US-CERT Vulnerability Summary for the Week of January 6, 2025
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 5centsCDN–5centsCDN | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 5centsCDN 5centsCDN allows Reflected XSS.This issue affects 5centsCDN: from n/a through 24.8.16. | 2025-01-07 | 7.1 | CVE-2025-22326 |
| a3rev–Compare Products for WooCommerce | The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the ‘woo_compare_list’ cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2025-01-07 | 8.1 | CVE-2024-12313 |
| ABB–AC500 V3 | An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user. All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. | 2025-01-07 | 7 | CVE-2024-12430 |
| Abdul Hakeem–Build App Online | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23. | 2025-01-07 | 9.8 | CVE-2024-49649 |
| AllAccessible Team–Accessibility by AllAccessible | Incorrect Privilege Assignment vulnerability in AllAccessible Team Accessibility by AllAccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through 1.3.4. | 2025-01-07 | 8.8 | CVE-2024-49644 |
| Amento Tech Pvt ltd–WPGuppy | Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0. | 2025-01-07 | 9.8 | CVE-2024-49222 |
| Amento Tech Pvt ltd–WPGuppy | Incorrect Privilege Assignment vulnerability in Amento Tech Pvt ltd WPGuppy allows Privilege Escalation.This issue affects WPGuppy: from n/a through 1.1.0. | 2025-01-07 | 8.8 | CVE-2024-56280 |
| Andon Ivanov–OZ Canonical | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andon Ivanov OZ Canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through 0.5. | 2025-01-07 | 7.1 | CVE-2025-22324 |
| Apache Software Foundation–Apache Airflow Fab Provider | Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged users could continue to be logged in even after the password was changed. This only happened when the password was changed with CLI. The problem does not happen in case change was done with webserver thus this is different from CVE-2023-40273 https://github.com/advisories/GHSA-pm87-24wq-r8w9  which was addressed in Apache-Airflow 2.7.0 Users are recommended to upgrade to version 1.5.2, which fixes the issue. | 2025-01-08 | 8.1 | CVE-2024-45033 |
| Apache Software Foundation–Apache OpenMeetings | Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html  doesn’t specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant ‘openjpa.serialization.class.blacklist’ and ‘openjpa.serialization.class.whitelist’ configurations as shown in the documentation. | 2025-01-08 | 9.8 | CVE-2024-54676 |
| Apple–Smart Card Services | This issue is fixed in SCSSU-201801. A potential stack based buffer overflow existed in GemaltoKeyHandle.cpp. | 2025-01-08 | 9.8 | CVE-2018-4301 |
| Arista Networks–Arista Edge Threat Management | Backup uploads to ETM subject to man-in-the-middle interception | 2025-01-10 | 8.3 | CVE-2024-47519 |
| Arista Networks–Arista Edge Threat Management | The administrator is able to configure an insecure captive portal script | 2025-01-10 | 8.1 | CVE-2024-9132 |
| Arista Networks–Arista Edge Threat Management | Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. | 2025-01-10 | 8.3 | CVE-2024-9134 |
| Arista Networks–Arista Edge Threat Management | Specially constructed queries cause cross platform scripting leaking administrator tokens | 2025-01-10 | 8.8 | CVE-2024-9188 |
| Arista Networks–Arista Edge Threat Management | A user with advanced report application access rights can perform actions for which they are not authorized | 2025-01-10 | 7.6 | CVE-2024-47520 |
| Arista Networks–Arista Edge Threat Management | A user with administrator privileges can perform command injection | 2025-01-10 | 7.2 | CVE-2024-9131 |
| arrowplugins–Popup MailChimp, GetResponse and ActiveCampaign Intergrations | The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter of the ‘upc_delete_db_record’ AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-07 | 7.5 | CVE-2024-12157 |
| Atheos–Atheos | Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack vectors present in multiple PHP files. This vulnerability is fixed in v600. | 2025-01-10 | 9.1 | CVE-2025-22152 |
| Aviatrix–Controller | An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test. | 2025-01-08 | 10 | CVE-2024-50603 |
| Balcom-Vetillo Design, Inc.–BVD Easy Gallery Manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Balcom-Vetillo Design, Inc. BVD Easy Gallery Manager allows Reflected XSS.This issue affects BVD Easy Gallery Manager: from n/a through 1.0.6. | 2025-01-07 | 7.1 | CVE-2025-22353 |
| BannerSky.com–BSK Forms Blacklist | Cross-Site Request Forgery (CSRF) vulnerability in BannerSky.com BSK Forms Blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through 3.9. | 2025-01-07 | 8.2 | CVE-2025-22347 |
| beardev–JoomSport for Sports: Team & League, Football, Hockey & more | The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 7.1 | CVE-2024-12633 |
| Benjamin Santalucia ([email protected])–WPMU Prefill Post | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Benjamin Santalucia ([email protected]) WPMU Prefill Post allows SQL Injection.This issue affects WPMU Prefill Post: from n/a through 1.02. | 2025-01-07 | 7.6 | CVE-2025-22507 |
| bozdoz–Quote Tweet | Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet allows Stored XSS.This issue affects Quote Tweet: from n/a through 0.7. | 2025-01-07 | 7.1 | CVE-2025-22589 |
| Burria–Laika Pedigree Tree | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Burria Laika Pedigree Tree allows Stored XSS.This issue affects Laika Pedigree Tree: from n/a through 1.4. | 2025-01-07 | 7.1 | CVE-2025-22593 |
| chatwoot–chatwoot | Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of query_operator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by adding a tautological WHERE clause. This issue is patched with v3.16.0. | 2025-01-09 | 9.1 | CVE-2025-21628 |
| Classic Addons–Classic Addons WPBakery Page Builder | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Classic Addons Classic Addons – WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Classic Addons – WPBakery Page Builder: from n/a through 3.0. | 2025-01-07 | 7.5 | CVE-2024-56286 |
| ClickWhale–ClickWhale Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ClickWhale ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages allows Blind SQL Injection.This issue affects ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages: from n/a through 2.4.1. | 2025-01-07 | 8.5 | CVE-2024-51715 |
| code-projects–Admission Management System | A vulnerability was found in code-projects Admission Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php of the component Login. The manipulation of the argument u_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 7.3 | CVE-2025-0347 |
| code-projects–Cinema Seat Reservation System | A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/deleteBooking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 7.3 | CVE-2025-0340 |
| CodeAstrology Team–Product Table for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeAstrology Team Product Table for WooCommerce allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through 3.5.6. | 2025-01-09 | 7.1 | CVE-2025-22307 |
| CodeMShop– | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in CodeMShop ì›Œë“œí”„ë ˆìŠ¤ ê²°ì œ ì‹¬í”ŒíŽ˜ì´ allows PHP Local File Inclusion.This issue affects ì›Œë“œí”„ë ˆìŠ¤ ê²°ì œ 심플페ì´: from n/a through 5.2.0. | 2025-01-07 | 7.5 | CVE-2024-56281 |
| cozyvision1–SMS Alert Order Notifications WooCommerce | The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including, 3.7.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. Please note this requires the woocommerce-warranty plugin to be installed in order to be exploited. | 2025-01-07 | 8.8 | CVE-2024-11725 |
| crowdfavorite–CF Internal Link Shortcode | The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the ‘post_title’ parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-11 | 7.5 | CVE-2024-12404 |
| databasebackup–WP Database Backup Unlimited Database & Files Backup by Backup for WP | The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including all information stored in the database. | 2025-01-09 | 7.5 | CVE-2024-12330 |
| delabon–Live Sales Notification for Woocommerce Woomotiv | The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the ‘woomotiv_seen_products_.*’ cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-07 | 7.5 | CVE-2024-12416 |
| Dell–Dell Update Package (DUP) Framework | Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker. | 2025-01-07 | 8.2 | CVE-2025-22395 |
| Dell–Dell VxRail HCI | Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 2025-01-08 | 7.5 | CVE-2025-21102 |
| Dell–Dell VxRail HCI | Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 2025-01-08 | 7.5 | CVE-2025-21111 |
| Dennis Koot–wpSOL | Cross-Site Request Forgery (CSRF) vulnerability in Dennis Koot wpSOL allows Stored XSS.This issue affects wpSOL: from n/a through 1.2.0. | 2025-01-07 | 7.1 | CVE-2025-22343 |
| denoland–deno | Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno’sfetch() redirect handling creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain. This vulnerability is fixed in 2.1.2. | 2025-01-06 | 7.5 | CVE-2025-21620 |
| Designinvento–DirectoryPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19. | 2025-01-07 | 7.1 | CVE-2024-49633 |
| Drupal–Advanced PWA inc Push Notifications | Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0. | 2025-01-09 | 9.1 | CVE-2024-13253 |
| Drupal–Basic HTTP Authentication | Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4. | 2025-01-09 | 7.3 | CVE-2024-13291 |
| Drupal–Block permissions | Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0. | 2025-01-09 | 8.8 | CVE-2024-13282 |
| Drupal–Diff | Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0. | 2025-01-09 | 9.1 | CVE-2024-13278 |
| Drupal–Drupal REST & JSON API Authentication | Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13. | 2025-01-09 | 9.8 | CVE-2024-13258 |
| Drupal–Drupal Symfony Mailer Lite | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6. | 2025-01-09 | 8.8 | CVE-2024-13250 |
| Drupal–Email Contact | Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4. | 2025-01-09 | 7.5 | CVE-2024-13256 |
| Drupal–File Entity (fieldable files) | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39. | 2025-01-09 | 7.5 | CVE-2024-13276 |
| Drupal–Gutenberg | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5. | 2025-01-09 | 8.8 | CVE-2024-13284 |
| Drupal–Image Sizes | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2. | 2025-01-09 | 7.5 | CVE-2024-13259 |
| Drupal–Migrate queue importer | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1. | 2025-01-09 | 8.8 | CVE-2024-13260 |
| Drupal–Migrate Tools | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3. | 2025-01-09 | 8.8 | CVE-2024-13244 |
| Drupal–Monster Menus | Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. | 2025-01-09 | 9.1 | CVE-2024-13281 |
| Drupal–Open Social | Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5. | 2025-01-09 | 9.1 | CVE-2024-13241 |
| Drupal–Open Social | Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05. | 2025-01-09 | 7.5 | CVE-2024-13240 |
| Drupal–Opigno module | Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’) vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2. | 2025-01-09 | 9.8 | CVE-2024-13264 |
| Drupal–Persistent Login | Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0.* before 2.2.2. | 2025-01-09 | 9.8 | CVE-2024-13280 |
| Drupal–Registration role | Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1. | 2025-01-09 | 8.8 | CVE-2024-13251 |
| Drupal–REST Views | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1. | 2025-01-09 | 7.5 | CVE-2024-13254 |
| Drupal–RESTful Web Services | Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10. | 2025-01-09 | 7.5 | CVE-2024-13255 |
| Drupal–Smart IP Ban | Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1. | 2025-01-09 | 9.1 | CVE-2024-13277 |
| Drupal–Swift Mailer (abandoned) | Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*. | 2025-01-09 | 9.1 | CVE-2024-13242 |
| Drupal–Two-factor Authentication (TFA) | Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. | 2025-01-09 | 9.8 | CVE-2024-13239 |
| Drupal–Two-factor Authentication (TFA) | Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0. | 2025-01-09 | 9.8 | CVE-2024-13279 |
| Drupal–wkhtmltopdf | Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *.*. | 2025-01-09 | 9.8 | CVE-2024-13285 |
| Dylan James–Zephyr Admin Theme | Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Admin Theme allows Cross Site Request Forgery.This issue affects Zephyr Admin Theme: from n/a through 1.4.1. | 2025-01-09 | 7.1 | CVE-2025-22814 |
| eDoc Intelligence LLC–eDoc Easy Tables | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29. | 2025-01-07 | 8.5 | CVE-2025-22519 |
| eflyjason–Host PHP Info | The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the ‘phpinfo’ function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site’s server. The plugin does not need to be activated for the vulnerability to be exploited. | 2025-01-07 | 8.6 | CVE-2024-12535 |
| eherman24–Custom Product Tabs for WooCommerce | The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the ‘yikes_woo_products_tabs’ post meta parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2025-01-07 | 7.2 | CVE-2024-11465 |
| Elevio–Elevio | Cross-Site Request Forgery (CSRF) vulnerability in Elevio Elevio allows Stored XSS.This issue affects Elevio: from n/a through 4.4.1. | 2025-01-07 | 7.1 | CVE-2025-22328 |
| ELEXtensions–ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes allows Blind SQL Injection.This issue affects ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes: from n/a through 1.4.8. | 2025-01-07 | 7.6 | CVE-2025-22352 |
| Elicus–WPMozo Addons Lite for Elementor | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Elicus WPMozo Addons Lite for Elementor allows PHP Local File Inclusion.This issue affects WPMozo Addons Lite for Elementor: from n/a through 1.1.0. | 2025-01-07 | 7.5 | CVE-2024-56282 |
| eProsima–DDS | An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures. | 2025-01-09 | 8.2 | CVE-2023-24010 |
| exelban–stats | A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading to version 2.11.22 is able to address this issue. It is recommended to upgrade the affected component. | 2025-01-12 | 7.8 | CVE-2025-0396 |
| FastCGI–fcgi | FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. | 2025-01-10 | 9.3 | CVE-2025-23016 |
| Frank Koenen–ldap_login_password_and_role_manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Frank Koenen ldap_login_password_and_role_manager allows Stored XSS.This issue affects ldap_login_password_and_role_manager: from n/a through 1.0.12. | 2025-01-07 | 7.1 | CVE-2025-22548 |
| galdub–Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups | The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the capture_email AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2025-01-11 | 7.5 | CVE-2024-12627 |
| ggnomes–Garden Gnome Package | The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts ‘ggpkg’ files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-01-08 | 8.8 | CVE-2024-12854 |
| go-git–go-git | go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0. | 2025-01-06 | 9.8 | CVE-2025-21613 |
| go-git–go-git | go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability. | 2025-01-06 | 7.5 | CVE-2025-21614 |
| google — android | In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-08 | 7.8 | CVE-2023-35685 |
| Google–Chrome | Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 2025-01-08 | 8.3 | CVE-2025-0291 |
| Gravity Master–Custom Field For WP Job Manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gravity Master Custom Field For WP Job Manager allows Reflected XSS.This issue affects Custom Field For WP Job Manager: from n/a through 1.3. | 2025-01-07 | 7.1 | CVE-2025-22294 |
| Greg Whitehead–Norse Rune Oracle Plugin | Cross-Site Request Forgery (CSRF) vulnerability in Greg Whitehead Norse Rune Oracle Plugin allows Cross Site Request Forgery.This issue affects Norse Rune Oracle Plugin: from n/a through 1.4.1. | 2025-01-07 | 7.1 | CVE-2025-22556 |
| Grocy project–Grocy | The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370. | 2025-01-06 | 8.8 | CVE-2024-55074 |
| Grocy project–Grocy | Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator’s password. | 2025-01-06 | 8.1 | CVE-2024-55076 |
| Groundhogg Inc.–Groundhogg | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Groundhogg Inc. Groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through 3.7.3.3. | 2025-01-07 | 7.1 | CVE-2024-56289 |
| hccoder Sndor Fodor–Better User Shortcodes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in hccoder – Sándor Fodor Better User Shortcodes allows Reflected XSS.This issue affects Better User Shortcodes: from n/a through 1.0. | 2025-01-09 | 7.1 | CVE-2025-22594 |
| HCL Software–DRYiCE MyXalytics | HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content. | 2025-01-11 | 8.9 | CVE-2024-42168 |
| HCL Software–DRYiCE MyXalytics | HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data. | 2025-01-11 | 7.1 | CVE-2024-42169 |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networking 501 Wireless Client Bridge | Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system. | 2025-01-07 | 7.2 | CVE-2024-54006 |
| Hewlett Packard Enterprise (HPE)–HPE Aruba Networking 501 Wireless Client Bridge | Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system. | 2025-01-07 | 7.2 | CVE-2024-54007 |
| Hiren Patel–WP Music Player | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Hiren Patel WP Music Player allows SQL Injection.This issue affects WP Music Player: from n/a through 1.3. | 2025-01-07 | 7.6 | CVE-2025-22536 |
| Hometory–Mang Board WP | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hometory Mang Board WP allows Reflected XSS.This issue affects Mang Board WP: from n/a through 1.8.4. | 2025-01-07 | 7.1 | CVE-2024-56296 |
| Huawei–HarmonyOS | Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 7.5 | CVE-2024-56439 |
| Huawei–HarmonyOS | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 7.5 | CVE-2024-56444 |
| Huawei–HarmonyOS | Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 7.8 | CVE-2024-56447 |
| Huawei–HarmonyOS | Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 7.3 | CVE-2024-56451 |
| IBM–Controller | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation. | 2025-01-07 | 8.2 | CVE-2024-40702 |
| IBM–Engineering Requirements Management DOORS Next | IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | 2025-01-10 | 9.8 | CVE-2024-41787 |
| Instabot–Instabot | Cross-Site Request Forgery (CSRF) vulnerability in Instabot Instabot allows Cross Site Request Forgery.This issue affects Instabot: from n/a through 1.10. | 2025-01-07 | 7.1 | CVE-2025-22571 |
| Iocharger–Iocharger firmware for AC chargers | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701 Likelihood: Moderate – The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. | 2025-01-09 | 8.8 | CVE-2024-43652 |
| Iocharger–Iocharger firmware for AC models | The <redacted>.so library, which is used by <redacted>, is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the <redacted> action of the <redacted>.exe CGI binary or to the <redacted>.sh CGI script. This binary or script will write this file path to <redacted>, which is then read by <redacted>.so This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – An attacker will have to find this exploit by either obtaining the binaries involved in this vulnerability, or by trial and error. Furthermore, the attacker will need a (low privilege) account to gain access to the <redacted>.exe CGI binary or <redacted>.sh script to trigger the vulnerability, or convince a user with such access send an HTTP request that triggers it. Impact: High – The <redacted> process, which we assume is responsible for OCPP communication, will keep crashing after performing the exploit. This happens because the buffer overflow causes the process to segfault before <redacted> is removed. This means that, even though <redacted> is automatically restarted, it will crash again as soon as it tries to parse the text file. CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack leads to reducred availability of the device (VC:N/VI:N/VA:H). THere is not impact on subsequent systems. (SC:N/SI:N/SA:N). Alltough this device is an EV charger handing significant amounts of power, we do not forsee a safety impact. The attack can be automated (AU:Y). Because the DoS condition is written to disk persistantly, it cannot be recovered by the user (R:I). | 2025-01-09 | 9.8 | CVE-2024-43661 |
| Iocharger–Iocharger firmware for AC models | There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High – Given the prevalence of these buffer overflows, and the clear error message of the web server, an attacker is very likely to be able to find these vulnerabilities. Impact: Low – Usually, overflowing one of these buffers just causes a segmentation fault of the CGI binary, which causes the web server to return a 502 Bad Gateway error. However the webserver itself is not affected, and no DoS can be achieved. Abusing these buffer overflows in a meaningful way requires highly technical knowledge, especially since ASLR also seems to be enabled on the charging station. However, a skilled attacker might be able to use one of these buffer overflows to obtain remote code execution. CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack has a small impact on the availability of the device (VC:N/VI:N/VA:L). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, we do not expect this vulnerability to have a safety impact. The attack can be automated (AU:Y). | 2025-01-09 | 9.8 | CVE-2024-43663 |
| Iocharger–Iocharger firmware for AC models | Command injection in the <redacted> parameter of a <redacted>.exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). If is a full system compromise, potentially fully compromising confidentiality, integrity and availability of the devicer (VC:H/VI:H/VA:H). A compromised charger can be used to “pivot” onto networks that should otherwise be closed, cause a low confidentiality and interity impact on subsequent systems. (SC:L/SI:L/SA:H). Because this device is an EV charger handing significant amounts of power, we suspect this vulnerability can have a safety impact (S:P). The attack can be automated (AU:Y). | 2025-01-09 | 8.8 | CVE-2024-43648 |
| Iocharger–Iocharger firmware for AC models | Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification:Â This attack can be performed over any network conenction serving the web interfacr (AV:N), and there are not additional mitigating measures that need to be circumvented (AC:L) or other prerequisites (AT:N). The attack does require privileges, but the level does not matter (PR:L), there is no user interaction required (UI:N). The attack leeds to a full compromised of the charger (VC:H/VI:H/VA:H) and a compromised charger can be used to “pivot” to networks that should normally not be reachable (SC:L/SI:L/SA:H). Because this is an EV chargers with significant pwoer, there is a potential safety imp0act (S:P). THis attack can be automated (AU:Y). | 2025-01-09 | 8.8 | CVE-2024-43649 |
| Iocharger–Iocharger firmware for AC models | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | 2025-01-09 | 8.8 | CVE-2024-43653 |
