointer dereference in the serdev controller’s receive_buf handler, as it assumes serdev->ops is valid when SERPORT_ACTIVE is set. This is similar to the issue fixed in commit 5e700b384ec1 (“platform/chrome: cros_ec_uart: properly fix race condition”) where devm_serdev_device_open() was called before fully initializing the device. Fix the race by ensuring client ops are set before enabling the port via devm_serdev_device_open(). Note, serdev_device_set_baudrate() and serdev_device_set_flow_control() calls should be after the devm_serdev_device_open() call. | 2025-02-09 | not yet calculated | CVE-2025-21685 |
mitmproxy–mitmproxy | mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb’s proxy server (bound to `*:8080` by default) to access mitmweb’s internal API (bound to `127.0.0.1:8081` by default). In other words, while the cannot access the API directly, they can access the API through the proxy. An attacker may be able to escalate this SSRF-style access to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. This vulnerability has been fixed in mitmproxy 11.1.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-06 | not yet calculated | CVE-2025-23217 |
MobSF–Mobile-Security-Framework-MobSF | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple’s documentation for bundle ID’s, it must contain only alphanumeric characters (A-Z, a-z, and 0-9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `<key>CFBundleIdentifier</key>` value. The `dynamic_analysis.html` file does not sanitize the received bundle value from Corellium and as a result, it is possible to break the HTML context and achieve Stored XSS. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-05 | not yet calculated | CVE-2025-24803 |
MobSF–Mobile-Security-Framework-MobSF | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple’s documentation for bundle ID’s, it must contain only alphanumeric characters (A-Z, a-z, and 0-9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `<key>CFBundleIdentifier</key>` value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-05 | not yet calculated | CVE-2025-24804 |
MobSF–Mobile-Security-Framework-MobSF | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-05 | not yet calculated | CVE-2025-24805 |
n/a–n/a | Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply For This Job Form. | 2025-02-06 | not yet calculated | CVE-2020-36085 |
n/a–n/a | The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors. | 2025-02-06 | not yet calculated | CVE-2024-25883 |
n/a–n/a | NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. This vulnerability allows attackers to cause a Denial of Service (DoS) or potentially arbitrary code execution via a crafted POST request. | 2025-02-07 | not yet calculated | CVE-2024-35106 |
n/a–n/a | Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h is vulnerable to MITM attack. | 2025-02-06 | not yet calculated | CVE-2024-36553 |
n/a–n/a | Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the device which returns sensitive information. | 2025-02-06 | not yet calculated | CVE-2024-36554 |
n/a–n/a | Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allows malicious users to change the device IMEI-number which allows for forging the identity of the device. | 2025-02-06 | not yet calculated | CVE-2024-36555 |
n/a–n/a | Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b have a Hardcoded password vulnerability. | 2025-02-06 | not yet calculated | CVE-2024-36556 |
n/a–n/a | The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b. If a malicious user changes the IMEI to the IMEI of a unit they registered in the mobile app, it is possible to hijack the device and control it from the app. | 2025-02-06 | not yet calculated | CVE-2024-36557 |
n/a–n/a | Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. | 2025-02-07 | not yet calculated | CVE-2024-48091 |
n/a–n/a | Cross Site Scripting vulnerability in Gilnei Moraes phpABook v.0.9 allows a remote attacker to execute arbitrary code via the rol parameter in index.php | 2025-02-06 | not yet calculated | CVE-2024-48589 |
n/a–n/a | An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file. | 2025-02-07 | not yet calculated | CVE-2024-52881 |
n/a–n/a | An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions. | 2025-02-07 | not yet calculated | CVE-2024-52882 |
n/a–n/a | An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication. | 2025-02-07 | not yet calculated | CVE-2024-52883 |
n/a–n/a | An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords. | 2025-02-07 | not yet calculated | CVE-2024-52884 |
n/a–n/a | An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory. | 2025-02-06 | not yet calculated | CVE-2024-53586 |
n/a–n/a | An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device (with root-level permissions) via crafted input. | 2025-02-03 | not yet calculated | CVE-2024-53942 |
n/a–n/a | A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download. | 2025-02-06 | not yet calculated | CVE-2024-54909 |
n/a–n/a | Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function. | 2025-02-07 | not yet calculated | CVE-2024-55213 |
n/a–n/a | Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality. | 2025-02-07 | not yet calculated | CVE-2024-55214 |
n/a–n/a | An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component. | 2025-02-06 | not yet calculated | CVE-2024-55241 |
n/a–n/a | Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session. | 2025-02-03 | not yet calculated | CVE-2024-57004 |
n/a–n/a | Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the browser to execute injected JavaScript code. | 2025-02-03 | not yet calculated | CVE-2024-57237 |
n/a–n/a | Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter. | 2025-02-03 | not yet calculated | CVE-2024-57238 |
n/a–n/a | Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files. | 2025-02-07 | not yet calculated | CVE-2024-57248 |