| Iocharger–Iocharger firmware for AC models | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects all Iocharger AC EV charger models on a firmware version before 25010801. Likelihood: Moderate – The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | 2025-01-09 | 8.8 | CVE-2024-43654 |
| Iocharger–Iocharger firmware for AC models | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – It might be difficult for an attacker to identify the file structure of the <redated> directory, and then modify the backup to add a new CGI script in the correct directory. Furthermore, the attacker will need an account to restore the settings backup, or convince a user with such access to upload a modified backup file. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and deletefiles and services. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | 2025-01-09 | 8.8 | CVE-2024-43656 |
| Iocharger–Iocharger firmware for AC models | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: High. However, the attacker will need a (low privilege) account to gain access to the action.exe CGI binary and upload the crafted firmware file, or convince a user with such access to upload it. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and deletefiles and services. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | 2025-01-09 | 8.8 | CVE-2024-43657 |
| Iocharger–Iocharger firmware for AC models | After gaining access to the firmware of a charging station, a file at <redacted> can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers. This issue affects Iocharger firmware for AC models before firmware version 25010801. The issue is addressed by requiring a mandatory password change on first login, it is still recommended to change the password on older models. Likelihood: Moderate – The attacker will first have to abuse a code execution or file inclusion vulnerability (for example by using <redacted>.sh) to gain access to the <redacted>.json file, or obtain a firmware dump of the charging station or obtain the firmware via other channels. Impact: Critical – All chargers using Iocharger firmware for AC models started with the same initial password. For models with firmware version before 25010801 a password change was not mandatory. It is therefore very likely that this firmware password is still active on many chargers. These credentials could, once obtained, allow an attacker to log into many Iocharger charging station, and allow them to execute arbitrary commands via the System → Custom page. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, and requires high privileges (PR:H), there is no user interaction required (UI:N). The attack leads to a compromised of the confidentialy of the “super user” credentials of the device (VC:H/VI:N/VA:N), and can subsequently be used to full compromise and other devices (SC:H/SI:H/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | 2025-01-09 | 7.2 | CVE-2024-43659 |
| Iocharger–Iocharger firmware for AC models | The CGI script <redacted>.sh can be used to download any file on the filesystem. This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High, but credentials required. Impact: Critical – The script can be used to download any file on the filesystem, including sensitive files such as /etc/shadow, the CGI script source code or binaries and configuration files. CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The confidentiality of all files of the devicd can be compromised (VC:H/VI:N/VA:N). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, this attack in isolation does not have a safety impact. The attack can be automated (AU:Y). | 2025-01-09 | 7.5 | CVE-2024-43660 |
| Iqonic Design–WPBookit | The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. | 2025-01-09 | 9.8 | CVE-2024-10215 |
| IronTemplates–Croma Music | The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ‘ironMusic_ajax’ function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-01-07 | 8.8 | CVE-2024-12202 |
| Ivanti–Connect Secure | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | 2025-01-08 | 9 | CVE-2025-0282 |
| Ivanti–Connect Secure | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. | 2025-01-08 | 7 | CVE-2025-0283 |
| Jason Keeley, Bryan Nielsen–Affiliate Disclosure Statement | Cross-Site Request Forgery (CSRF) vulnerability in Jason Keeley, Bryan Nielsen Affiliate Disclosure Statement allows Cross Site Request Forgery.This issue affects Affiliate Disclosure Statement: from n/a through 0.3. | 2025-01-07 | 7.1 | CVE-2025-22552 |
| Jay Krishnan G–JK Html To Pdf | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jay Krishnan G JK Html To Pdf allows Stored XSS.This issue affects JK Html To Pdf: from n/a through 1.0.0. | 2025-01-07 | 7.1 | CVE-2025-22547 |
| Jens Trnell–WP Simple Sitemap | Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Simple Sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through 0.2. | 2025-01-07 | 7.1 | CVE-2025-22342 |
| Jonathan Kern–WPListCal | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jonathan Kern WPListCal allows SQL Injection.This issue affects WPListCal: from n/a through 1.3.5. | 2025-01-09 | 8.5 | CVE-2025-22535 |
| Joomla! Project–Joomla! CMS | Lack of output escaping in the id attribute of menu lists. | 2025-01-07 | 7.5 | CVE-2024-40748 |
| Joomla! Project–Joomla! CMS | Improper Access Controls allows access to protected views. | 2025-01-07 | 7.5 | CVE-2024-40749 |
| jumpdemand–4ECPS Web Forms | Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through 0.2.18. | 2025-01-09 | 10 | CVE-2025-22504 |
| Juniper Networks–Junos OS | An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved’s routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd. This issue affects: Junos OS: * from 21.2R3-S8 before 21.2R3-S9, * from 21.4R3-S7 before 21.4R3-S9, * from 22.2R3-S4 before 22.2R3-S5, * from 22.3R3-S2 before 22.3R3-S4, * from 22.4R3 before 22.4R3-S5, * from 23.2R2 before 23.2R2-S2, * from 23.4R1 before 23.4R2-S1, * from 24.2R1 before 24.2R1-S1, 24.2R2. Junos OS Evolved: * from 21.4R3-S7-EVO before 21.4R3-S9-EVO, * from 22.2R3-S4-EVO before 22.2R3-S5-EVO, * from 22.3R3-S2-EVO before 22.3R3-S4-EVO, * from 22.4R3-EVO before 22.4R3-S5-EVO, * from 23.2R2-EVO before 23.2R2-S2-EVO, * from 23.4R1-EVO before 23.4R2-S1-EVO, * from 24.2R1-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue requires a BGP session to be established. This issue can propagate and multiply through multiple ASes until reaching vulnerable devices. This issue affects iBGP and eBGP. This issue affects IPv4 and IPv6. An indicator of compromise may be the presence of malformed update messages in a neighboring AS which is unaffected by this issue: For example, by issuing the command on the neighboring device:  show log messages Reviewing for similar messages from devices within proximity to each other may indicate this malformed packet is propagating:  rpd[<pid>]: Received malformed update from <IP address> (External AS <AS#>) and  rpd[<pid>]: Malformed Attribute | 2025-01-09 | 7.5 | CVE-2025-21598 |
| Juniper Networks–Junos OS Evolved | A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service. Receipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and Denial of Service (DoS). Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained Denial of Service (DoS) condition. This issue only affects systems configured with IPv6. This issue affects Junos OS Evolved: * from 22.4-EVO before 22.4R3-S5-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-S2-EVO, * from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 22.4R1-EVO. | 2025-01-09 | 7.5 | CVE-2025-21599 |
| ka2–Custom DataBase Tables | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ka2 Custom DataBase Tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through 2.1.34. | 2025-01-09 | 7.1 | CVE-2025-22539 |
| KaiYuanTong–ECT Platform | A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handler. The manipulation of the argument code leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 7.3 | CVE-2025-0328 |
| kiKx–Kikx Simple Post Author Filter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in kiKx Kikx Simple Post Author Filter allows Reflected XSS.This issue affects Kikx Simple Post Author Filter: from n/a through 1.0. | 2025-01-07 | 7.1 | CVE-2025-22355 |
| kmfoysal06–SimpleCharm | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in kmfoysal06 SimpleCharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through 1.4.3. | 2025-01-07 | 7.1 | CVE-2024-56056 |
| Konrad Karpieszuk–WC Price History for Omnibus | Deserialization of Untrusted Data vulnerability in Konrad Karpieszuk WC Price History for Omnibus allows Object Injection.This issue affects WC Price History for Omnibus: from n/a through 2.1.4. | 2025-01-09 | 7.2 | CVE-2025-22510 |
| LabRedesCefetRJ–WeGIA | WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8. | 2025-01-10 | 8.3 | CVE-2025-22597 |
| LabRedesCefetRJ–WeGIA | WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8. | 2025-01-10 | 8.3 | CVE-2025-22598 |
| Lenderd–1003 Mortgage Application | Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through 1.87. | 2025-01-07 | 7.5 | CVE-2025-22592 |
| librdf–Raptor RDF Syntax Library | In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). | 2025-01-10 | 9.3 | CVE-2024-57823 |
| lich_wang–WP-tagMaker | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in lich_wang WP-tagMaker allows Reflected XSS.This issue affects WP-tagMaker: from n/a through 0.2.2. | 2025-01-07 | 7.1 | CVE-2025-22338 |
| linkid–linkID | The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the ‘phpinfo’ function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site’s server. The plugin does not need to be activated for the vulnerability to be exploited. | 2025-01-09 | 8.6 | CVE-2024-12542 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we have the tracepoint trace_btrfs_cow_block() enabled and preemption is also enabled (CONFIG_PREEMPT=y), we can trigger a use-after-free in the COWed extent buffer while inside the tracepoint code. This is because in some paths that call btrfs_cow_block(), such as btrfs_search_slot(), we are holding the last reference on the extent buffer @buf so btrfs_force_cow_block() drops the last reference on the @buf extent buffer when it calls free_extent_buffer_stale(buf), which schedules the release of the extent buffer with RCU. This means that if we are on a kernel with preemption, the current task may be preempted before calling trace_btrfs_cow_block() and the extent buffer already released by the time trace_btrfs_cow_block() is called, resulting in a use-after-free. Fix this by moving the trace_btrfs_cow_block() from btrfs_cow_block() to btrfs_force_cow_block() before the COWed extent buffer is freed. This also has a side effect of invoking the tracepoint in the tree defrag code, at defrag.c:btrfs_realloc_node(), since btrfs_force_cow_block() is called there, but this is fine and it was actually missing there. | 2025-01-06 | 7.8 | CVE-2024-56759 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: ublk: detach gendisk from ublk device if add_disk() fails Inside ublk_abort_requests(), gendisk is grabbed for aborting all inflight requests. And ublk_abort_requests() is called when exiting the uring context or handling timeout. If add_disk() fails, the gendisk may have been freed when calling ublk_abort_requests(), so use-after-free can be caused when getting disk’s reference in ublk_abort_requests(). Fixes the bug by detaching gendisk from ublk device if add_disk() fails. | 2025-01-06 | 7.8 | CVE-2024-56764 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when the paste address is mapped. This VMA address is used during migration to unmap the paste address if the window is active. The paste address mapping will be removed when the window is closed or with the munmap(). But the VMA address in the VAS window is not updated with munmap() which is causing invalid access during migration. The KASAN report shows: [16386.254991] BUG: KASAN: slab-use-after-free in reconfig_close_windows+0x1a0/0x4e8 [16386.255043] Read of size 8 at addr c00000014a819670 by task drmgr/696928 [16386.255096] CPU: 29 UID: 0 PID: 696928 Comm: drmgr Kdump: loaded Tainted: G B 6.11.0-rc5-nxgzip #2 [16386.255128] Tainted: [B]=BAD_PAGE [16386.255148] Hardware name: IBM,9080-HEX Power11 (architected) 0x820200 0xf000007 of:IBM,FW1110.00 (NH1110_016) hv:phyp pSeries [16386.255181] Call Trace: [16386.255202] [c00000016b297660] [c0000000018ad0ac] dump_stack_lvl+0x84/0xe8 (unreliable) [16386.255246] [c00000016b297690] [c0000000006e8a90] print_report+0x19c/0x764 [16386.255285] [c00000016b297760] [c0000000006e9490] kasan_report+0x128/0x1f8 [16386.255309] [c00000016b297880] [c0000000006eb5c8] __asan_load8+0xac/0xe0 [16386.255326] [c00000016b2978a0] [c00000000013f898] reconfig_close_windows+0x1a0/0x4e8 [16386.255343] [c00000016b297990] [c000000000140e58] vas_migration_handler+0x3a4/0x3fc [16386.255368] [c00000016b297a90] [c000000000128848] pseries_migrate_partition+0x4c/0x4c4 … [16386.256136] Allocated by task 696554 on cpu 31 at 16377.277618s: [16386.256149] kasan_save_stack+0x34/0x68 [16386.256163] kasan_save_track+0x34/0x80 [16386.256175] kasan_save_alloc_info+0x58/0x74 [16386.256196] __kasan_slab_alloc+0xb8/0xdc [16386.256209] kmem_cache_alloc_noprof+0x200/0x3d0 [16386.256225] vm_area_alloc+0x44/0x150 [16386.256245] mmap_region+0x214/0x10c4 [16386.256265] do_mmap+0x5fc/0x750 [16386.256277] vm_mmap_pgoff+0x14c/0x24c [16386.256292] ksys_mmap_pgoff+0x20c/0x348 [16386.256303] sys_mmap+0xd0/0x160 … [16386.256350] Freed by task 0 on cpu 31 at 16386.204848s: [16386.256363] kasan_save_stack+0x34/0x68 [16386.256374] kasan_save_track+0x34/0x80 [16386.256384] kasan_save_free_info+0x64/0x10c [16386.256396] __kasan_slab_free+0x120/0x204 [16386.256415] kmem_cache_free+0x128/0x450 [16386.256428] vm_area_free_rcu_cb+0xa8/0xd8 [16386.256441] rcu_do_batch+0x2c8/0xcf0 [16386.256458] rcu_core+0x378/0x3c4 [16386.256473] handle_softirqs+0x20c/0x60c [16386.256495] do_softirq_own_stack+0x6c/0x88 [16386.256509] do_softirq_own_stack+0x58/0x88 [16386.256521] __irq_exit_rcu+0x1a4/0x20c [16386.256533] irq_exit+0x20/0x38 [16386.256544] interrupt_async_exit_prepare.constprop.0+0x18/0x2c … [16386.256717] Last potentially related work creation: [16386.256729] kasan_save_stack+0x34/0x68 [16386.256741] __kasan_record_aux_stack+0xcc/0x12c [16386.256753] __call_rcu_common.constprop.0+0x94/0xd04 [16386.256766] vm_area_free+0x28/0x3c [16386.256778] remove_vma+0xf4/0x114 [16386.256797] do_vmi_align_munmap.constprop.0+0x684/0x870 [16386.256811] __vm_munmap+0xe0/0x1f8 [16386.256821] sys_munmap+0x54/0x6c [16386.256830] system_call_exception+0x1a0/0x4a0 [16386.256841] system_call_vectored_common+0x15c/0x2ec [16386.256868] The buggy address belongs to the object at c00000014a819670 which belongs to the cache vm_area_struct of size 168 [16386.256887] The buggy address is located 0 bytes inside of freed 168-byte region [c00000014a819670, c00000014a819718) [16386.256915] The buggy address belongs to the physical page: [16386.256928] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a81 [16386.256950] memcg:c0000000ba430001 [16386.256961] anon flags: 0x43ffff800000000(node=4|zone=0|lastcpupid=0x7ffff) [16386.256975] page_type: 0xfdffffff(slab) [16386 —truncated— | 2025-01-06 | 7.8 | CVE-2024-56765 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The “user” pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user) will lead to a double free. | 2025-01-06 | 7.8 | CVE-2024-56766 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: kunit: string-stream: Fix a UAF bug in kunit_init_suite() In kunit_debugfs_create_suite(), if alloc_string_stream() fails in the kunit_suite_for_each_test_case() loop, the “suite->log = stream” has assigned before, and the error path only free the suite->log’s stream memory but not set it to NULL, so the later string_stream_clear() of suite->log in kunit_init_suite() will cause below UAF bug. Set stream pointer to NULL after free to fix it. Unable to handle kernel paging request at virtual address 006440150000030d Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [006440150000030d] address between user and kernel address ranges Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: iio_test_gts industrialio_gts_helper cfg80211 rfkill ipv6 [last unloaded: iio_test_gts] CPU: 5 UID: 0 PID: 6253 Comm: modprobe Tainted: G B W N 6.12.0-rc4+ #458 Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST Hardware name: linux,dummy-virt (DT) pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=–) pc : string_stream_clear+0x54/0x1ac lr : string_stream_clear+0x1a8/0x1ac sp : ffffffc080b47410 x29: ffffffc080b47410 x28: 006440550000030d x27: ffffff80c96b5e98 x26: ffffff80c96b5e80 x25: ffffffe461b3f6c0 x24: 0000000000000003 x23: ffffff80c96b5e88 x22: 1ffffff019cdf4fc x21: dfffffc000000000 x20: ffffff80ce6fa7e0 x19: 032202a80000186d x18: 0000000000001840 x17: 0000000000000000 x16: 0000000000000000 x15: ffffffe45c355cb4 x14: ffffffe45c35589c x13: ffffffe45c03da78 x12: ffffffb810168e75 x11: 1ffffff810168e74 x10: ffffffb810168e74 x9 : dfffffc000000000 x8 : 0000000000000004 x7 : 0000000000000003 x6 : 0000000000000001 x5 : ffffffc080b473a0 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000001 x1 : ffffffe462fbf620 x0 : dfffffc000000000 Call trace: string_stream_clear+0x54/0x1ac __kunit_test_suites_init+0x108/0x1d8 kunit_exec_run_tests+0xb8/0x100 kunit_module_notify+0x400/0x55c notifier_call_chain+0xfc/0x3b4 blocking_notifier_call_chain+0x68/0x9c do_init_module+0x24c/0x5c8 load_module+0x4acc/0x4e90 init_module_from_file+0xd4/0x128 idempotent_init_module+0x2d4/0x57c __arm64_sys_finit_module+0xac/0x100 invoke_syscall+0x6c/0x258 el0_svc_common.constprop.0+0x160/0x22c do_el0_svc+0x44/0x5c el0_svc+0x48/0xb8 el0t_64_sync_handler+0x13c/0x158 el0t_64_sync+0x190/0x194 Code: f9400753 d2dff800 f2fbffe0 d343fe7c (38e06b80) —[ end trace 0000000000000000 ]— Kernel panic – not syncing: Oops: Fatal exception | 2025-01-08 | 7.8 | CVE-2024-56772 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why] The mechanism to backup and restore plane states doesn’t maintain refcount, which can cause issues if the refcount of the plane changes in between backup and restore operations, such as memory leaks if the refcount was supposed to go down, or double frees / invalid memory accesses if the refcount was supposed to go up. [How] Cache and re-apply current refcount when restoring plane states. | 2025-01-08 | 7.8 | CVE-2024-56775 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory corruption. Adding checks to ensure that array index stays in bound. | 2025-01-08 | 7.8 | CVE-2024-56784 |
| MacWarrior–clipbucket-v5 | ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 – 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area. This vulnerability is fixed in 5.5.1 – 239. | 2025-01-07 | 9.8 | CVE-2025-21624 |
| MacWarrior–clipbucket-v5 | ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatar_url as a filepath within the avatars subdirectory. If the URL path exists within the avatars directory, ClipBucket will delete it. There is no check for path traversal sequences in the provided user input (stored in the DB as avatar_url) therefore the final $file variable could be tainted with path traversal sequences. This leads to file deletion outside of the intended scope of the avatars folder. This vulnerability is fixed in 5.5.1 – 237. | 2025-01-07 | 7.5 | CVE-2025-21622 |
| MacWarrior–clipbucket-v5 | ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 – 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service. | 2025-01-07 | 7.5 | CVE-2025-21623 |
| Mahesh Waghmare–MG Parallax Slider | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mahesh Waghmare MG Parallax Slider allows Reflected XSS.This issue affects MG Parallax Slider: from n/a through 1.0.. | 2025-01-09 | 7.1 | CVE-2025-22330 |
| Marcon Simone–Wp advertising management | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Marcon Simone Wp advertising management allows Reflected XSS.This issue affects Wp advertising management: from n/a through 1.0.3. | 2025-01-07 | 7.1 | CVE-2025-22358 |
| Mario Mansour and Geoff Peters–TubePress.NET | Cross-Site Request Forgery (CSRF) vulnerability in Mario Mansour and Geoff Peters TubePress.NET allows Cross Site Request Forgery.This issue affects TubePress.NET: from n/a through 4.0.1. | 2025-01-07 | 7.1 | CVE-2025-22559 |
| Md. Rajib Dewan–Opencart Product in WP | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Md. Rajib Dewan Opencart Product in WP allows Reflected XSS.This issue affects Opencart Product in WP: from n/a through 1.0.1. | 2025-01-07 | 7.1 | CVE-2025-22335 |
| mdshuvo–Post Grid Master Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder | The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the ‘locate_template’ function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The file included must have a .php extension. | 2025-01-09 | 9.8 | CVE-2024-11642 |
| MediaTek, Inc.–MT2735, MT2737, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6880T, MT6880U, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8863 | In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01231341 / MOLY01263331 / MOLY01233835; Issue ID: MSV-2165. | 2025-01-06 | 7.5 | CVE-2024-20149 |
| MediaTek, Inc.–MT2735, MT2737, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6880T, MT6880U, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8863 | In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018. | 2025-01-06 | 7.5 | CVE-2024-20150 |
| MediaTek, Inc.–MT2735, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6880T, MT6880U, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8797, MT8798 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392. | 2025-01-06 | 8.1 | CVE-2024-20154 |
| MediaTek, Inc.–MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8365, MT8518S, MT8532, MT8666, MT8667, MT8673, MT8755, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8796, MT8798, MT8893 | In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835. | 2025-01-06 | 8.1 | CVE-2024-20146 |
| MediaTek, Inc.–MT2737, MT6989, MT6991, MT7925, MT8365, MT8518S, MT8532, MT8666, MT8667, MT8673, MT8676, MT8678, MT8755, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8796, MT8798, MT8893 | In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08990446 / ALPS09057442; Issue ID: MSV-1598. | 2025-01-06 | 7.5 | CVE-2024-20153 |
| MediaTek, Inc.–MT3603, MT6835, MT6878, MT6886, MT6897, MT7902, MT7920, MT7922, MT8518S, MT8532, MT8766, MT8768, MT8775, MT8796, MT8798 | In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796. | 2025-01-06 | 9.8 | CVE-2024-20148 |
| Microsoft–Marketplace SaaS | Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | 2025-01-09 | 8.8 | CVE-2025-21380 |
| Microsoft–Microsoft Purview | A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network. | 2025-01-09 | 8.8 | CVE-2025-21385 |
| Mindvalley–MindValley Super PageMash | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mindvalley MindValley Super PageMash allows SQL Injection.This issue affects MindValley Super PageMash: from n/a through 1.1. | 2025-01-07 | 7.6 | CVE-2025-22502 |
| mmrs151–Prayer Times Anywhere | Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Times Anywhere allows Stored XSS.This issue affects Prayer Times Anywhere: from n/a through 2.0.1. | 2025-01-07 | 7.1 | CVE-2025-22590 |
| mulika–MIPL WC Multisite Sync Synchronize WC Products, Orders, Customers & Coupons across multiple sites | The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the ‘mipl_wc_sync_download_log’ action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-01-07 | 7.5 | CVE-2024-12152 |
| Minjun Kim–NAVER Analytics | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in (Minjun Kim) NAVER Analytics allows Stored XSS.This issue affects NAVER Analytics: from n/a through 0.9. | 2025-01-07 | 7.1 | CVE-2024-51700 |
| n/a–n/a | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server. | 2025-01-07 | 9.8 | CVE-2022-41572 |
| n/a–n/a | An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution. | 2025-01-07 | 9.8 | CVE-2022-41573 |
| n/a–n/a | An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT_AUTHORITY\SYSTEM. | 2025-01-09 | 9.8 | CVE-2023-28354 |
| n/a–n/a | An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 allows attackers to perform arbitrary file reading under the privileges of the running process, make SSRF requests, or cause a Denial of Service (DoS) via unspecified vectors. | 2025-01-07 | 9.1 | CVE-2024-35532 |
| n/a–n/a | An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion. | 2025-01-06 | 9.8 | CVE-2024-46622 |
| n/a–n/a | Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file | 2025-01-07 | 9.8 | CVE-2024-50658 |
| n/a–n/a | File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality | 2025-01-07 | 9.8 | CVE-2024-50660 |
| n/a–n/a | I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php | 2025-01-07 | 9.1 | CVE-2024-54819 |
| n/a–n/a | SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely. | 2025-01-06 | 9.1 | CVE-2024-54879 |
| n/a–n/a | SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk. | 2025-01-06 | 9.1 | CVE-2024-54880 |
| n/a–n/a | An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message. | 2025-01-09 | 9.6 | CVE-2024-55224 |
| n/a–n/a | An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request. | 2025-01-09 | 9.8 | CVE-2024-55225 |
| n/a–n/a | A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. | 2025-01-07 | 9.8 | CVE-2024-55414 |
| n/a–n/a | Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template. | 2025-01-06 | 9.8 | CVE-2024-55529 |
| n/a–n/a | A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this vulnerability relies on an attacker obtaining Laravel’s secret APP_KEY, which would allow them to decrypt and manipulate session cookies (laravel_session) containing serialized data. By altering this data and re-encrypting it with the APP_KEY, the attacker could trigger arbitrary deserialization on the server, potentially leading to remote command execution (RCE). The vulnerability is primarily exploited by accessing an exposed cookie and manipulating it using the secret key to gain malicious access to the server. | 2025-01-07 | 9.8 | CVE-2024-55556 |
| n/a–n/a | A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the “pagetitle” parameter. | 2025-01-10 | 9.8 | CVE-2024-57686 |
| n/a–n/a | An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the “Cookie” GET request parameter. | 2025-01-10 | 9.8 | CVE-2024-57687 |
| n/a–n/a | An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell. | 2025-01-06 | 8.4 | CVE-2021-27285 |
| n/a–n/a | An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution. | 2025-01-07 | 8.8 | CVE-2022-45185 |
| n/a–n/a | An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database. | 2025-01-07 | 8.1 | CVE-2022-45186 |
| n/a–n/a | A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user’s session if multiple connection attempts occur simultaneously. | 2025-01-09 | 8 | CVE-2023-1907 |
| n/a–n/a | Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function. | 2025-01-09 | 8.8 | CVE-2024-51229 |
| n/a–n/a | Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file. | 2025-01-08 | 8.8 | CVE-2024-51442 |
| n/a–n/a | An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file. | 2025-01-07 | 8.8 | CVE-2024-53345 |
| n/a–n/a | SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list. | 2025-01-08 | 8.8 | CVE-2024-54818 |
| n/a–n/a | An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. | 2025-01-07 | 8.8 | CVE-2024-55411 |
| n/a–n/a | An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries, allowing SQL injection in an authenticated session. | 2025-01-08 | 8.8 | CVE-2024-55517 |
| n/a–n/a | Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product’s repository, that have default APP_KEY values. The route/{hash} route defined in the invoiceninja/routes/client.php file can be accessed without authentication. The parameter {hash} is passed to the function decrypt that expects a Laravel ciphered value containing a serialized object. (Furthermore, Laravel contains several gadget chains usable to trigger remote command execution from arbitrary deserialization.) Therefore, an attacker in possession of the APP_KEY is able to fully control a string passed to an unserialize function. | 2025-01-07 | 8.8 | CVE-2024-55555 |
| n/a–n/a | A flaw was found in FFmpeg’s DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs. | 2025-01-06 | 7.2 | CVE-2023-6605 |
| n/a–n/a | Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute | 2025-01-07 | 7.9 | CVE-2024-40427 |
| n/a–n/a | An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration. | 2025-01-07 | 7.5 | CVE-2024-46242 |
| n/a–n/a | In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege. | 2025-01-09 | 7.8 | CVE-2024-46464 |
| n/a–n/a | Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow. | 2025-01-07 | 7.5 | CVE-2024-46601 |
| n/a–n/a | An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload. | 2025-01-07 | 7.5 | CVE-2024-46602 |
| n/a–n/a | An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload. | 2025-01-07 | 7.5 | CVE-2024-46603 |
| n/a–n/a | Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include “Booking ID”, “Action Name”, and “Payment Confirmation ID”, which are present in /newvehicle.php and /newdriver.php. | 2025-01-07 | 7.2 | CVE-2024-48245 |
| n/a–n/a | An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the parameter password at the change admin password page at the router web interface. | 2025-01-06 | 7.5 | CVE-2024-48456 |
| n/a–n/a | An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the endpoint /cgi-bin/skk_set.cgi and binary /bin/scripts/start_wifi.sh | 2025-01-06 | 7.5 | CVE-2024-48457 |
| n/a–n/a | Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information. | 2025-01-07 | 7.5 | CVE-2024-53522 |
| n/a–n/a | The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.frovis.androidbase.call.DialerActivity component. | 2025-01-06 | 7.7 | CVE-2024-53934 |
| n/a–n/a | An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. | 2025-01-06 | 7.5 | CVE-2024-54767 |
| n/a–n/a | JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the attacker can trigger the account lockout mechanism on the account level, effectively locking the user out indefinitely. Since the lockout is applied to the user account and not based on the IP address, any attacker can trigger the lockout on any user account, regardless of their privileges. | 2025-01-07 | 7.5 | CVE-2024-55008 |
| n/a–n/a | An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests. | 2025-01-06 | 7.8 | CVE-2024-55407 |
| n/a–n/a | An issue in the 690b33e1-0462-4e84-9bea-c7552b45432a.sys component of Asus GPU Tweak II Program Driver v1.0.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. | 2025-01-07 | 7.8 | CVE-2024-55410 |
| n/a–n/a | A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 – 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. | 2025-01-07 | 7.8 | CVE-2024-55412 |
| n/a–n/a | A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 – 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. | 2025-01-07 | 7.8 | CVE-2024-55413 |
| n/a–n/a | In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket’s buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Affected Versions: FRRouting <6.0. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3. | 2025-01-06 | 7.5 | CVE-2024-55553 |
| Nabaraj Chapagain–NC Wishlist for Woocommerce | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nabaraj Chapagain NC Wishlist for Woocommerce allows SQL Injection.This issue affects NC Wishlist for Woocommerce: from n/a through 1.0.1. | 2025-01-09 | 8.5 | CVE-2025-22505 |
| NETGEAR–DGN1000 | NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild since at least 2017. | 2025-01-10 | 9.8 | CVE-2024-12847 |
| nickboss–WordPress File Upload | The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the ‘wfu_file_downloader.php’ file. This is due to lack of proper sanitization of the ‘source’ parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server. | 2025-01-08 | 9.8 | CVE-2024-11613 |
| nickboss–WordPress File Upload | The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the ‘wfu_ABSPATH’ cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server. | 2025-01-08 | 9.8 | CVE-2024-11635 |
| nickboss–WordPress File Upload | The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory. | 2025-01-08 | 7.5 | CVE-2024-9939 |
| Nik Chankov–Autocompleter | Cross-Site Request Forgery (CSRF) vulnerability in Nik Chankov Autocompleter allows Stored XSS.This issue affects Autocompleter: from n/a through 1.3.5.2. | 2025-01-07 | 7.1 | CVE-2025-22325 |
| nilsonLazarin–WeGIA | WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, which can then be executed by the server. This vulnerability is fixed in 3.2.8. | 2025-01-07 | 9.9 | CVE-2025-22133 |
| nilsonLazarin–WeGIA | WeGIA is a web manager for charitable institutions. A Cross-Site Scripting (XSS) vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute arbitrary scripts in the context of a victim’s browser. This can lead to information theft, session hijacking, and other forms of client-side exploitation. This vulnerability is fixed in 3.2.7. | 2025-01-07 | 8.3 | CVE-2025-22132 |
| Noel Jarencio.–Smoothness Slider Shortcode | Cross-Site Request Forgery (CSRF) vulnerability in Noel Jarencio. Smoothness Slider Shortcode allows Cross Site Request Forgery.This issue affects Smoothness Slider Shortcode: from n/a through v1.2.2. | 2025-01-07 | 7.1 | CVE-2025-22555 |
| Ofek Nakar–Virtual Bot | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ofek Nakar Virtual Bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through 1.0.0. | 2025-01-09 | 9.3 | CVE-2025-22542 |
| Ofek Nakar–Virtual Bot | Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot allows Stored XSS.This issue affects Virtual Bot: from n/a through 1.0.0. | 2025-01-07 | 7.1 | CVE-2025-22538 |
| OISF–suricata | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8. | 2025-01-06 | 7.5 | CVE-2024-55605 |
| OISF–suricata | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8. | 2025-01-06 | 7.5 | CVE-2024-55628 |
| OISF–suricata | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications at the TCP endpoints, leading to possible evasions. Suricata 7.0.8 includes options to allow users to configure how to handle TCP urgent data. In IPS mode, you can use a rule such as drop tcp any any -> any any (sid:1; tcp.flags:U*;) to drop all the packets with urgent flag set. | 2025-01-06 | 7.5 | CVE-2024-55629 |
| OpenDDS–DDS | An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures. | 2025-01-09 | 8.2 | CVE-2023-24012 |
| OpenHarmony–OpenHarmony | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write. | 2025-01-07 | 8.8 | CVE-2024-47398 |
| Opentracker–Opentracker Analytics | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Opentracker Opentracker Analytics allows Reflected XSS.This issue affects Opentracker Analytics: from n/a through 1.3. | 2025-01-09 | 7.1 | CVE-2025-22361 |
| OpenVPN–OpenVPN | OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins. | 2025-01-06 | 9.1 | CVE-2024-5594 |
| OpenVPN–OpenVPN Connect | OpenVPN Connect before version 3.5.0 can contain the configuration profile’s clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic | 2025-01-06 | 7.5 | CVE-2024-8474 |
| OTWthemes–Widgetize Pages Light | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through 3.0. | 2025-01-09 | 7.1 | CVE-2025-22313 |
| Owen Cutajar & Hyder Jaffari–WordPress Auction Plugin | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7. | 2025-01-07 | 7.6 | CVE-2025-22349 |
| P3JX–Cf7Save Extension | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in P3JX Cf7Save Extension allows Reflected XSS.This issue affects Cf7Save Extension: from n/a through 1. | 2025-01-09 | 7.1 | CVE-2025-22331 |
| payuplugin–PayU CommercePro Plugin | The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user’s identity prior to setting the users ID and auth cookies. This makes it possible for unauthenticated attackers to create new administrative user accounts. | 2025-01-07 | 9.8 | CVE-2024-12264 |
| Pektsekye–Notify Odoo | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pektsekye Notify Odoo allows Stored XSS.This issue affects Notify Odoo: from n/a through 1.0.0. | 2025-01-07 | 7.1 | CVE-2024-56299 |
| PenguinArts–Contact Form 7 Database CFDB7 | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in PenguinArts Contact Form 7 Database – CFDB7 allows SQL Injection.This issue affects Contact Form 7 Database – CFDB7: from n/a through 1.0.0. | 2025-01-07 | 7.6 | CVE-2025-22351 |
| PJFC–SyncFields | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PJFC SyncFields allows Reflected XSS.This issue affects SyncFields: from n/a through 2.1. | 2025-01-07 | 7.1 | CVE-2025-22359 |
| plainware.com–Locatoraid Store Locator | Deserialization of Untrusted Data vulnerability in plainware.com Locatoraid Store Locator allows Object Injection.This issue affects Locatoraid Store Locator: from n/a through 3.9.50. | 2025-01-07 | 8.1 | CVE-2024-56283 |
| plainware.com–PlainInventory | Deserialization of Untrusted Data vulnerability in plainware.com PlainInventory allows Object Injection.This issue affects PlainInventory: from n/a through 3.1.6. | 2025-01-07 | 8.1 | CVE-2024-56291 |
| postsaint–Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator | The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. | 2025-01-07 | 8.8 | CVE-2024-12471 |
| ProductDyno–ProductDyno | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ProductDyno ProductDyno allows Reflected XSS.This issue affects ProductDyno: from n/a through 1.0.24. | 2025-01-07 | 7.1 | CVE-2025-22320 |
| Progress Software Corporation–Sitefinity | Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | 2025-01-07 | 8.4 | CVE-2024-11626 |
| Progress Software Corporation–Sitefinity | Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | 2025-01-07 | 7.7 | CVE-2024-11625 |
| qualcomm — fastconnect_6700_firmware | Memory corruption while processing IPA statistics, when there are no active clients registered. | 2025-01-06 | 8.4 | CVE-2024-21464 |
| Qualcomm, Inc.–Snapdragon | Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image. | 2025-01-06 | 8.4 | CVE-2024-45555 |
| Qualcomm, Inc.–Snapdragon | Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. | 2025-01-06 | 7.5 | CVE-2024-43064 |
| Qualcomm, Inc.–Snapdragon | Memory corruption when IOCTL call is invoked from user-space to read board data. | 2025-01-06 | 7.8 | CVE-2024-45541 |
| Qualcomm, Inc.–Snapdragon | Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | 2025-01-06 | 7.8 | CVE-2024-45542 |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space. | 2025-01-06 | 7.8 | CVE-2024-45546 |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality. | 2025-01-06 | 7.8 | CVE-2024-45547 |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call. | 2025-01-06 | 7.8 | CVE-2024-45548 |
| Qualcomm, Inc.–Snapdragon | Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls. | 2025-01-06 | 7.8 | CVE-2024-45550 |
| Qualcomm, Inc.–Snapdragon | Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. | 2025-01-06 | 7.8 | CVE-2024-45553 |
| Qualcomm, Inc.–Snapdragon | Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. | 2025-01-06 | 7.5 | CVE-2024-45558 |
| Red Hat–Red Hat Enterprise Linux 6 | A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. | 2025-01-09 | 7.4 | CVE-2025-0306 |
| redis–redis | Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. | 2025-01-06 | 7 | CVE-2024-46981 |
| RedisBloom–RedisBloom | RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to allocate memory in the heap lesser than the required memory due to wraparound. Then read and write can be performed beyond this allocated memory, leading to info leak and OOB write. The integer overflow is in CMS.INITBYDIM command, which initialize a Count-Min Sketch to dimensions specified by user. It accepts two values (width and depth) and uses them to allocate memory in NewCMSketch(). This vulnerability is fixed in 2.2.19, 2.4.12, 2.6.14, and 2.8.2. | 2025-01-08 | 8.8 | CVE-2024-55656 |
| RediSearch–RediSearch | RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments. | 2025-01-08 | 7 | CVE-2024-51737 |
| RedisTimeSeries–RedisTimeSeries | RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3. | 2025-01-08 | 7 | CVE-2024-51480 |
| REVE–Antivirus | A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 7.8 | CVE-2024-13206 |
| Rezgo–Rezgo | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through 4.15. | 2025-01-07 | 8.1 | CVE-2024-53800 |
| Roninwp–FAT Event Lite | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through 1.1. | 2025-01-09 | 8.1 | CVE-2025-22508 |
| Roya Khosravi–SingSong | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Roya Khosravi SingSong allows Stored XSS.This issue affects SingSong: from n/a through 1.2. | 2025-01-07 | 7.1 | CVE-2025-22522 |
| RTO GmbH–DynamicTags | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in RTO GmbH DynamicTags allows Blind SQL Injection.This issue affects DynamicTags: from n/a through 1.4.0. | 2025-01-07 | 8.5 | CVE-2025-22348 |
| Scott Farrell–wp Hosting Performance Check | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Scott Farrell wp Hosting Performance Check allows Reflected XSS.This issue affects wp Hosting Performance Check: from n/a through 2.18.8. | 2025-01-09 | 7.1 | CVE-2025-22521 |
| Scott Nell–Uptime Robot | Cross-Site Request Forgery (CSRF) vulnerability in Scott Nellé Uptime Robot allows Stored XSS.This issue affects Uptime Robot: from n/a through 0.1.3. | 2025-01-07 | 7.1 | CVE-2025-22582 |
| scriptsbundle–AdForest | The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user’s identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account. | 2025-01-08 | 9.8 | CVE-2024-11350 |
| Sebastian Orellana–Emailing Subscription | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sebastian Orellana Emailing Subscription allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through 1.4.1. | 2025-01-09 | 9.3 | CVE-2025-22540 |
| seobeginner–SEO LAT Auto Post | The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution. | 2025-01-07 | 9.8 | CVE-2024-12252 |
| Service Shogun–Ach Invoice App | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Service Shogun Ach Invoice App allows PHP Local File Inclusion.This issue affects Ach Invoice App: from n/a through 1.0.1. | 2025-01-07 | 7.5 | CVE-2025-22364 |
| silabs.com–WiSeConnect SDK | In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If watchdog is not implemented, device can be recovered only after a hard reset | 2025-01-07 | 7.5 | CVE-2024-8361 |
| silverplugins217–Multiple Shipping And Billing Address For Woocommerce | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection.This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.2. | 2025-01-07 | 9.3 | CVE-2024-56290 |
| Simple Plugins–Target Notifications | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Simple Plugins Target Notifications allows Reflected XSS.This issue affects Target Notifications: from n/a through 1.1.1. | 2025-01-07 | 7.1 | CVE-2025-22357 |
| Smackcoders–WP Ultimate Exporter | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Smackcoders WP Ultimate Exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through 2.9.1. | 2025-01-07 | 9.1 | CVE-2024-56278 |
| SMSA Express–SMSA Shipping | Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue affects SMSA Shipping: from n/a through 2.3. | 2025-01-07 | 8.6 | CVE-2024-49249 |
| sonalsinha21–SKT Page Builder | The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the ‘addLibraryByArchive’ function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. | 2025-01-09 | 8.8 | CVE-2024-12848 |
| SonicWall–SonicOS | SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name. | 2025-01-09 | 9.1 | CVE-2024-12802 |
| SonicWall–SonicOS | A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. | 2025-01-09 | 9.8 | CVE-2024-12803 |
| SonicWall–SonicOS | A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. | 2025-01-09 | 9.8 | CVE-2024-12805 |
| SonicWall–SonicOS | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass. | 2025-01-09 | 9.8 | CVE-2024-40762 |
| SonicWall–SonicOS | An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | 2025-01-09 | 9.8 | CVE-2024-40765 |
| SonicWall–SonicOS | An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | 2025-01-09 | 9.8 | CVE-2024-53704 |
| SonicWall–SonicOS | A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file. | 2025-01-09 | 7.5 | CVE-2024-12806 |
| SonicWall–SonicOS | A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall. | 2025-01-09 | 7.5 | CVE-2024-53705 |
| SonicWall–SonicOS | A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. | 2025-01-09 | 7.8 | CVE-2024-53706 |
| SSL Wireless–SSL Wireless SMS Notification | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in SSL Wireless SSL Wireless SMS Notification allows SQL Injection.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0. | 2025-01-07 | 9.3 | CVE-2024-56284 |
| StarCitizenTools–mediawiki-extensions-TabberNeue | TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn’t escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2. | 2025-01-06 | 8.6 | CVE-2025-21612 |
| stonith404–pingvin-share | Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0. | 2025-01-08 | 9.8 | CVE-2025-22137 |
| StylemixThemes–Cost Calculator Builder PRO | The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-08 | 7.5 | CVE-2024-11939 |
| Tenda–AC6 | A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-09 | 8.8 | CVE-2025-0349 |
| tgstation–tgstation-server | tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR’d instead of AND’ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions regardless of their permissions. Notably, the WriteUsers right is unaffected so users may not use this bug to permanently elevate their account permissions. The fix is release in tgstation-server-v6.12.3. | 2025-01-06 | 8.8 | CVE-2025-21611 |
| ThemeGlow–JobBoard Job listing | Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through 1.2.6. | 2025-01-07 | 10 | CVE-2024-43243 |
| themesawesome–School Management System SakolaWP | The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user. | 2025-01-07 | 9.8 | CVE-2024-12470 |
| themescoder–Themes Coder Create Android & iOS Apps For Your Woocommerce Site | The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user’s identity prior to updating their password through the update_user_profile() function. This makes it possible for unauthenticated attackers to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account. | 2025-01-07 | 9.8 | CVE-2024-12402 |
| theperfectwedding–ThePerfectWedding.nl Widget | The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the ‘update_option’ function. This makes it possible for unauthenticated attackers to update the ‘tpwKey’ option with stored cross-site scripting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 8.8 | CVE-2024-12322 |