n/a–n/a | Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials. | 2025-02-07 | not yet calculated | CVE-2024-57249 |
n/a–n/a | Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port. | 2025-02-06 | not yet calculated | CVE-2024-57392 |
n/a–n/a | NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads dependencies. This vulnerability arises due to the improper validation of dynamically loaded libraries. | 2025-02-06 | not yet calculated | CVE-2024-57426 |
n/a–n/a | An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive information and execute arbitrary code via the redirect_path parameter of the login redirection function. | 2025-02-06 | not yet calculated | CVE-2024-57609 |
n/a–n/a | An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components. | 2025-02-07 | not yet calculated | CVE-2024-57707 |
n/a–n/a | cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters (“\r\n”) when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more. | 2025-02-04 | not yet calculated | CVE-2025-0825 |
n/a–n/a | An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password generation algorithm in WiFi routers. | 2025-02-06 | not yet calculated | CVE-2025-22936 |
n/a–n/a | The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. | 2025-02-06 | not yet calculated | CVE-2025-23093 |
n/a–n/a | The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the same privilege level as the web access process. | 2025-02-06 | not yet calculated | CVE-2025-23094 |
nodejs–node | A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x. | 2025-02-07 | not yet calculated | CVE-2025-23085 |
OpenText–Content Management (Extended ECM) | Improper Validation of Specified Type of Input vulnerability in OpenTextâ„¢ Content Management (Extended ECM) allows Parameter Injection. A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. This issue affects Content Management (Extended ECM): from 10.0 through 24.4 with WebReports module installed and enabled. | 2025-02-04 | not yet calculated | CVE-2024-8125 |
Parallels–Desktop | Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Technical Data Reporter component. By creating a symbolic link, an attacker can abuse the service to change the permissions of arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-25014. | 2025-02-05 | not yet calculated | CVE-2025-0413 |
PHPOffice–PhpSpreadsheet | phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1.8, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | not yet calculated | CVE-2025-23210 |
pimcore–admin-ui-classic-bundle | pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via “Forgot password” function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-07 | not yet calculated | CVE-2025-24980 |
sfackler–rust-openssl | rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument’s buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer’s lifetime is shorter than the `client` buffer’s, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate`openssl` version 0.10.70 fixes the signature of `ssl::select_next_proto` to properly constrain the output buffer’s lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of `ssl::select_next_proto` in the callback passed to `SslContextBuilder::set_alpn_select_callback`, code is only affected if the `server` buffer is constructed *within* the callback. | 2025-02-03 | not yet calculated | CVE-2025-24898 |
SWIT–Activity Log WinterLock | Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted. | 2025-02-04 | not yet calculated | CVE-2025-24982 |
Trimble–Cityworks | Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server. | 2025-02-06 | not yet calculated | CVE-2025-0994 |
Veeam–Backup for AWS | A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate. | 2025-02-05 | not yet calculated | CVE-2025-23114 |
wpovernight–woocommerce-pdf-invoices-packing-slips | woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document link and 2. Replace the URL variable `my-account` with `bulk`. The issue occurs when: 1. The store’s document access is set to “guest.” and 2. The user is logged out. This vulnerability compromises the confidentiality of sensitive documents, affecting all stores using the plugin with the guest access option enabled. This issue has been addressed in version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-04 | not yet calculated | CVE-2025-24373 |
yogeshojha–rengine | reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-02-03 | not yet calculated | CVE-2025-24899 |
yogeshojha–rengine | reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user input and monitor the project for a new release. | 2025-02-03 | not yet calculated | CVE-2025-24962 |
yogeshojha–rengine | reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the “Add Target” functionality of the application, where the Target Organization and Target Description fields accept HTML payloads. The injected HTML is rendered and executed in the target area, potentially leading to malicious actions. Exploitation of HTML Injection can compromise the application’s integrity and user trust. Attackers can execute unauthorized actions, steal sensitive information, or trick users into performing harmful actions. The organization’s reputation, customer trust, and regulatory compliance could be negatively affected. This issue affects all versions up to and including 2.2.0. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds. | 2025-02-04 | not yet calculated | CVE-2025-24966 |
yogeshojha–rengine | reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel’s user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This vulnerability allows unauthorized script execution whenever the admin views or interacts with the affected user entry, posing a significant risk to sensitive admin functionalities. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds. | 2025-02-04 | not yet calculated | CVE-2025-24967 |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.