| Tobias Spiess–TS Comfort DB | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tobias Spiess TS Comfort DB allows Reflected XSS.This issue affects TS Comfort DB: from n/a through 2.0.7. | 2025-01-09 | 7.1 | CVE-2025-22345 |
| Tock–Tock Widget | Cross-Site Request Forgery (CSRF) vulnerability in Tock Tock Widget allows Cross Site Request Forgery.This issue affects Tock Widget: from n/a through 1.1. | 2025-01-07 | 7.1 | CVE-2025-22520 |
| traveller11–Google Maps Travel Route | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in traveller11 Google Maps Travel Route allows SQL Injection.This issue affects Google Maps Travel Route: from n/a through 1.3.1. | 2025-01-09 | 8.5 | CVE-2025-22537 |
| Tripetto–WordPress form builder plugin for contact forms, surveys and quizzes Tripetto | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto: from n/a through 8.0.5. | 2025-01-09 | 7.1 | CVE-2025-22295 |
| Unknown–WordPress Auction Plugin | The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks | 2025-01-07 | 9.8 | CVE-2024-8855 |
| vivo–Health | The health module has insufficient restrictions on loading URLs, which may lead to some information leakage. | 2025-01-08 | 7.5 | CVE-2024-13173 |
| vivo–MinigameCenter | The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | 2025-01-08 | 7.5 | CVE-2024-13185 |
| vivo–MinigameCenter | The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | 2025-01-08 | 7.5 | CVE-2024-13186 |
| wander-chu–SpringBoot-Blog | A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 7.3 | CVE-2024-13200 |
| webdevmattcrom–GiveWP Donation Plugin and Fundraising Platform | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like ‘firstName’. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server that makes remote code execution possible. Please note this was only partially patched in 3.19.3, a fully sufficient patch was not released until 3.19.4. However, another CVE was assigned by another CNA for version 3.19.3 so we will leave this as affecting 3.19.2 and before. We have recommended the vendor use JSON encoding to prevent any further deserialization vulnerabilities from being present. | 2025-01-11 | 9.8 | CVE-2024-12877 |
| WOOEXIM.COM–WOOEXIM | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WOOEXIM.COM WOOEXIM allows SQL Injection.This issue affects WOOEXIM: from n/a through 5.0.0. | 2025-01-07 | 7.6 | CVE-2025-22533 |
| WordPress –Wizhi Multi Filters by Wenprise | Cross-Site Request Forgery (CSRF) vulnerability in WordPress 智库 Wizhi Multi Filters by Wenprise allows Stored XSS.This issue affects Wizhi Multi Filters by Wenprise: from n/a through 1.8.6. | 2025-01-07 | 7.1 | CVE-2025-22336 |
| WP Swings–Gift Cards for WooCommerce Pro | The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything. | 2025-01-08 | 7.5 | CVE-2024-11423 |
| wpchill–Modula Image Gallery | The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-01-08 | 8.8 | CVE-2024-12853 |
| wpextended–The Ultimate WordPress Toolkit WP Extended | The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the ‘wpext_handle_snippet_update’ function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet. | 2025-01-08 | 8.8 | CVE-2024-11816 |
| wpextended–The Ultimate WordPress Toolkit WP Extended | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to import and activate arbitrary code snippets along with | 2025-01-08 | 7.4 | CVE-2024-11916 |
| wpguruin–Error Log Viewer By WP Guru | The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-01-07 | 7.5 | CVE-2024-12849 |
| WpIndeed–Ultimate Learning Pro | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9. | 2025-01-07 | 7.6 | CVE-2025-22350 |
| WPMagic–News Publisher Autopilot | Cross-Site Request Forgery (CSRF) vulnerability in WPMagic News Publisher Autopilot allows Cross Site Request Forgery.This issue affects News Publisher Autopilot: from n/a through 2.1.4. | 2025-01-07 | 7.1 | CVE-2025-22557 |
| WPSpins–Post/Page Copying Tool | Insertion of Sensitive Information Into Sent Data vulnerability in WPSpins Post/Page Copying Tool allows Retrieve Embedded Sensitive Data.This issue affects Post/Page Copying Tool: from n/a through 2.0.0. | 2025-01-07 | 7.5 | CVE-2024-56300 |
| wpwebinarsystem–WordPress Webinar Plugin WebinarPress | The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the ‘sync-import-imgs’ function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution. | 2025-01-08 | 8.8 | CVE-2024-11270 |
| wpwebinarsystem–WordPress Webinar Plugin WebinarPress | The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify webinars. | 2025-01-08 | 8.8 | CVE-2024-11271 |
| Yamna Khawaja–Mailing Group Listserv | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Yamna Khawaja Mailing Group Listserv allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through 2.0.9. | 2025-01-09 | 7.6 | CVE-2025-22527 |
| Yamna Khawaja–Mailing Group Listserv | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Yamna Khawaja Mailing Group Listserv allows Reflected XSS.This issue affects Mailing Group Listserv: from n/a through 2.0.9. | 2025-01-09 | 7.1 | CVE-2025-22595 |
| zauberzeug–nicegui | NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1. | 2025-01-06 | 7.5 | CVE-2025-21618 |
| ZeroWdd–myblog | A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-08 | 7.3 | CVE-2024-13189 |
| ZettaScale–DDS | An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures. | 2025-01-09 | 8.2 | CVE-2023-24011 |
Medium Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1clickdesigns–ClickDesigns | The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘clickdesigns_add_api’ and the ‘clickdesigns_remove_api’ functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to modify or remove the plugin’s API key. | 2025-01-07 | 5.3 | CVE-2024-12559 |
| 3dvieweronline–3DVieweronline | The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘3Dvo-model’ shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12514 |
| 4wpbari–Qr Code and Barcode Scanner Reader | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 4wpbari Qr Code and Barcode Scanner Reader allows Stored XSS.This issue affects Qr Code and Barcode Scanner Reader: from n/a through 1.0.0. | 2025-01-09 | 6.5 | CVE-2025-22819 |
| 5 Star Plugins–Pretty Simple Popup Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.9. | 2025-01-07 | 5.9 | CVE-2024-56298 |
| a3rev–Compare Products for WooCommerce | The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s_feature’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12435 |
| AazzTech–WP Cookie | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AazzTech WP Cookie allows Stored XSS.This issue affects WP Cookie: from n/a through 1.0.0. | 2025-01-07 | 5.9 | CVE-2025-22578 |
| ABB–AC500 V3 | An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. | 2025-01-07 | 4.3 | CVE-2024-12429 |
| add-ons.org–Email Templates Customizer for WordPress Drag And Drop Email Templates Builder YeeMail | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in add-ons.org Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail allows Stored XSS.This issue affects Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail: from n/a through 2.1.4. | 2025-01-09 | 6.5 | CVE-2025-22802 |
| AddFunc–AddFunc Mobile Detect | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AddFunc AddFunc Mobile Detect allows Stored XSS.This issue affects AddFunc Mobile Detect: from n/a through 3.1. | 2025-01-07 | 6.5 | CVE-2025-22550 |
| AIpost–AI WP Writer | Cross-Site Request Forgery (CSRF) vulnerability in AIpost AI WP Writer allows Cross Site Request Forgery.This issue affects AI WP Writer: from n/a through 3.8.4.4. | 2025-01-07 | 4.3 | CVE-2025-22297 |
| aiwp–Elementor Addons AI Addons 70 Widgets, Premium Templates, Ultimate Elements | The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft templates that they should not have access to. | 2025-01-07 | 4.3 | CVE-2024-12140 |
| akshay-menariya–Export Import Menus | The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings. | 2025-01-07 | 5.3 | CVE-2024-10866 |
| alanperfectportal–Perfect Portal Widgets | The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘perfect_portal_intake_form’ shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-12527 |
| Ali Ali–Alpha Price Table For Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ali Ali Alpha Price Table For Elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through 1.0.8. | 2025-01-07 | 6.5 | CVE-2025-22500 |
| amitrotem–Deliver via Shipos for WooCommerce | The Deliver via Shipos for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dvsfw_bulk_label_url’ parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-12222 |
| andersyogo–YOGO Booking | The YOGO Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘yogo-calendar’ shortcode in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12462 |
| appizy–App Embed | The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘appizy’ shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11749 |
| Arefly–WP Header Notification | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Arefly WP Header Notification allows Stored XSS.This issue affects WP Header Notification: from n/a through 1.2.7. | 2025-01-07 | 5.9 | CVE-2025-22579 |
| Arista Networks–Arista Edge Threat Management | Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access | 2025-01-10 | 6.8 | CVE-2024-47517 |
| Arista Networks–Arista Edge Threat Management | Specially constructed queries targeting ETM could discover active remote access sessions | 2025-01-10 | 6.4 | CVE-2024-47518 |
| Arista Networks–Arista Edge Threat Management | A user with administrator privileges is able to retrieve authentication tokens | 2025-01-10 | 6.6 | CVE-2024-9133 |
| Arista Networks–CloudVision Appliance | On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them | 2025-01-10 | 4.6 | CVE-2024-7142 |
| Arista Networks–EOS | On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc. | 2025-01-10 | 6.5 | CVE-2024-5872 |
| Arista Networks–EOS | On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well. | 2025-01-10 | 4.3 | CVE-2024-7095 |
| Arista Networks–EOS-Policy Based Routing (PBR) | On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy — certain IP traffic such as IPv4 packets with IP options may bypass the feature’s set nexthop action and be slow-path forwarded (FIB routed) by the kernel as the packets are trapped to the CPU instead of following the redirect action’s destination. | 2025-01-10 | 5.8 | CVE-2024-6437 |
| arrowplugins–Popup MailChimp, GetResponse and ActiveCampaign Intergrations | The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘upc_delete_db_data’ AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to delete the DB data for the plugin. | 2025-01-07 | 5.3 | CVE-2024-12158 |
| arsdeveloper–ARS Affiliate Page Plugin | The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘utm_keyword’ parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12098 |
| artbees–Jupiter X Core | The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates. | 2025-01-07 | 5.3 | CVE-2024-12316 |
| artbees–Jupiter X Core | The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries | 2025-01-07 | 4.3 | CVE-2024-12033 |
| aThemeArt–Store Commerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in aThemeArt Store Commerce allows DOM-Based XSS.This issue affects Store Commerce: from n/a through 1.2.3. | 2025-01-07 | 6.5 | CVE-2025-22339 |
| Axis Communications AB–AXIS Camera Station Pro | Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2025-01-07 | 6.3 | CVE-2024-7696 |
| bailuk–AAT | AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device. | 2025-01-06 | 5.5 | CVE-2025-21615 |
| bandido–Woo Ukrposhta | The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘order’, ‘post’, and ‘idd’ parameters in all versions up to, and including, 1.17.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12049 |
| bdthemes–Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes parameter of the Cookie Consent Widget in all versions up to, and including, 5.10.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-12851 |
| Beautiful Templates–ST Gallery WP | Missing Authorization vulnerability in Beautiful Templates ST Gallery WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through 1.0.8. | 2025-01-07 | 5.4 | CVE-2025-22543 |
| Ben Huson–List Pages at Depth | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ben Huson List Pages at Depth allows Stored XSS.This issue affects List Pages at Depth: from n/a through 1.5. | 2025-01-07 | 6.5 | CVE-2025-22517 |
| bestwpdeveloper–BWD Elementor Addons (2500+ presets, Meet The Team, Lottie, Lord Icon, Masking, Woocommerce, Theme Builder, Products, Blogs, CV, Contact Form 7 Styler, Header, Slider, Hero Section) | The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | 2025-01-07 | 4.3 | CVE-2024-12532 |
| bharatkambariya–Donation Block For PayPal | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bharatkambariya Donation Block For PayPal allows Stored XSS.This issue affects Donation Block For PayPal: from n/a through 2.2.0. | 2025-01-07 | 6.5 | CVE-2025-22525 |
| Biltorvet A/S–Biltorvet Dealer Tools | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Biltorvet A/S Biltorvet Dealer Tools allows Stored XSS.This issue affects Biltorvet Dealer Tools: from n/a through 1.0.22. | 2025-01-07 | 6.5 | CVE-2025-22580 |
| binsaifullah–Duplicate Post, Page and Any Custom Post | The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the ‘dpp_duplicate_as_draft’ function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. | 2025-01-07 | 4.3 | CVE-2024-12538 |
| Bishawjit Das–wp custom countdown | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bishawjit Das wp custom countdown allows Stored XSS.This issue affects wp custom countdown: from n/a through 2.8. | 2025-01-09 | 6.5 | CVE-2025-22822 |
| bitlydeveloper–Bitly’s WordPress Plugin | The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and retrieve plugin settings. | 2025-01-09 | 4.3 | CVE-2024-12616 |
| bizappventures–Bizapp for WooCommerce | The Bizapp for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘error’ parameter in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11378 |
| biztechc–WP jQuery DataTable | The WP jQuery DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wp_jdt’ shortcode in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12499 |
| biztechc–WP jQuery DataTable | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in biztechc WP jQuery DataTable allows Stored XSS.This issue affects WP jQuery DataTable: from n/a through 4.0.1. | 2025-01-07 | 6.5 | CVE-2024-56287 |
| blueberryacc–Files Download Delay | The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘fddwrap’ shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12493 |
| bPlugins LLC–Button Block | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins LLC Button Block allows Stored XSS.This issue affects Button Block: from n/a through 1.1.6. | 2025-01-09 | 6.5 | CVE-2025-22815 |
| bqworks–Accordion Slider Lite | The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘accordion_slider’ shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-11892 |
| bqworks–Grid Accordion Lite | The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘grid_accordion’ shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-11874 |
| bqworks–Slider Pro Lite | The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sliderpro’ shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11899 |
| Brainstorm Force–Astra Widgets | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.15. | 2025-01-07 | 6.5 | CVE-2024-56274 |
| brainstormforce–SureForms Drag and Drop Form Builder for WordPress | The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to. | 2025-01-08 | 5.3 | CVE-2024-12713 |
| brandtoss–WP Mailster | Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0. | 2025-01-07 | 5.3 | CVE-2025-22303 |
| brianmiyaji–Legacy ePlayer | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in brianmiyaji Legacy ePlayer allows Stored XSS.This issue affects Legacy ePlayer: from n/a through 0.9.9. | 2025-01-07 | 6.5 | CVE-2025-22572 |
| britner–Gutenberg Blocks with AI by Kadence WP Page Builder Features | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-12304 |
| brownoxford–Member Access | The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2025-01-07 | 5.3 | CVE-2024-11290 |
| Bytephp–Arcade Ready | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bytephp Arcade Ready allows Stored XSS.This issue affects Arcade Ready: from n/a through 1.1. | 2025-01-07 | 6.5 | CVE-2025-22581 |
| calculatorscanadaca–CC Canadian Mortgage Calculator | The CC Canadian Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘cc-mortgage-canada’ shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11383 |
| CampCodes–Computer Laboratory Management System | A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2025-0341 |
| candifly–Candifly | The Candifly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘candifly’ shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12440 |
| CBB Team–Content Blocks Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CBB Team Content Blocks Builder allows Stored XSS.This issue affects Content Blocks Builder: from n/a through 2.7.6. | 2025-01-09 | 6.5 | CVE-2025-22810 |
| ChatBot for WordPress – WPBot–Conversational Forms for ChatBot | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ChatBot for WordPress – WPBot Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.4.2. | 2025-01-09 | 6.5 | CVE-2025-22813 |
| chative–Chative Live chat and Chatbot | The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it possible for unauthenticated attackers to change the channel ID or organization ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This could lead to redirecting the live chat widget to an attacker-controlled channel. | 2025-01-07 | 5.4 | CVE-2024-12541 |
| chatroll–Chatroll Live Chat | The Chatroll Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘chatroll’ shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12464 |
| Cisco–Cisco Common Services Platform Collector Software | A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2025-01-08 | 5.4 | CVE-2025-20166 |
| Cisco–Cisco Common Services Platform Collector Software | A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2025-01-08 | 5.4 | CVE-2025-20167 |
| Cisco–Cisco Common Services Platform Collector Software | A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2025-01-08 | 5.4 | CVE-2025-20168 |
| Cisco–Cisco Crosswork Network Change Automation | Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by inserting malicious data into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. | 2025-01-08 | 4.8 | CVE-2025-20123 |
| Cisco–Cisco ThousandEyes Endpoint Agent | A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client. | 2025-01-08 | 4.8 | CVE-2025-20126 |
| cluevo–CLUEVO LMS, E-Learning Platform | The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.13.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-11328 |
| Code Themes–Digi Store | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4. | 2025-01-07 | 6.5 | CVE-2025-22354 |
| code-projects–Content Management System | A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/publishnews.php of the component Publish News Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 4.7 | CVE-2025-0346 |
| code-projects–Online Bike Rental System | A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component Change Image Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. | 2025-01-09 | 6.3 | CVE-2025-0335 |
| code-projects–Online Book Shop | A vulnerability was found in code-projects Online Book Shop 1.0. It has been classified as critical. This affects an unknown part of the file /booklist.php. The manipulation of the argument subcatid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 6.3 | CVE-2025-0296 |
| code-projects–Online Book Shop | A vulnerability was found in code-projects Online Book Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 6.3 | CVE-2025-0297 |
| code-projects–Online Book Shop | A vulnerability was found in code-projects Online Book Shop 1.0. It has been rated as critical. This issue affects some unknown processing of the file /process_login.php. The manipulation of the argument usernm leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 6.3 | CVE-2025-0298 |
| code-projects–Online Book Shop | A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Affected is an unknown function of the file /search_result.php. The manipulation of the argument s leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 6.3 | CVE-2025-0299 |
| code-projects–Online Book Shop | A vulnerability classified as critical was found in code-projects Online Book Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /subcat.php. The manipulation of the argument cat leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 6.3 | CVE-2025-0300 |
| codepopular–Unlimited Theme Addon For Elementor and WooCommerce | The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the ‘uta-template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2025-01-11 | 4.3 | CVE-2024-12116 |
| Codezips–Project Management System | A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/teacher.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2025-0336 |
| Coherent Graphics–CPDF | cpdf through 2.8 allows stack consumption via a crafted PDF document. | 2025-01-08 | 4 | CVE-2024-54731 |
| commonninja–Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites | The Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘commonninja’ shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11382 |
| copist–Icons Enricher | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in copist Icons Enricher allows Stored XSS.This issue affects Icons Enricher: from n/a through 1.0.8. | 2025-01-07 | 6.5 | CVE-2025-22573 |
| covertcommunication–Solar Wizard Lite | The Solar Wizard Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘solar_wizard’ shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11764 |
| cssimmon–Backup and Restore WordPress Backup Plugin | The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This makes it possible for unauthenticated attackers to trigger backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 4.3 | CVE-2024-12208 |
| CubeWP–CubeWP Forms All-in-One Form Builder | Missing Authorization vulnerability in CubeWP CubeWP Forms – All-in-One Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms – All-in-One Form Builder: from n/a through 1.1.5. | 2025-01-07 | 5.3 | CVE-2024-51651 |
| Damion Armentrout–Able Player | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Damion Armentrout Able Player allows DOM-Based XSS.This issue affects Able Player: from n/a through 1.0. | 2025-01-07 | 6.5 | CVE-2025-22577 |
| Daniel Walmsley–VR Views | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Daniel Walmsley VR Views allows Stored XSS.This issue affects VR Views: from n/a through 1.5.1. | 2025-01-09 | 6.5 | CVE-2025-22820 |
| daniel1088–PIXNET Plugin | The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gtm’ and ‘venue’ parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11338 |
| dearhive–Dear Flipbook PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer | The PDF Flipbook, 3D Flipbook-DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-11830 |
| DearHive–Social Media Share Buttons | MashShare | Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47. | 2025-01-07 | 4.3 | CVE-2025-22319 |
| deios–Financial Stocks & Crypto Market Data Plugin | The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘e’ parameter in all versions up to, and including, 1.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11690 |
| dell — powerscale_onefs | Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service. | 2025-01-06 | 5 | CVE-2024-47475 |
| Dell–PowerScale OneFS | Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service. | 2025-01-08 | 6.5 | CVE-2024-47239 |
| Digital Zoom Studio–Admin debug wordpress enable debug | Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio Admin debug wordpress – enable debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug: from n/a through 1.0.13. | 2025-01-07 | 4.3 | CVE-2025-22503 |
| divineapi–Horoscope And Tarot | The Horoscope And Tarot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘divine_horoscope’ shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11337 |
| dn88–Highlight | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in dn88 Highlight allows Stored XSS.This issue affects Highlight: from n/a through 2.0.2. | 2025-01-07 | 5.9 | CVE-2024-56297 |
| donglight–bookstore | A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been classified as critical. This affects the function getHtml of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2024-13195 |
| donglight–bookstore | A vulnerability was found in donglight bookstore电商书城系统说明 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The manipulation of the argument pictureFile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 4.7 | CVE-2024-13210 |
| Drupal–CKEditor 4 LTS – WYSIWYG HTML editor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal CKEditor 4 LTS – WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS – WYSIWYG HTML editor: from 1.0.0 before 1.0.1. | 2025-01-09 | 5.4 | CVE-2024-13245 |
| Drupal–Coffee | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0. | 2025-01-09 | 4.8 | CVE-2024-13247 |
| Drupal–Commerce View Receipt | Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3. | 2025-01-09 | 5.3 | CVE-2024-13257 |
| Drupal–Cookiebot + GTM | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting (XSS).This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18. | 2025-01-09 | 5.4 | CVE-2024-13289 |
| Drupal–Download All Files | Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2. | 2025-01-09 | 5.3 | CVE-2024-13303 |
| Drupal–Eloqua | Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X-* before 7.X-1.15. | 2025-01-09 | 6.6 | CVE-2024-13297 |
| Drupal–Entity Delete Log | Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1. | 2025-01-09 | 6.5 | CVE-2024-13243 |
| Drupal–Entity Form Steps | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting (XSS).This issue affects Entity Form Steps: from 0.0.0 before 1.1.4. | 2025-01-09 | 4.8 | CVE-2024-13305 |
| Drupal–Facets | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9. | 2025-01-09 | 6.1 | CVE-2024-13283 |
| Drupal–File Entity (fieldable files) | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38. | 2025-01-09 | 5.4 | CVE-2024-13237 |
| Drupal–Mailjet | Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1. | 2025-01-09 | 6.6 | CVE-2024-13296 |
| Drupal–Minify JS | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS allows Cross Site Request Forgery.This issue affects Minify JS: from 0.0.0 before 3.0.3. | 2025-01-09 | 4.5 | CVE-2024-13304 |
| Drupal–Monster Menus | Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2. | 2025-01-09 | 4.3 | CVE-2024-13288 |
| Drupal–Node Access Rebuild Progressive | Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2. | 2025-01-09 | 5.3 | CVE-2024-13246 |
| Drupal–Node Access Rebuild Progressive | Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2. | 2025-01-09 | 5.4 | CVE-2024-13249 |
| Drupal–Node export | Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X-* before 7.X-3.3. | 2025-01-09 | 6.6 | CVE-2024-13295 |
| Drupal–OAuth & OpenID Connect Single Sign On SSO (OAuth/OIDC Client) | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) allows Cross-Site Scripting (XSS).This issue affects OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client): from 3.0.0 before 3.44.0, from 4.0.0 before 4.0.19. | 2025-01-09 | 6.1 | CVE-2024-13301 |
| Drupal–Open Social | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11. | 2025-01-09 | 5.4 | CVE-2024-13273 |
| Drupal–Opigno group manager | Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’) vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1. | 2025-01-09 | 5.5 | CVE-2024-13263 |
| Drupal–Pages Restriction Access | Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.This issue affects Pages Restriction Access: from 2.0.0 before 2.0.3. | 2025-01-09 | 5.3 | CVE-2024-13302 |
| Drupal–POST File | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2. | 2025-01-09 | 5.4 | CVE-2024-13294 |
| Drupal–Private content | Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0. | 2025-01-09 | 5.5 | CVE-2024-13248 |
| Drupal–SVG Embed | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).This issue affects SVG Embed: from 0.0.0 before 2.1.2. | 2025-01-09 | 5.4 | CVE-2024-13286 |
| Drupal–TacJS | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0. | 2025-01-09 | 5.4 | CVE-2024-13252 |
| Drupal–Tarte au Citron | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5. | 2025-01-09 | 4.8 | CVE-2024-13298 |
| Drupal–Tooltip | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).This issue affects Tooltip: from 0.0.0 before 1.1.2. | 2025-01-09 | 4.8 | CVE-2024-13292 |
| Drupal–Typogrify | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0. | 2025-01-09 | 5.4 | CVE-2024-13238 |
| Drupal–View Password | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).This issue affects View Password: from 0.0.0 before 6.0.4. | 2025-01-09 | 4.8 | CVE-2024-13262 |
| Drupal–Views SVG Animation | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Views SVG Animation allows Cross-Site Scripting (XSS).This issue affects Views SVG Animation: from 0.0.0 before 1.0.1. | 2025-01-09 | 5.4 | CVE-2024-13287 |
| Ella van Durpe–Slides & Presentations | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ella van Durpe Slides & Presentations allows Stored XSS.This issue affects Slides & Presentations: from n/a through 0.0.39. | 2025-01-07 | 6.5 | CVE-2025-22511 |
| Ella van Durpe–Slides & Presentations | Missing Authorization vulnerability in Ella van Durpe Slides & Presentations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: from n/a through 0.0.39. | 2025-01-07 | 5.4 | CVE-2025-22534 |
| endortrails–Sell Media | The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sell_media_search_form_gutenberg’ shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11777 |
| Envato–Envato Elements | Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14. | 2025-01-07 | 4.1 | CVE-2024-56275 |
| Eric Franklin–Video Embed Optimizer | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Eric Franklin Video Embed Optimizer allows Stored XSS.This issue affects Video Embed Optimizer: from n/a through 1.0.0. | 2025-01-07 | 6.5 | CVE-2025-22554 |
| Eric McNiece–EMC2 Alert Boxes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a through 1.3. | 2025-01-07 | 6.5 | CVE-2025-22365 |
| estatik–Estatik Mortgage Calculator | The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘color’ parameter in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-9354 |
| Etruel Developments LLC–WP Delete Post Copies | Missing Authorization vulnerability in Etruel Developments LLC WP Delete Post Copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Copies: from n/a through 5.5. | 2025-01-07 | 5.4 | CVE-2025-22541 |
| Faaiq–Pretty Url | Cross-Site Request Forgery (CSRF) vulnerability in Faaiq Pretty Url allows Cross Site Request Forgery.This issue affects Pretty Url: from n/a through 1.5.4. | 2025-01-07 | 4.3 | CVE-2025-22563 |
| Fahad Mahmood–WP Docs | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.2.1. | 2025-01-07 | 5.9 | CVE-2024-56288 |
| FilaThemes–Education LMS | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FilaThemes Education LMS allows Stored XSS.This issue affects Education LMS: from n/a through 0.0.7. | 2025-01-07 | 6.5 | CVE-2025-22334 |
| FlickDevs–News Ticker Widget for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FlickDevs News Ticker Widget for Elementor allows Stored XSS.This issue affects News Ticker Widget for Elementor: from n/a through 1.3.2. | 2025-01-09 | 6.5 | CVE-2025-22812 |
| flickrocket–WooCommerce Digital Content Delivery (incl. DRM) FlickRocket | The WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘start_date’ and ‘end_date’ parameters in all versions up to, and including, 4.74 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12438 |
| flowdee–ClickWhale Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages | The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-11 | 6.1 | CVE-2024-11327 |
| formaloo–Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce | The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘address’ parameter in all versions up to, and including, 2.1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11934 |
| FreeType–FreeType | FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c. | 2025-01-10 | 4 | CVE-2025-23022 |
| galdub–Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups | The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create 100% off coupons, delete posts, delete leads, and update coupon statuses. | 2025-01-11 | 5.4 | CVE-2024-12204 |
| geotargetly–Geo Content | The Geo Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘geotargetlygeocontent’ shortcode in all versions up to, and including, 6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11887 |
| GitLab–GitLab | An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner. | 2025-01-08 | 6.5 | CVE-2025-0194 |
| GitLab–GitLab | An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects. | 2025-01-08 | 4.3 | CVE-2024-12431 |
| GitLab–GitLab | An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups. | 2025-01-09 | 4.2 | CVE-2024-13041 |
| GitLab–GitLab | An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics. | 2025-01-09 | 4.3 | CVE-2024-6324 |
| grandy–GDY Modular Content | The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.9.91. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12153 |
| Gravity Master–PDF Catalog Woocommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gravity Master PDF Catalog Woocommerce allows DOM-Based XSS.This issue affects PDF Catalog Woocommerce: from n/a through 2.0. | 2025-01-09 | 6.5 | CVE-2025-22809 |
| Grocy project–Grocy | Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes. | 2025-01-06 | 4.3 | CVE-2024-55075 |
| Guangzhou Huayi Intelligent Technology–Jeewms | A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. | 2025-01-11 | 6.3 | CVE-2025-0391 |
| Guangzhou Huayi Intelligent Technology–Jeewms | A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. | 2025-01-11 | 6.3 | CVE-2025-0392 |
| Guangzhou Huayi Intelligent Technology–Jeewms | A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: ‘../filedir’. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. | 2025-01-11 | 5.3 | CVE-2025-0390 |
| Gutentor–Gutentor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gutentor Gutentor allows DOM-Based XSS.This issue affects Gutentor: from n/a through 3.4.0. | 2025-01-07 | 6.5 | CVE-2025-22293 |
| HashThemes–Hash Elements | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HashThemes Hash Elements.This issue affects Hash Elements: from n/a through 1.4.9. | 2025-01-07 | 6.5 | CVE-2025-22296 |
| hassantafreshi–Easy Form Builder WordPress plugin form builder: contact form, survey form, payment form, and custom form builder | The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter of the ‘add_form_Emsfb’ AJAX action in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping and missing authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-12112 |
| HasThemes–Free WooCommerce Theme 99fy Extension | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes Free WooCommerce Theme 99fy Extension allows Stored XSS.This issue affects Free WooCommerce Theme 99fy Extension: from n/a through 1.2.8. | 2025-01-09 | 6.5 | CVE-2025-22801 |
| HCL Software–DRYiCE MyXalytics | HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim’s login session. | 2025-01-11 | 6.8 | CVE-2024-42170 |
| HCL Software–DRYiCE MyXalytics | HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim’s login session. | 2025-01-11 | 6.4 | CVE-2024-42171 |
| HCL Software–DRYiCE MyXalytics | HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications. | 2025-01-11 | 5.3 | CVE-2024-42172 |
| HCL Software–DRYiCE MyXalytics | HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known. | 2025-01-11 | 4.8 | CVE-2024-42173 |
| Hitesh Patel–Metadata SEO | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hitesh Patel Metadata SEO allows Stored XSS.This issue affects Metadata SEO: from n/a through 2.3. | 2025-01-07 | 6.5 | CVE-2025-22516 |
| Hive Support–Hive Support WordPress Help Desk | Missing Authorization vulnerability in Hive Support Hive Support – WordPress Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.6. | 2025-01-07 | 4.3 | CVE-2025-22298 |
| hoststreamsell–WooCommerce HSS Extension for Streaming Video | The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12214 |
| Huawei–HarmonyOS | Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 2025-01-08 | 6.2 | CVE-2023-52953 |
| Huawei–HarmonyOS | Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-01-08 | 6.5 | CVE-2023-52955 |
| Huawei–HarmonyOS | Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-01-08 | 6.2 | CVE-2024-54121 |
| Huawei–HarmonyOS | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 6.2 | CVE-2024-56435 |
| Huawei–HarmonyOS | Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 6 | CVE-2024-56438 |
| Huawei–HarmonyOS | Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-01-08 | 6.2 | CVE-2024-56440 |
| Huawei–HarmonyOS | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 6.2 | CVE-2024-56443 |
| Huawei–HarmonyOS | Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 6.7 | CVE-2024-56448 |
| Huawei–HarmonyOS | Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 6.6 | CVE-2024-56449 |
| Huawei–HarmonyOS | Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 6.3 | CVE-2024-56450 |
| Huawei–HarmonyOS | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 6.8 | CVE-2024-56453 |
| Huawei–HarmonyOS | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 6.8 | CVE-2024-56456 |
| Huawei–HarmonyOS | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 5.5 | CVE-2024-56436 |
| Huawei–HarmonyOS | Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 5.7 | CVE-2024-56437 |
| Huawei–HarmonyOS | Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-01-08 | 5.5 | CVE-2024-56442 |
| Huawei–HarmonyOS | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 5.5 | CVE-2024-56452 |
| Huawei–HarmonyOS | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 5.5 | CVE-2024-56454 |
| Huawei–HarmonyOS | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 5.5 | CVE-2024-56455 |
| Huawei–HarmonyOS | Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 4.4 | CVE-2023-52954 |
| Huawei–HarmonyOS | Race condition vulnerability in the distributed notification module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-01-08 | 4.1 | CVE-2024-54120 |
| Huawei–HarmonyOS | UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device. | 2025-01-08 | 4.4 | CVE-2024-56434 |
| Huawei–HarmonyOS | Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 4.1 | CVE-2024-56441 |
| Huawei–HarmonyOS | Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-01-08 | 4.3 | CVE-2024-56445 |
| Huawei–HarmonyOS | Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 4 | CVE-2024-56446 |
| Huurkalender–Huurkalender WP | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Huurkalender Huurkalender WP allows Stored XSS.This issue affects Huurkalender WP: from n/a through 1.5.6. | 2025-01-07 | 6.5 | CVE-2025-22528 |
| IBM–App Connect Enterprise Certified Container | IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted. | 2025-01-09 | 5.5 | CVE-2022-22491 |
| IBM–Concert Software | IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3Â could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | 2025-01-07 | 5.9 | CVE-2024-52366 |
| IBM–Concert Software | IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system. | 2025-01-07 | 5.3 | CVE-2024-52367 |
| IBM–Concert Software | IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization. | 2025-01-07 | 5.4 | CVE-2024-52891 |
| IBM–Concert Software | IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3Â could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-01-07 | 5.3 | CVE-2024-52893 |
| IBM–Controller | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization. | 2025-01-07 | 6.5 | CVE-2024-28778 |
| IBM–Controller | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-01-07 | 4.3 | CVE-2022-22363 |
| IBM–Controller | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. | 2025-01-07 | 4.3 | CVE-2024-25037 |
| IBM–Db2 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. | 2025-01-08 | 5.5 | CVE-2024-40679 |
| IBM–Jazz Foundation | IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-12 | 5.4 | CVE-2021-29669 |
| IBM–OpenPages | IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. | 2025-01-09 | 5.4 | CVE-2024-43176 |
| IBM–Robotic Process Automation | IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks. | 2025-01-12 | 5.9 | CVE-2024-51456 |
| IBM–Security QRadar EDR | IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system. | 2025-01-07 | 5.3 | CVE-2024-45640 |
| IBM–Security QRadar EDR | IBM Security ReaQta 3.12Â could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources. | 2025-01-07 | 4.9 | CVE-2024-45100 |
| IBM–Sterling B2B Integrator Standard Edition | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-06 | 6.4 | CVE-2024-31914 |
| IBM–Sterling B2B Integrator Standard Edition | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-06 | 5.5 | CVE-2024-31913 |
| IBM–watsonx.ai | IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-12 | 5.4 | CVE-2024-49785 |
| inc2734–Smart Custom Fields | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in inc2734 Smart Custom Fields allows Stored XSS.This issue affects Smart Custom Fields: from n/a through 5.0.0. | 2025-01-07 | 6.5 | CVE-2025-22308 |
| india-web-developer–WP Youtube Gallery | The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12590 |
| infility–Infility Global | The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options and potentially break the site. | 2025-01-07 | 6.5 | CVE-2024-11496 |
| infility–Infility Global | The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘set_type’ parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12290 |
| instaform.ir– | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in instaform.ir Ùرم ساز Ùرم اÙزار allows Stored XSS.This issue affects Ùرم ساز Ùرم اÙزار: from n/a through 2.0. | 2025-01-07 | 6.5 | CVE-2025-22524 |
| intergotelecom–WP Bulk SMS by SMS.to | The WP – Bulk SMS – by SMS.to plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11434 |
| Jason Funk–Title Experiments Free | Missing Authorization vulnerability in Jason Funk Title Experiments Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Title Experiments Free: from n/a through 9.0.4. | 2025-01-09 | 4.3 | CVE-2025-22561 |
| Jason Funk–Title Experiments Free | Cross-Site Request Forgery (CSRF) vulnerability in Jason Funk Title Experiments Free allows Cross Site Request Forgery.This issue affects Title Experiments Free: from n/a through 9.0.4. | 2025-01-07 | 4.3 | CVE-2025-22562 |
| jdsofttech–School Management System WPSchoolPress | The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the ‘cid’ parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Student/Parent-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-07 | 6.5 | CVE-2024-12332 |
| Jewel Theme–Image Hover Effects for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jewel Theme Image Hover Effects for Elementor allows Stored XSS.This issue affects Image Hover Effects for Elementor: from n/a through 1.0.2.3. | 2025-01-07 | 6.5 | CVE-2025-22323 |
| jleuze–Meteor Slides | The Meteor Slides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slide_url_value’ parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12073 |
| Joe Motacek–ICS Button | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Joe Motacek ICS Button allows Stored XSS.This issue affects ICS Button: from n/a through 0.6. | 2025-01-07 | 6.5 | CVE-2025-22574 |
| jonathankissam–Action Network | The Action Network plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-12394 |
| Joomag.–WP Joomag | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Joomag. WP Joomag allows DOM-Based XSS.This issue affects WP Joomag: from n/a through 2.5.2. | 2025-01-09 | 6.5 | CVE-2025-22827 |
| Joomla! Project–Joomla! CMS | Various module chromes didn’t properly process inputs, leading to XSS vectors. | 2025-01-07 | 6.1 | CVE-2024-40747 |
| Julien Crego–Boot-Modal | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Julien Crego Boot-Modal allows Stored XSS.This issue affects Boot-Modal: from n/a through 1.9.1. | 2025-01-07 | 6.5 | CVE-2025-22551 |
| Juniper Networks–Junos OS | An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS). On devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart. Continued receipt of these UPDATE packets will cause a sustained DoS condition. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S2, * from 23.4 before 23.4R2; and Junos OS Evolved: * All versions before 21.2R3-S9-EVO, * from 21.4-EVO before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S5-EVO, * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-EVO. | 2025-01-09 | 6.5 | CVE-2025-21593 |
| Juniper Networks–Junos OS | An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems configured in either of two ways: * systems with BGP traceoptions enabled * systems with BGP family traffic-engineering (BGP-LS) configured and can be exploited from a directly connected and configured BGP peer. This issue affects iBGP and eBGP with any address family configured, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R1-S2, 24.2R2; Junos OS Evolved: * All versions before 21.4R3-S9-EVO, * from 22.2 before 22.2R3-S5-EVO, * from 22.3 before 22.3R3-S4-EVO, * from 22.4 before 22.4R3-S5-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S2-EVO, * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO. This is a similar, but different vulnerability than the issue reported as CVE-2024-39516. | 2025-01-09 | 6.5 | CVE-2025-21600 |
| Juniper Networks–Junos OS | An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS: * from 21.4 before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R1-S2, 24.2R2; This issue does not affect versions prior to 21.1R1. Junos OS Evolved: * from 21.4 before 21.4R3-S9-EVO, * from 22.2 before 22.2R3-S5-EVO, * from 22.3 before 22.3R3-S4-EVO, * from 22.4 before 22.4R3-S5-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S3-EVO, * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect versions prior to 21.1R1-EVO | 2025-01-09 | 6.5 | CVE-2025-21602 |
| Juniper Networks–Junos OS | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system. Through the execution of either ‘show services advanced-anti-malware’ or ‘show services security-intelligence’ command, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system. This issue affects Junos OS SRX Series: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2. | 2025-01-09 | 5.5 | CVE-2025-21592 |
| Juniper Networks–Junos OS | An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the ‘show chassis environment pem’ command to cause the chassis daemon (chassisd) to crash and restart, resulting in a temporary Denial of Service (DoS). However, repeated execution of this command will eventually cause the chassisd process to fail to restart, impacting packet processing on the system. This issue affects Junos OS on SRX1500, SRX4100, SRX4200: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S1. | 2025-01-09 | 5.5 | CVE-2025-21596 |
| Justin Twerdy–Genesis Style Shortcodes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Justin Twerdy Genesis Style Shortcodes allows DOM-Based XSS.This issue affects Genesis Style Shortcodes: from n/a through 1.0. | 2025-01-09 | 6.5 | CVE-2025-22823 |
| justinticktock–Role Includer | The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_id’ parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12124 |
| KentoThemes–Justified Image Gallery | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in KentoThemes Justified Image Gallery allows Stored XSS.This issue affects Justified Image Gallery: from n/a through 1.0. | 2025-01-07 | 6.5 | CVE-2025-22518 |
| Kingsoft–WPS Office | A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-08 | 5.3 | CVE-2024-13187 |
| kurniaramadhan–E-Commerce-PHP | A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipulation of the argument blog_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 5.5 | CVE-2024-13204 |
| kurniaramadhan–E-Commerce-PHP | A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 4.3 | CVE-2024-13203 |
| Laborator–Aurum – WordPress & WooCommerce Shopping Theme | The Aurum – WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘lab_1cl_demo_install_package_content’ function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite content with imported demo content. | 2025-01-07 | 4.3 | CVE-2024-12781 |
| LabRedesCefetRJ–WeGIA | WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the modulos_visiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8. | 2025-01-10 | 6.5 | CVE-2025-22596 |
| LabRedesCefetRJ–WeGIA | WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8. | 2025-01-10 | 6.5 | CVE-2025-22599 |
| LabRedesCefetRJ–WeGIA | WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_doacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the avulso parameter. This vulnerability is fixed in 3.2.8. | 2025-01-10 | 6.5 | CVE-2025-22600 |
| lddwebdesign–LDD Directory Lite | The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12540 |
| leiyuxi–cy-fast | A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2025-0333 |
| leiyuxi–cy-fast | A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /sys/user/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2025-0334 |
| leiyuxi–cy-fast | A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /commpara/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2025-0344 |
| leiyuxi–cy-fast | A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this issue is the function listData of the file /sys/menu/listData. The manipulation of the argument order leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2025-0345 |
| Lenderd–1003 Mortgage Application | Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through 1.87. | 2025-01-07 | 4.3 | CVE-2025-22591 |
| letscms–Binary MLM Woocommerce | The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the ‘bmw_display_pv_set_page’ function and insufficient input sanitization and output escaping of the ‘product_points’ parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12383 |
| letscms–Binary MLM Woocommerce | The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12384 |
| letscms–Unilevel MLM Plan | The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12324 |
| levelfourstorefront–Shopping Cart & eCommerce Store | The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses. | 2025-01-08 | 5.3 | CVE-2024-12712 |
| librdf–Raptor RDF Syntax Library | In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal(). | 2025-01-10 | 4 | CVE-2024-57822 |
| linearoy–Linear | The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘linear_block_buy_commissions’ shortcode in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12496 |
| Link Whisper–Link Whisper Free | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7. | 2025-01-07 | 5.3 | CVE-2025-22306 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data transmission. The interface need to be released before unregistering hci device when usb disconnect. Removing BT usb dongle without properly releasing the interface may cause Kernel panic while unregister hci device. | 2025-01-06 | 5.5 | CVE-2024-56757 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping (like remove it with invalidate) before we call folio_lock(). This results in an invalid page and we need to try again. In particular, if we are relocating concurrently with aborting a transaction, this can result in a crash like the following: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 76 PID: 1411631 Comm: kworker/u322:5 Workqueue: events_unbound btrfs_reclaim_bgs_work RIP: 0010:set_page_extent_mapped+0x20/0xb0 RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246 RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880 RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0 R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000 R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die+0x78/0xc0 ? page_fault_oops+0x2a8/0x3a0 ? __switch_to+0x133/0x530 ? wq_worker_running+0xa/0x40 ? exc_page_fault+0x63/0x130 ? asm_exc_page_fault+0x22/0x30 ? set_page_extent_mapped+0x20/0xb0 relocate_file_extent_cluster+0x1a7/0x940 relocate_data_extent+0xaf/0x120 relocate_block_group+0x20f/0x480 btrfs_relocate_block_group+0x152/0x320 btrfs_relocate_chunk+0x3d/0x120 btrfs_reclaim_bgs_work+0x2ae/0x4e0 process_scheduled_works+0x184/0x370 worker_thread+0xc6/0x3e0 ? blk_add_timer+0xb0/0xb0 kthread+0xae/0xe0 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork+0x2f/0x40 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork_asm+0x11/0x20 </TASK> This occurs because cleanup_one_transaction() calls destroy_delalloc_inodes() which calls invalidate_inode_pages2() which takes the folio_lock before setting mapping to NULL. We fail to check this, and subsequently call set_extent_mapping(), which assumes that mapping != NULL (in fact it asserts that in debug mode) Note that the “fixes” patch here is not the one that introduced the race (the very first iteration of this code from 2009) but a more recent change that made this particular crash happen in practice. | 2025-01-06 | 5.5 | CVE-2024-56758 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 __pci_enable_msix_range+0x30c/0x596 pci_msi_setup_msi_irqs+0x2c/0x32 pci_alloc_irq_vectors_affinity+0xb8/0xe2 RISCV uses hierarchical interrupt domains and correctly does not implement the legacy fallback. The warning triggers from the legacy fallback stub. That warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent domain is associated with the device or not. There is a check for MSI-X, which has a legacy assumption. But that legacy fallback assumption is only valid when legacy support is enabled, but otherwise the check should simply return -ENOTSUPP. Loongarch tripped over the same problem and blindly enabled legacy support without implementing the legacy fallbacks. There are weak implementations which return an error, so the problem was papered over. Correct pci_msi_domain_supports() to evaluate the legacy mode and add the missing supported check into the MSI enable path to complete it. | 2025-01-06 | 5.5 | CVE-2024-56760 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted across the instruction boundary. When the decoder finds an inappropriate instruction while WFE is set ENDBR, the CPU raises a #CP fault. For the “kernel IBT no ENDBR” selftest where #CPs are deliberately triggered, the WFE state of the interrupted context needs to be cleared to let execution continue. Otherwise when the CPU resumes from the instruction that just caused the previous #CP, another missing-ENDBRANCH #CP is raised and the CPU enters a dead loop. This is not a problem with IDT because it doesn’t preserve WFE and IRET doesn’t set WFE. But FRED provides space on the entry stack (in an expanded CS area) to save and restore the WFE state, thus the WFE state is no longer clobbered, so software must clear it. Clear WFE to avoid dead looping in ibt_clear_fred_wfe() and the !ibt_fatal code path when execution is allowed to continue. Clobbering WFE in any other circumstance is a security-relevant bug. [ dhansen: changelog rewording ] | 2025-01-06 | 5.5 | CVE-2024-56761 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Also check zero for it. | 2025-01-06 | 5.5 | CVE-2024-56763 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan->free_descs_list is empty and memory is exhausted. Therefore, add check to avoid this. | 2025-01-06 | 5.5 | CVE-2024-56767 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP disabled can trigger the following bug, as pcpu_hot is unavailable: [ 8.471774] BUG: unable to handle page fault for address: 00000000936a290c [ 8.471849] #PF: supervisor read access in kernel mode [ 8.471881] #PF: error_code(0x0000) – not-present page Fix by inlining a return 0 in the !CONFIG_SMP case. | 2025-01-06 | 5.5 | CVE-2024-56768 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in i2c_transfer() as a read buffer; in case that call fails, the buffer may end up with some undefined values. Since no elaborate error handling is expected in dib3000_write_reg(), simply zero out rb buffer to mitigate the problem. [1] Syzkaller report dvb-usb: bulk message failed: -22 (6/0) ===================================================== BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dibusb_dib3000mb_frontend_attach+0x155/0x2f0 drivers/media/usb/dvb-usb/dibusb-mb.c:31 dvb_usb_adapter_frontend_init+0xed/0x9a0 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:290 dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:90 [inline] dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:186 [inline] dvb_usb_device_init+0x25a8/0x3760 drivers/media/usb/dvb-usb/dvb-usb-init.c:310 dibusb_probe+0x46/0x250 drivers/media/usb/dvb-usb/dibusb-mb.c:110 … Local variable rb created at: dib3000_read_reg+0x86/0x4e0 drivers/media/dvb-frontends/dib3000mb.c:54 dib3000mb_attach+0x123/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 … | 2025-01-06 | 5.5 | CVE-2024-56769 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, ‘qlen’ of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its children holds. In case of netem, ‘qlen’ only accounts for the packets in its internal tfifo. When netem is used with a child qdisc, the child qdisc can use ‘qdisc_tree_reduce_backlog’ to inform its parent, netem, about created or dropped SKBs. This function updates ‘qlen’ and the backlog statistics of netem, but netem does not account for changes made by a child qdisc. ‘qlen’ then indicates the wrong number of packets in the tfifo. If a child qdisc creates new SKBs during enqueue and informs its parent about this, netem’s ‘qlen’ value is increased. When netem dequeues the newly created SKBs from the child, the ‘qlen’ in netem is not updated. If ‘qlen’ reaches the configured sch->limit, the enqueue function stops working, even though the tfifo is not full. Reproduce the bug: Ensure that the sender machine has GSO enabled. Configure netem as root qdisc and tbf as its child on the outgoing interface of the machine as follows: $ tc qdisc add dev <oif> root handle 1: netem delay 100ms limit 100 $ tc qdisc add dev <oif> parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms Send bulk TCP traffic out via this interface, e.g., by running an iPerf3 client on the machine. Check the qdisc statistics: $ tc -s qdisc show dev <oif> Statistics after 10s of iPerf3 TCP test before the fix (note that netem’s backlog > limit, netem stopped accepting packets): qdisc netem 1: root refcnt 2 limit 1000 delay 100ms Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0) backlog 4294528236b 1155p requeues 0 qdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0) backlog 0b 0p requeues 0 Statistics after the fix: qdisc netem 1: root refcnt 2 limit 1000 delay 100ms Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0) backlog 0b 0p requeues 0 qdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0) backlog 0b 0p requeues 0 tbf segments the GSO SKBs (tbf_segment) and updates the netem’s ‘qlen’. The interface fully stops transferring packets and “locks”. In this case, the child qdisc and tfifo are empty, but ‘qlen’ indicates the tfifo is at its limit and no more packets are accepted. This patch adds a counter for the entries in the tfifo. Netem’s ‘qlen’ is only decreased when a packet is returned by its dequeue function, and not during enqueuing into the child qdisc. External updates to ‘qlen’ are thus accounted for and only the behavior of the backlog statistics changes. As in other qdiscs, ‘qlen’ then keeps track of how many packets are held in netem and all of its children. As before, sch->limit remains as the maximum number of packets in the tfifo. The same applies to netem’s backlog statistics. | 2025-01-08 | 5.5 | CVE-2024-56770 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information These four chips: * W25N512GW * W25N01GW * W25N01JW * W25N02JW all require a single bit of ECC strength and thus feature an on-die Hamming-like ECC engine. There is no point in filling a ->get_status() callback for them because the main ECC status bytes are located in standard places, and retrieving the number of bitflips in case of corrected chunk is both useless and unsupported (if there are bitflips, then there is 1 at most, so no need to query the chip for that). Without this change, a kernel warning triggers every time a bit flips. | 2025-01-08 | 5.5 | CVE-2024-56771 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: kunit: Fix potential null dereference in kunit_device_driver_test() kunit_kzalloc() may return a NULL pointer, dereferencing it without NULL check may lead to NULL dereference. Add a NULL check for test_state. | 2025-01-08 | 5.5 | CVE-2024-56773 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). The reproducer is using rescue=ibadroots, and the extent tree root is corrupted thus the extent tree is NULL. When scrub tries to search the extent tree to gather the needed extent info, btrfs_search_slot() doesn’t check if the target root is NULL or not, resulting the null-ptr-deref. Add sanity check for btrfs root before using it in btrfs_search_slot(). | 2025-01-08 | 5.5 | CVE-2024-56774 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer ‘crtc_state’ in case of the failure. | 2025-01-08 | 5.5 | CVE-2024-56776 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer ‘crtc_state’ in case of the failure. | 2025-01-08 | 5.5 | CVE-2024-56777 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer ‘crtc_state’ in case of the failure. | 2025-01-08 | 5.5 | CVE-2024-56778 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur The action force umount(umount -f) will attempt to kill all rpc_task even umount operation may ultimately fail if some files remain open. Consequently, if an action attempts to open a file, it can potentially send two rpc_task to nfs server. NFS CLIENT thread1 thread2 open(“file”) … nfs4_do_open _nfs4_do_open _nfs4_open_and_get_state _nfs4_proc_open nfs4_run_open_task /* rpc_task1 */ rpc_run_task rpc_wait_for_completion_task umount -f nfs_umount_begin rpc_killall_tasks rpc_signal_task rpc_task1 been wakeup and return -512 _nfs4_do_open // while loop … nfs4_run_open_task /* rpc_task2 */ rpc_run_task rpc_wait_for_completion_task While processing an open request, nfsd will first attempt to find or allocate an nfs4_openowner. If it finds an nfs4_openowner that is not marked as NFS4_OO_CONFIRMED, this nfs4_openowner will released. Since two rpc_task can attempt to open the same file simultaneously from the client to server, and because two instances of nfsd can run concurrently, this situation can lead to lots of memory leak. Additionally, when we echo 0 to /proc/fs/nfsd/threads, warning will be triggered. NFS SERVER nfsd1 nfsd2 echo 0 > /proc/fs/nfsd/threads nfsd4_open nfsd4_process_open1 find_or_alloc_open_stateowner // alloc oo1, stateid1 nfsd4_open nfsd4_process_open1 find_or_alloc_open_stateowner // find oo1, without NFS4_OO_CONFIRMED release_openowner unhash_openowner_locked list_del_init(&oo->oo_perclient) // cannot find this oo // from client, LEAK!!! alloc_stateowner // alloc oo2 nfsd4_process_open2 init_open_stateid // associate oo1 // with stateid1, stateid1 LEAK!!! nfs4_get_vfs_file // alloc nfsd_file1 and nfsd_file_mark1 // all LEAK!!! nfsd4_process_open2 … write_threads … nfsd_destroy_serv nfsd_shutdown_net nfs4_state_shutdown_net nfs4_state_destroy_net destroy_client __destroy_client // won’t find oo1!!! nfsd_shutdown_generic nfsd_file_cache_shutdown kmem_cache_destroy for nfsd_file_slab and nfsd_file_mark_slab // bark since nfsd_file1 // and nfsd_file_mark1 // still alive ======================================================================= BUG nfsd_file (Not tainted): Objects remaining in nfsd_file on __kmem_cache_shutdown() ———————————————————————– Slab 0xffd4000004438a80 objects=34 used=1 fp=0xff11000110e2ad28 flags=0x17ffffc0000240(workingset|head|node=0|zone=2|lastcpupid=0x1fffff) CPU: 4 UID: 0 PID: 757 Comm: sh Not tainted 6.12.0-rc6+ #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: <TASK> dum —truncated— | 2025-01-08 | 5.5 | CVE-2024-56779 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super() sync_filesystem() ext4_sync_fs() dquot_writeback_dquots() Since we currently don’t always flush the quota_release_work queue in this path, we can end up with the following race: 1. dquot are added to releasing_dquots list during regular operations. 2. FS Freeze starts, however, this does not flush the quota_release_work queue. 3. Freeze completes. 4. Kernel eventually tries to flush the workqueue while FS is frozen which hits a WARN_ON since transaction gets started during frozen state: ext4_journal_check_start+0x28/0x110 [ext4] (unreliable) __ext4_journal_start_sb+0x64/0x1c0 [ext4] ext4_release_dquot+0x90/0x1d0 [ext4] quota_release_workfn+0x43c/0x4d0 Which is the following line: WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE); Which ultimately results in generic/390 failing due to dmesg noise. This was detected on powerpc machine 15 cores. To avoid this, make sure to flush the workqueue during dquot_writeback_dquots() so we dont have any pending workitems after freeze. | 2025-01-08 | 5.5 | CVE-2024-56780 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: powerpc/prom_init: Fixup missing powermac #size-cells On some powermacs `escc` nodes are missing `#size-cells` properties, which is deprecated and now triggers a warning at boot since commit 045b14ca5c36 (“of: WARN on deprecated #address-cells/#size-cells handling”). For example: Missing ‘#size-cells’ in /pci@f2000000/mac-io@c/escc@13000 WARNING: CPU: 0 PID: 0 at drivers/of/base.c:133 of_bus_n_size_cells+0x98/0x108 Hardware name: PowerMac3,1 7400 0xc0209 PowerMac … Call Trace: of_bus_n_size_cells+0x98/0x108 (unreliable) of_bus_default_count_cells+0x40/0x60 __of_get_address+0xc8/0x21c __of_address_to_resource+0x5c/0x228 pmz_init_port+0x5c/0x2ec pmz_probe.isra.0+0x144/0x1e4 pmz_console_init+0x10/0x48 console_init+0xcc/0x138 start_kernel+0x5c4/0x694 As powermacs boot via prom_init it’s possible to add the missing properties to the device tree during boot, avoiding the warning. Note that `escc-legacy` nodes are also missing `#size-cells` properties, but they are skipped by the macio driver, so leave them alone. Depends-on: 045b14ca5c36 (“of: WARN on deprecated #address-cells/#size-cells handling”) | 2025-01-08 | 5.5 | CVE-2024-56781 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() acpi_dev_hid_match() does not check for adev == NULL, dereferencing it unconditional. Add a check for adev being NULL before calling acpi_dev_hid_match(). At the moment acpi_quirk_skip_serdev_enumeration() is never called with a controller_parent without an ACPI companion, but better safe than sorry. | 2025-01-08 | 5.5 | CVE-2024-56782 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove unnecessary WARN_ON_ONCE which is reachable from userspace. | 2025-01-08 | 5.5 | CVE-2024-56783 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Fix the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: ‘#interrupt-cells’ found, but node is not an interrupt provider arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: ‘#interrupt-cells’ found, but node is not an interrupt provider arch/mips/boot/dts/loongson/loongson64g_4core_ls7a.dtb: Warning (interrupt_map): Failed prerequisite ‘interrupt_provider’ And a runtime warning introduced in commit 045b14ca5c36 (“of: WARN on deprecated #address-cells/#size-cells handling”): WARNING: CPU: 0 PID: 1 at drivers/of/base.c:106 of_bus_n_addr_cells+0x9c/0xe0 Missing ‘#address-cells’ in /bus@10000000/pci@1a000000/pci_bridge@9,0 The fix is similar to commit d89a415ff8d5 (“MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a”), which has fixed the issue for ls2k (despite its subject mentions ls7a). | 2025-01-08 | 5.5 | CVE-2024-56785 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: bpf: put bpf_link’s program when link is safe to be deallocated In general, BPF link’s underlying BPF program should be considered to be reachable through attach hook -> link -> prog chain, and, pessimistically, we have to assume that as long as link’s memory is not safe to free, attach hook’s code might hold a pointer to BPF program and use it. As such, it’s not (generally) correct to put link’s program early before waiting for RCU GPs to go through. More eager bpf_prog_put() that we currently do is mostly correct due to BPF program’s release code doing similar RCU GP waiting, but as will be shown in the following patches, BPF program can be non-sleepable (and, thus, reliant on only “classic” RCU GP), while BPF link’s attach hook can have sleepable semantics and needs to be protected by RCU Tasks Trace, and for such cases BPF link has to go through RCU Tasks Trace + “classic” RCU GPs before being deallocated. And so, if we put BPF program early, we might free BPF program before we free BPF link, leading to use-after-free situation. So, this patch defers bpf_prog_put() until we are ready to perform bpf_link’s deallocation. At worst, this delays BPF program freeing by one extra RCU GP, but that seems completely acceptable. Alternatively, we’d need more elaborate ways to determine BPF hook, BPF link, and BPF program lifetimes, and how they relate to each other, which seems like an unnecessary complication. Note, for most BPF links we still will perform eager bpf_prog_put() and link dealloc, so for those BPF links there are no observable changes whatsoever. Only BPF links that use deferred dealloc might notice slightly delayed freeing of BPF programs. Also, to reduce code and logic duplication, extract program put + link dealloc logic into bpf_link_dealloc() helper. | 2025-01-08 | 5.5 | CVE-2024-56786 |
| linux — linux_kernel | In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is produced because on i.MX8M Plus hardware because the soc-imx8m.c driver calls of_clk_get_by_name() which returns -EPROBE_DEFER because the clock driver is not yet probed. This was not detected during regular testing without driver_async_probe. Convert the SoC code to platform driver and instantiate a platform device in its current device_initcall() to probe the platform driver. Rework .soc_revision callback to always return valid error code and return SoC revision via parameter. This way, if anything in the .soc_revision callback return -EPROBE_DEFER, it gets propagated to .probe and the .probe will get retried later. ” ————[ cut here ]———— WARNING: CPU: 1 PID: 1 at drivers/soc/imx/soc-imx8m.c:115 imx8mm_soc_revision+0xdc/0x180 CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.11.0-next-20240924-00002-g2062bb554dea #603 Hardware name: DH electronics i.MX8M Plus DHCOM Premium Developer Kit (3) (DT) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=–) pc : imx8mm_soc_revision+0xdc/0x180 lr : imx8mm_soc_revision+0xd0/0x180 sp : ffff8000821fbcc0 x29: ffff8000821fbce0 x28: 0000000000000000 x27: ffff800081810120 x26: ffff8000818a9970 x25: 0000000000000006 x24: 0000000000824311 x23: ffff8000817f42c8 x22: ffff0000df8be210 x21: fffffffffffffdfb x20: ffff800082780000 x19: 0000000000000001 x18: ffffffffffffffff x17: ffff800081fff418 x16: ffff8000823e1000 x15: ffff0000c03b65e8 x14: ffff0000c00051b0 x13: ffff800082790000 x12: 0000000000000801 x11: ffff80008278ffff x10: ffff80008209d3a6 x9 : ffff80008062e95c x8 : ffff8000821fb9a0 x7 : 0000000000000000 x6 : 00000000000080e3 x5 : ffff0000df8c03d8 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : fffffffffffffdfb x0 : fffffffffffffdfb Call trace: imx8mm_soc_revision+0xdc/0x180 imx8_soc_init+0xb0/0x1e0 do_one_initcall+0x94/0x1a8 kernel_init_freeable+0x240/0x2a8 kernel_init+0x28/0x140 ret_from_fork+0x10/0x20 —[ end trace 0000000000000000 ]— SoC: i.MX8MP revision 1.1 “ | 2025-01-08 | 5.5 | CVE-2024-56787 |
| litonice13–Master Addons Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations | The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Tooltip module in all versions up to, and including, 2.0.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-9502 |
| Lucia Intelisano–Live Flight Radar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lucia Intelisano Live Flight Radar allows Stored XSS.This issue affects Live Flight Radar: from n/a through 1.0. | 2025-01-09 | 6.5 | CVE-2025-22824 |
| lumiblog–Marketplace Items | The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘envato’ shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12437 |
| lumiblog–Marketplace Items | The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘marketplace’ shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12439 |
| M Bilal M–Urdu Formatter Shamil | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in M Bilal M Urdu Formatter – Shamil allows Stored XSS.This issue affects Urdu Formatter – Shamil: from n/a through 0.1. | 2025-01-07 | 6.5 | CVE-2025-22531 |
| MacPorts–MacPorts | A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror. | 2025-01-07 | 6.8 | CVE-2024-11681 |
| madrasthemes–MAS Elementor | The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-01-08 | 6.4 | CVE-2024-12328 |
| MagePeople Team–Bus Ticket Booking with Seat Reservation | Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.4.3. | 2025-01-07 | 4.3 | CVE-2024-49294 |
| magepeopleteam–Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration WpRently | WordPress plugin | The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘active_tab’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.1 | CVE-2024-12412 |
| makeplane–plane | Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims’ browsers when viewing the profile image. | 2025-01-06 | 5.4 | CVE-2025-21616 |
| manycontacts–WhatsApp click to chat | The WhatsApp 🚀 click to chat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘manycontacts_code’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-11686 |
| Marcus C. J. Hartmann–mcjh button shortcode | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Marcus C. J. Hartmann mcjh button shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through 1.6.4. | 2025-01-07 | 6.5 | CVE-2025-22558 |
| marekzak01–SmartEmailing.cz | The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘se-lists-updated’ parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12261 |
| masjidal–Muslim Prayer Time-Salah/Iqamah | The Muslim Prayer Time-Salah/Iqamah plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Masjid ID parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12515 |
| matrix-org–matrix-rust-sdk | matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user’s cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation enum variant which indicates that a previously verified identity has been changed. | 2025-01-07 | 4.3 | CVE-2024-52813 |
| Mattermost–Mattermost | Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props. | 2025-01-09 | 4.3 | CVE-2025-20033 |
| maximize–Simple Video Management System | The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘analytics_video’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12256 |
| mdmag–Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress | The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘quillforms-popup’ shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11826 |
| MediaTek, Inc.–MT2737, MT2739, MT6789, MT6813, MT6815, MT6835, MT6835T, MT6855, MT6878, MT6878T, MT6879, MT6886, MT6895, MT6895T, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6985, MT6986, MT6986D, MT6988, MT6989, MT6990, MT6991, MT8676, MT8678, MT8798, MT8863 | In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01399339; Issue ID: MSV-1928. | 2025-01-06 | 6.7 | CVE-2024-20151 |
| MediaTek, Inc.–MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8518S, MT8532, MT8755, MT8766, MT8768, MT8775, MT8781, MT8796, MT8798, MT8893 | In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798. | 2025-01-06 | 4.4 | CVE-2024-20152 |
| MediaTek, Inc.–MT2737, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6880, MT6885, MT6886, MT6890, MT6893, MT6895, MT6897, MT6980, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676 | In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2041. | 2025-01-06 | 6.6 | CVE-2024-20144 |
| MediaTek, Inc.–MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676 | In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2069. | 2025-01-06 | 6.6 | CVE-2024-20143 |
| MediaTek, Inc.–MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8676 | In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; Issue ID: MSV-2040. | 2025-01-06 | 6.6 | CVE-2024-20145 |
| MediaTek, Inc.–MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8673, MT8768 | In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09062027; Issue ID: MSV-1743. | 2025-01-06 | 6.7 | CVE-2024-20105 |
| MediaTek, Inc.–MT6739, MT6761, MT6768, MT6781, MT6833, MT6853, MT6877, MT6885, MT6893, MT8518S, MT8532 | In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09270402; Issue ID: MSV-2020. | 2025-01-06 | 6.7 | CVE-2024-20140 |
| metaphorcreations–Post Duplicator | The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post. | 2025-01-11 | 5.3 | CVE-2024-12472 |
| MicroWorld–eScan Antivirus | A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-08 | 5.3 | CVE-2024-13188 |
| milmor–WP SPID Italia | The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-11758 |
| Mind Doodle–Mind Doodle Visual Sitemaps & Tasks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mind Doodle Mind Doodle Visual Sitemaps & Tasks allows Stored XSS.This issue affects Mind Doodle Visual Sitemaps & Tasks: from n/a through 1.6. | 2025-01-07 | 6.5 | CVE-2025-22544 |
| Modeltheme–MT Addons for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Modeltheme MT Addons for Elementor allows Stored XSS.This issue affects MT Addons for Elementor: from n/a through 1.0.6. | 2025-01-09 | 6.5 | CVE-2025-22811 |
| Modernaweb Studio–Black Widgets For Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Modernaweb Studio Black Widgets For Elementor allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.8. | 2025-01-09 | 6.5 | CVE-2025-22806 |
| Mozilla–Firefox | Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | 6.5 | CVE-2025-0242 |
| Mozilla–Firefox | When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134. | 2025-01-07 | 6.5 | CVE-2025-0246 |
| Mozilla–Firefox | The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | 5.4 | CVE-2025-0237 |
| Mozilla–Firefox | Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | 5.3 | CVE-2025-0238 |
| Mozilla–Firefox | Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | 5.1 | CVE-2025-0243 |
| Mozilla–Firefox | When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134. | 2025-01-07 | 5.3 | CVE-2025-0244 |
| Mozilla–Firefox | When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | 4 | CVE-2025-0239 |
| Mozilla–Firefox | Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | 4 | CVE-2025-0240 |
| mpc–Responsive FlipBook Plugin WordPress | The Responsive FlipBook Plugin WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rfbwp_save_settings() functionin all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-11929 |
| murali-indiacitys–Push Notification for Post and BuddyPress | The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pushnotificationid’ parameter in all versions up to, and including, 2.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-11 | 6.1 | CVE-2024-12407 |
| muzaara–Optimize Your Campaigns Google Shopping Google Ads Google Adwords | The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to extract sensitive configuration data that can be leveraged in another attack. | 2025-01-07 | 5.3 | CVE-2024-12159 |
| n/a–n/a | A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-06 | 6.1 | CVE-2024-35498 |
| n/a–n/a | A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the “next” parameter, which is included in the application’s response without adequate escaping. An attacker can exploit this flaw by tricking a user into visiting a specially crafted URL, causing the execution of arbitrary JavaScript code in the context of the victim’s browser. The issue occurs even though the application has sanitization mechanisms in place. | 2025-01-06 | 6.1 | CVE-2024-46073 |
| n/a–n/a | Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html. | 2025-01-07 | 6.1 | CVE-2024-50659 |
| n/a–n/a | Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script | 2025-01-06 | 6.1 | CVE-2024-51112 |
| n/a–n/a | The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.android.call.color.app.activities.DialerActivity component. | 2025-01-06 | 6.3 | CVE-2024-53933 |
| n/a–n/a | The com.callos14.callscreen.colorphone (aka iCall OS17 – Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callos14.callscreen.colorphone.DialerActivity component. | 2025-01-06 | 6.5 | CVE-2024-53935 |
| n/a–n/a | The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.asianmobile.callcolor.ui.component.call.CallActivity component. | 2025-01-06 | 6.3 | CVE-2024-53936 |
| n/a–n/a | BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the ‘dev_code’ parameter. | 2025-01-09 | 6.3 | CVE-2024-54761 |
| n/a–n/a | Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection. | 2025-01-09 | 6.3 | CVE-2024-54762 |
| n/a–n/a | An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. | 2025-01-06 | 6.5 | CVE-2024-54763 |
| n/a–n/a | An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. | 2025-01-06 | 6.5 | CVE-2024-54764 |
| n/a–n/a | IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter. | 2025-01-07 | 6.1 | CVE-2024-55218 |
| n/a–n/a | An issue in keras 3.7.0 allows attackers to write arbitrary files to the user’s machine via downloading a crafted tar file through the get_file function. | 2025-01-08 | 6.5 | CVE-2024-55459 |
| n/a–n/a | A cross-site scripting (XSS) vulnerability in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the op_func parameter at /occontrolpanel/index.php. | 2025-01-09 | 6.1 | CVE-2024-55494 |
| n/a–n/a | A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. | 2025-01-06 | 5.3 | CVE-2023-6604 |
| n/a–n/a | A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. | 2025-01-09 | 5.4 | CVE-2024-42898 |
| n/a–n/a | Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. The issue was fixed in version JUN23 #190. | 2025-01-07 | 5.4 | CVE-2024-44450 |
| n/a–n/a | A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter. | 2025-01-06 | 5.4 | CVE-2024-46209 |
| n/a–n/a | Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs. | 2025-01-09 | 5.4 | CVE-2024-55226 |
| n/a–n/a | An issue in the AsusSAIO.sys component of ASUS System Analysis IO v1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. | 2025-01-06 | 5.3 | CVE-2024-55408 |
| n/a–n/a | A flaw was found in FFmpeg’s HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions. | 2025-01-06 | 4.7 | CVE-2023-6601 |
| n/a–n/a | Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim’s browser. | 2025-01-06 | 4.1 | CVE-2024-51111 |
| n/a–pgAgent | When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks. | 2025-01-07 | 5.5 | CVE-2025-0218 |
| n/a–SEMCMS | A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-08 | 6.3 | CVE-2024-13193 |
| n/a–Sucms | A vulnerability was found in Sucms 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/admin_members.php?ac=search. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2024-13194 |
| n/a–YunzMall | A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This issue affects the function changePwd of the file /app/platform/controllers/ResetpwdController.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 5.3 | CVE-2025-0331 |
| Nagy Sandor–Simple Photo Sphere | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nagy Sandor Simple Photo Sphere allows Stored XSS.This issue affects Simple Photo Sphere: from n/a through 0.0.10. | 2025-01-07 | 6.5 | CVE-2025-22532 |
| nasirahmed–Advanced Form Integration | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in nasirahmed Advanced Form Integration allows Stored XSS.This issue affects Advanced Form Integration: from n/a through 1.95.0. | 2025-01-07 | 5.9 | CVE-2024-56293 |
| newsletter2go–Newsletter2Go | The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘resetStyles’ AJAX action in all versions up to, and including, 4.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset styles. | 2025-01-09 | 4.3 | CVE-2024-12618 |
| nickboss–WordPress File Upload | The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘wfu_ajax_action_read_subfolders’ function in all versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform limited path traversal to view directories and subdirectories in WordPress. Files cannot be viewed. | 2025-01-07 | 4.3 | CVE-2024-12719 |
| OISF–suricata | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8. | 2025-01-06 | 5.9 | CVE-2024-55627 |
| Olaf Lederer–EO4WP | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Olaf Lederer EO4WP allows Stored XSS.This issue affects EO4WP: from n/a through 1.0.7. | 2025-01-07 | 6.5 | CVE-2025-22327 |
| One Plus Solution–jQuery TwentyTwenty | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in One Plus Solution jQuery TwentyTwenty allows Stored XSS.This issue affects jQuery TwentyTwenty: from n/a through 1.0. | 2025-01-07 | 6.5 | CVE-2025-22546 |
| opacewebdesign–AI Scribe SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) | The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the ‘template_id’ parameter of the ‘article_builder_generate_data’ shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-10 | 6.5 | CVE-2024-12473 |
| opacewebdesign–AI Scribe SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) | The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the “al_scribe_content_data” actions. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-09 | 4.3 | CVE-2024-12605 |
| opacewebdesign–AI Scribe SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) | The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings. | 2025-01-10 | 4.3 | CVE-2024-12606 |
| OpenHarmony–OpenHarmony | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 2025-01-07 | 5.5 | CVE-2024-45070 |
| OpenHarmony–OpenHarmony | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOSÂ through use after free. | 2025-01-07 | 4.4 | CVE-2024-54030 |
| ORION–Allada T-shirt Designer for Woocommerce | Missing Authorization vulnerability in ORION Allada T-shirt Designer for Woocommerce.This issue affects Allada T-shirt Designer for Woocommerce: from n/a through 1.1. | 2025-01-07 | 5.3 | CVE-2025-22363 |
| osamaesh–WP Visitor Statistics (Real Time Traffic) | Missing Authorization vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.3. | 2025-01-07 | 4.3 | CVE-2025-22304 |
| otwthemes–Toggles Shortcode and Widget | The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-07 | 4.4 | CVE-2024-12207 |
| outtheboxthemes–Same but Different Related Posts by Taxonomy | The Same but Different – Related Posts by Taxonomy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11363 |
| Pablo Cornehl–WP Github | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pablo Cornehl WP Github allows Stored XSS.This issue affects WP Github: from n/a through 1.3.3. | 2025-01-07 | 6.5 | CVE-2025-22549 |
| pantherius–WordPress Survey & Poll Quiz, Survey and Poll Plugin for WordPress | The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wpsurveypoll_results’ shortcode in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12528 |
| Paul Bearne–Author Avatars List/Block | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.23. | 2025-01-09 | 6.5 | CVE-2025-22804 |
| paygreen–PayGreen Payment Gateway | The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message_id’ parameter in all versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11810 |
| phoeniixx–Woocommerce check pincode/zipcode for shipping | The Woocommerce check pincode/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-12218 |
| Piotnet–Piotnet Addons For Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.31. | 2025-01-07 | 6.5 | CVE-2025-22333 |
| piotnetdotcom–Piotnet Addons For Elementor | The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Heading widget in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-9673 |
| Pixelite–WP FullCalendar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pixelite WP FullCalendar allows Stored XSS.This issue affects WP FullCalendar: from n/a through 1.5. | 2025-01-07 | 6.5 | CVE-2025-22261 |
| PixelYourSite–PixelYourSite Your smart PIXEL (TAG) Manager | Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Cross Site Request Forgery.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through 10.0.1.2. | 2025-01-07 | 5.4 | CVE-2025-22300 |
| PLANEX COMMUNICATIONS INC.–MZK-DP300N | Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user’s web browser when accessing a crafted URL. | 2025-01-08 | 4.8 | CVE-2025-21603 |
| pluginspoint–Timeline Pro | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pluginspoint Timeline Pro allows DOM-Based XSS.This issue affects Timeline Pro: from n/a through 1.3. | 2025-01-07 | 6.5 | CVE-2025-22584 |
| POSIMYTH–Nexter Blocks | Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through 4.0.7. | 2025-01-07 | 6.4 | CVE-2024-56294 |
| posturinn–Psturinn\’s Shipping with WooCommerce | The Pósturinn\'s Shipping with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the printed_marked and nonprinted_marked parameters in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-11815 |
| Powerfusion–WPAchievements Free | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Powerfusion WPAchievements Free allows Stored XSS.This issue affects WPAchievements Free: from n/a through 1.2.0. | 2025-01-07 | 6.5 | CVE-2025-22362 |
| Progress–Sitefinity | : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | 2025-01-07 | 6.8 | CVE-2024-11627 |
| proloybhaduri–LazyLoad Background Images | The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin’s settings. | 2025-01-07 | 4.3 | CVE-2024-12327 |
| qualcomm — ar8035_firmware | Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. | 2025-01-06 | 6.1 | CVE-2024-33067 |
| qualcomm — fastconnect_6900_firmware | Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls, | 2025-01-06 | 6.7 | CVE-2024-33041 |
| qualcomm — fastconnect_6900_firmware | Memory corruption while invoking IOCTL calls to unmap the DMA buffers. | 2025-01-06 | 6.7 | CVE-2024-33055 |
| qualcomm — fastconnect_6900_firmware | Memory corruption while processing frame command IOCTL calls. | 2025-01-06 | 6.7 | CVE-2024-33059 |
| qualcomm — qam8255p_firmware | Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size. | 2025-01-06 | 6.6 | CVE-2024-23366 |
| qualcomm — qam8255p_firmware | information disclosure while invoking the mailbox read API. | 2025-01-06 | 6.1 | CVE-2024-43063 |
| qualcomm — qcs8550_firmware | Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. | 2025-01-06 | 6.8 | CVE-2024-33061 |
| Qualcomm, Inc.–Snapdragon | Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend. | 2025-01-06 | 5.5 | CVE-2024-45559 |
| Rails–Action Pack | The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. | 2025-01-09 | 4 | CVE-2023-28362 |
| Rails–ActiveSupport | There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. | 2025-01-09 | 5.3 | CVE-2023-28120 |
| Rails–Kredis JSON | There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code | 2025-01-09 | 5.3 | CVE-2023-27531 |
| Rails–Rack | There is a denial of service vulnerability in the header parsing component of Rack. | 2025-01-09 | 5.3 | CVE-2023-27539 |
| Rails–rails-ujs | There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute. | 2025-01-09 | 6.3 | CVE-2023-23913 |
| rajeshsingh520–Store credit / Gift cards for woocommerce | The Store credit / Gift cards for woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘coupon’, ‘start_date’, and ‘end_date’ parameters in all versions up to, and including, 1.0.49.46 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11369 |
| ramon-fincken–Simple add pages or posts | The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12288 |
| reader87–Dominion Domain Checker for WPBakery | The Dominion – Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘dominion_shortcodes_domain_search_6’ shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-12520 |
| realmag777–MDTF Meta Data and Taxonomies Filter | The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the ‘key’ attribute of the ‘mdf_value’ shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-08 | 6.5 | CVE-2024-12030 |
| Red Hat–Red Hat Enterprise Linux 6 | A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. | 2025-01-09 | 5.6 | CVE-2024-56826 |
| Red Hat–Red Hat Enterprise Linux 6 | A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. | 2025-01-09 | 5.6 | CVE-2024-56827 |
| redis–redis | Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2. | 2025-01-06 | 4.4 | CVE-2024-51741 |
| reflectionmedia–User Profile Builder Beautiful User Registration Forms, User Profiles & User Role Editor | The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks a link to show user meta. | 2025-01-07 | 6.1 | CVE-2024-12738 |
| reichertbrothers–SimplyRETS Real Estate IDX | The SimplyRETS Real Estate IDX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sr_search_form’ shortcode in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12491 |
| revmakx–InfiniteWP Client | The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the ‘historyID’ parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory. | 2025-01-08 | 5.3 | CVE-2024-10585 |
| rightmessage–RightMessage WP | The RightMessage WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘rm_area’ shortcode in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12445 |
| Robert Peake–Responsive Flickr Slideshow | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Robert Peake Responsive Flickr Slideshow allows Stored XSS.This issue affects Responsive Flickr Slideshow: from n/a through 2.6.0. | 2025-01-09 | 6.5 | CVE-2025-22807 |
| rrdevs–RRAddons for Elementor | The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to. | 2025-01-11 | 4.3 | CVE-2024-11915 |
| S3Bubble–S3Player WooCommerce & Elementor Integration | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in S3Bubble S3Player – WooCommerce & Elementor Integration allows Stored XSS.This issue affects S3Player – WooCommerce & Elementor Integration: from n/a through 4.2.1. | 2025-01-09 | 6.5 | CVE-2025-22818 |
| samdani–GS Insever Portfolio | The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin’s CSS settings. | 2025-01-09 | 4.3 | CVE-2024-12249 |
| Saoshyant.1994–Saoshyant Page Builder | Missing Authorization vulnerability in Saoshyant.1994 Saoshyant Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Saoshyant Page Builder: from n/a through 3.8. | 2025-01-07 | 5.3 | CVE-2025-22560 |
| sazzadh–Image Magnify | The Image Magnify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘image_magnify’ shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11445 |
| scriptsbundle–AdForest | The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like ‘sb_remove_ad’ in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete posts, attachments and deactivate a license. | 2025-01-08 | 4.3 | CVE-2024-12855 |
| searchie–Searchie | The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sio_embed_media’ shortcode in all versions up to, and including, 1.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12819 |
| SecureSubmit–WP SecureSubmit | Missing Authorization vulnerability in SecureSubmit WP SecureSubmit.This issue affects WP SecureSubmit: from n/a through 1.5.16. | 2025-01-07 | 5.3 | CVE-2024-56270 |
| SecureSubmit–WP SecureSubmit | Missing Authorization vulnerability in SecureSubmit WP SecureSubmit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SecureSubmit: from n/a through 1.5.16. | 2025-01-07 | 4.3 | CVE-2024-56271 |
| sellsy–Sellsy | The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘testSellsy’ shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12592 |
| seomantis–SEO Keywords | The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘google_error’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12126 |
| shaonsina–Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) | The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Sina Image Differ widget in all versions up to, and including, 3.5.91 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12624 |
| silabs.com–Simplicity SDK | A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. A watchdog reset clears the error condition automatically. | 2025-01-08 | 6.5 | CVE-2024-6350 |
| Simon Chuang–Show Google Analytics widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Simon Chuang Show Google Analytics widget allows Stored XSS.This issue affects Show Google Analytics widget: from n/a through 1.5.4. | 2025-01-07 | 6.5 | CVE-2025-22515 |
| SingMR–HouseRent | A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2024-13211 |
| SingMR–HouseRent | A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2024-13212 |
| SIOT– | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SIOT ì•„ìž„í¬íŠ¸ ê²°ì œë²„íŠ¼ ìƒì„± í”ŒëŸ¬ê·¸ì¸ allows Stored XSS.This issue affects ì•„ìž„í¬íŠ¸ ê²°ì œë²„íŠ¼ ìƒì„± 플러그ì¸: from n/a through 1.1.19. | 2025-01-07 | 6.5 | CVE-2025-22530 |
| skyword–Skyword API Plugin | The Skyword API Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘skyword_iframe’ shortcode in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-11907 |
| smartdatasoft–Essential WP Real Estate | The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts. | 2025-01-10 | 5.3 | CVE-2024-13318 |
| socialrocket–Social Rocket Social Sharing Plugin | The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘socialrocket-floating’ shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-9702 |
| socialrocket–Social Rocket Social Sharing Plugin | The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin’s settings. | 2025-01-07 | 5.3 | CVE-2024-9697 |
| solwininfotech–Timeline Designer | The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the ‘s’ parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-07 | 4.9 | CVE-2024-11437 |
| SourceCodester–Home Clean Services Management System | A vulnerability has been found in SourceCodester Home Clean Services Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /public_html/admin/process.php. The manipulation of the argument type/length/business leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-07 | 4.7 | CVE-2025-0294 |
| spacecodes–AI for SEO | Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through 1.2.9. | 2025-01-07 | 4.3 | CVE-2025-22299 |
| sperse–Automate Hub Free by Sperse.IO | The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11377 |
| Splunk–Splunk App for SOAR | In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the “admin” Splunk roles. | 2025-01-07 | 6.4 | CVE-2025-22621 |
| Sprout Apps–Help Scout | Missing Authorization vulnerability in Sprout Apps Help Scout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Help Scout: from n/a through 6.5.1. | 2025-01-07 | 4.3 | CVE-2025-22512 |
| ssema–SEMA API | The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘catid’ parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-12285 |
| StarSea99–starsea-mall | A vulnerability was found in StarSea99 starsea-mall 1.0. It has been declared as critical. This vulnerability affects the function UploadController of the file src/main/java/com/siro/mall/controller/common/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-12 | 4.7 | CVE-2025-0399 |
| Steve D–SpeakOut! Email Petitions | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Steve D SpeakOut! Email Petitions allows DOM-Based XSS.This issue affects SpeakOut! Email Petitions: from n/a through 4.4.2. | 2025-01-07 | 6.5 | CVE-2025-22309 |
| Stormhill Media–MyBookTable Bookstore | Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore: from n/a through 3.5.3. | 2025-01-07 | 5.4 | CVE-2025-22301 |
| stylemix–WordPress Header Builder Plugin Pearl | The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the stm_header_builder page. This makes it possible for unauthenticated attackers to delete arbitrary headers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-09 | 4.3 | CVE-2024-12206 |
| surakrai–MIMO Woocommerce Order Tracking | The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add, update, and delete shipper tracking settings. | 2025-01-09 | 4.3 | CVE-2024-5769 |
| Surbma–Surbma | Premium WP | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Surbma Surbma | Premium WP allows DOM-Based XSS.This issue affects Surbma | Premium WP: from n/a through 9.0. | 2025-01-09 | 6.5 | CVE-2025-22808 |
| sw-galati.ro–iframe to embed | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sw-galati.ro iframe to embed allows Stored XSS.This issue affects iframe to embed: from n/a through 1.2. | 2025-01-07 | 6.5 | CVE-2025-22545 |
| swarminteractive–ViewMedica 9 | The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12291 |
| swarminteractive–ViewMedica 9 | The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the ‘Viewmedica-Admin’ page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 5.4 | CVE-2024-12170 |
| sweepwidget–SweepWidget Contests, Giveaways, Photo Contests, Competitions | The SweepWidget Contests, Giveaways, Photo Contests, Competitions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sweepwidget’ shortcode in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11756 |
| tcoder–TCBD Auto Refresher | The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘tcbd_auto_refresh’ shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-12519 |
| TemplatesNext–TemplatesNext ToolKit | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TemplatesNext TemplatesNext ToolKit allows Stored XSS.This issue affects TemplatesNext ToolKit: from n/a through 3.2.9. | 2025-01-07 | 6.5 | CVE-2025-22310 |
| teonos–Slotti Ajanvaraus | The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘slotti-embed-ga’ shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-12521 |
| thehappymonster–Happy Addons for Elementor | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha_cmc_text’ parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-12852 |
| TheInnovs–ElementsCSS Addons for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TheInnovs ElementsCSS Addons for Elementor allows Stored XSS.This issue affects ElementsCSS Addons for Elementor: from n/a through 1.0.8.7. | 2025-01-07 | 6.5 | CVE-2025-22321 |
| themeatelier–Chat Support for Viber Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode | The Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘vchat’ shortcode in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12457 |
| themebon–Ultimate Image Hover Effects | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in themebon Ultimate Image Hover Effects allows DOM-Based XSS.This issue affects Ultimate Image Hover Effects: from n/a through 1.1.2. | 2025-01-07 | 6.5 | CVE-2025-22585 |
| themeisle–Orbit Fox by ThemeIsle | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-10 | 6.4 | CVE-2024-13183 |
| themeisle–Orbit Fox by ThemeIsle | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-10 | 6.4 | CVE-2025-0311 |
| themepoints–Service Box | The Service Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12699 |
| ThemePoints–Skill Bar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemePoints Skill Bar allows Stored XSS.This issue affects Skill Bar: from n/a through 1.2. | 2025-01-09 | 6.5 | CVE-2025-22805 |
| themesflat–Themesflat Addons For Elementor | The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-12205 |
| ThemeSupport–Hide Category by User Role for WooCommerce | Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce.This issue affects Hide Category by User Role for WooCommerce: from n/a through 2.1.1. | 2025-01-07 | 4.3 | CVE-2024-56272 |
| ThimPress–Thim Elementor Kit | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThimPress Thim Elementor Kit allows DOM-Based XSS.This issue affects Thim Elementor Kit: from n/a through 1.2.8. | 2025-01-07 | 6.5 | CVE-2025-22312 |
| tinuzz–Trackserver | The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘tsmap’ shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-12505 |
| Tips and Tricks HQ–Compact WP Audio Player | Server-Side Request Forgery (SSRF) vulnerability in Tips and Tricks HQ Compact WP Audio Player allows Server Side Request Forgery.This issue affects Compact WP Audio Player: from n/a through 1.9.14. | 2025-01-07 | 6.4 | CVE-2024-56279 |
| tobias_conrad–Design for Contact Form 7 Style WordPress Plugin CF7 WOW Styler | The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. This functionality is also vulnerable to Reflected Cross-Site Scripting. Version 1.7.0 patched the Reflected XSS issue, however, the arbitrary shortcode execution issue remains. | 2025-01-07 | 6.5 | CVE-2024-12419 |
| transportersio–Transporters.io | The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12557 |
| TXOne Networks–Portable Inspector | Improper Input Validation vulnerability in Management Program in TXOne Networks Portable Inspector and Portable Inspector Pro Edition allows remote attacker to crash management service. The Denial of Service situation can be resolved by restarting the management service. This issue affects Portable Inspector: through 1.0.0; Portable Inspector Pro Edition: through 1.0.0. | 2025-01-08 | 5.3 | CVE-2024-47934 |
| unitecms–Unlimited Elements For Elementor | The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn’t part of the code, to apply the patch, the affected widgets: Image Tooltip, Notification, Simple Popup, Video Play Button, and Card Carousel, must be deleted and reinstalled manually. | 2025-01-09 | 6.4 | CVE-2024-13153 |
| Unknown–Aklamator INfeed | The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-01-09 | 6.1 | CVE-2024-12731 |
| Unknown–Aklamator INfeed | The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-09 | 4.8 | CVE-2024-12717 |
| Unknown–Asgard Security Scanner | The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-01-09 | 6.1 | CVE-2024-12715 |
| Unknown–Auto iFrame | The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-01-08 | 5.4 | CVE-2024-10151 |
| Unknown–Backlink Monitoring Manager | The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-01-09 | 6.1 | CVE-2024-12714 |
| Unknown–BU Section Editing | The BU Section Editing WordPress plugin through 0.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-01-09 | 6.1 | CVE-2024-12736 |
| Unknown–Category Posts Widget | The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-07 | 4.8 | CVE-2024-9638 |
| Unknown–Email Subscribers by Icegram Express | The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 2025-01-06 | 6.5 | CVE-2024-12311 |
| Unknown–Icegram Engage | The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks | 2025-01-06 | 6.1 | CVE-2024-12302 |
| Unknown–Pods | The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-06 | 6.1 | CVE-2024-11849 |
| Unknown–PostLists | The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | 2025-01-09 | 4.2 | CVE-2024-10815 |
| Unknown–Property Hive | The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-01-08 | 6.1 | CVE-2024-12585 |
| Unknown–Tabs Shortcode | The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-01-07 | 5.3 | CVE-2024-11606 |
| Unknown–tourmaster | The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. | 2025-01-06 | 6.1 | CVE-2024-11356 |
| Unknown–WordPress Auction Plugin | The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks. | 2025-01-07 | 4.8 | CVE-2024-8857 |
| upress–Enable Accessibility | The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-9208 |
| uptodown–Uptodown APK Download Widget | The Uptodown APK Download Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘utd-widget’ shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12453 |
| Vanderbilt–REDCap | An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the email-subject. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim clicks on the email-subject value, it triggers the XSS payload. | 2025-01-10 | 6.1 | CVE-2025-23110 |
| Vanderbilt–REDCap | An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload. | 2025-01-10 | 6.1 | CVE-2025-23112 |
| Vanderbilt–REDCap | A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | 2025-01-09 | 5.4 | CVE-2024-56376 |
| Vanderbilt–REDCap | A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload (which has been injected into all survey fields) is executed, potentially enabling the execution of arbitrary web scripts. | 2025-01-09 | 5.4 | CVE-2024-56377 |
| Vanderbilt–REDCap | An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website. Thus, this allows malicious actions to be executed without user consent. | 2025-01-10 | 4.7 | CVE-2025-23111 |
| Venutius–BP Profile Shortcodes Extra | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Venutius BP Profile Shortcodes Extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through 2.6.0. | 2025-01-09 | 6.5 | CVE-2025-22817 |
| vfthemes–StorePress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in vfthemes StorePress allows DOM-Based XSS.This issue affects StorePress: from n/a through 1.0.12. | 2025-01-09 | 6.5 | CVE-2025-22821 |
| vickydalmia–Coupon Plugin | The Coupon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Coupon Code’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12516 |
| VillaTheme–Advanced Product Information for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VillaTheme Advanced Product Information for WooCommerce allows Stored XSS.This issue affects Advanced Product Information for WooCommerce: from n/a through 1.1.4. | 2025-01-09 | 6.5 | CVE-2025-22803 |
| virgial–Bootstrap Blocks for WP Editor v2 | The Bootstrap Blocks for WP Editor v2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gtb-bootstrap/column’ block in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12495 |
| VIWIS–LMS | A vulnerability has been found in VIWIS LMS 9.11 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component File Upload. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 9.12 is able to address this issue. It is recommended to upgrade the affected component. | 2025-01-08 | 4.3 | CVE-2024-8002 |
| VMware–VMware Aria Automation | VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with “Organization Member” access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network. | 2025-01-08 | 4.3 | CVE-2025-22215 |
| wander-chu–SpringBoot-Blog | A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 4.7 | CVE-2024-13201 |
| wc1c–WC1C | The WC1C plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.23.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11375 |
| web-mv–ResAds | The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-12122 |
| webwirkung–Shipping via Planzer for WooCommerce | The Shipping via Planzer for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘processed-ids’ parameter in all versions up to, and including, 1.0.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-08 | 6.1 | CVE-2024-12337 |
| wordlift–WordLift AI powered SEO Schema | The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ‘wl_config_plugin’ AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin’s settings. | 2025-01-07 | 5.3 | CVE-2024-12176 |
| WORDPRESTEEM–WE Blocks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WORDPRESTEEM WE Blocks allows Stored XSS.This issue affects WE Blocks: from n/a through 1.3.5. | 2025-01-07 | 6.5 | CVE-2025-22529 |
| wow-analytics–GatorMail SmartForms | The GatorMail SmartForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘gatormailsmartform’ shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-11386 |
| WP OnlineSupport, Essential Plugin–Hero Banner Ultimate | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate allows PHP Local File Inclusion.This issue affects Hero Banner Ultimate: from n/a through 1.4.2. | 2025-01-07 | 6.5 | CVE-2025-22305 |
| WP Wand–WP Wand | Missing Authorization vulnerability in WP Wand WP Wand allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through 1.2.5. | 2025-01-07 | 5.3 | CVE-2025-22302 |
| WPBits–WPBITS Addons For Elementor Page Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. | 2025-01-07 | 6.5 | CVE-2024-56285 |
| WPBits–WPBITS Addons For Elementor Page Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. | 2025-01-07 | 5.9 | CVE-2025-22316 |
| wpchill–Passster Password Protect Pages and Content | The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2025-01-07 | 5.3 | CVE-2024-11282 |
| wpchill–RSVP and Event Management | The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attackers to delete questions and attendees and for authenticated users to update question menu orders. | 2025-01-07 | 5.3 | CVE-2024-12711 |
| wpdevart–Booking calendar, Appointment Booking System | The Booking Calendar and Booking Calendar Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘calendar_id’ parameter in all versions up to, and including, 3.2.19 and 11.2.19 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12077 |
| wpdevelop, oplugins–Email Reminders | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpdevelop, oplugins Email Reminders allows Stored XSS.This issue affects Email Reminders: from n/a through 2.0.5. | 2025-01-07 | 5.9 | CVE-2024-56292 |
| WPDeveloper–Typing Text | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.7. | 2025-01-07 | 6.5 | CVE-2025-22315 |
| wpdevteam–Essential Blocks Page Builder Gutenberg Blocks, Patterns & Templates | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-08 | 4.4 | CVE-2024-12045 |
| wpecommerce, wp.insider–Sell Digital Downloads | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpecommerce, wp.insider Sell Digital Downloads allows Stored XSS.This issue affects Sell Digital Downloads: from n/a through 2.2.7. | 2025-01-09 | 6.5 | CVE-2025-22826 |
| WPForms–Contact Form by WPForms | Missing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through 1.9.2.2. | 2025-01-07 | 4.3 | CVE-2024-56276 |
| wpjobportal–WP Job Portal A Complete Recruitment System for Company or Job Board website | The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit resumes for other applicants when applying for jobs. | 2025-01-07 | 4.3 | CVE-2024-12131 |
| wpqode–FancyPost Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor | The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export shortcodes. | 2025-01-07 | 4.3 | CVE-2024-10536 |
| wpsoul–Greenshift animation and page builder blocks | The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application that can also be leveraged to download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata. The issue was partially patched in version 8.9.9 and fully patched in version 9.0.1. | 2025-01-09 | 6.4 | CVE-2024-6155 |
| wptravel–WP Travel Ultimate Travel Booking System, Tour Management Engine | The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the ‘booking_itinerary’ parameter of the ‘wptravel_get_booking_data’ function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-09 | 6.5 | CVE-2024-12067 |
| WPvivid Backup & Migration–WPvivid Backup and Migration | Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106. | 2025-01-07 | 4.3 | CVE-2024-56273 |
| xpro–140+ Widgets | Xpro Addons For Elementor FREE | The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the ‘duplicate’ function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. | 2025-01-08 | 4.3 | CVE-2024-12584 |
| yudiz–WP Menu Image | The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wmi_delete_img_menu’ function in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to delete images from menus. | 2025-01-07 | 5.3 | CVE-2024-12022 |
| yumpu–Yumpu E-Paper publishing | The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘YUMPU’ shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12621 |
| ZeroWdd–myblog | A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-08 | 6.3 | CVE-2024-13190 |
| ZeroWdd–myblog | A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-08 | 6.3 | CVE-2024-13191 |
| zhenfeng13–My-Blog | A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-06 | 6.3 | CVE-2024-13144 |
| zhenfeng13–My-Blog | A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-06 | 6.3 | CVE-2024-13145 |
Low Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| CampCodes–Computer Laboratory Management System | A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. This affects an unknown part of the file /class/edit/edit. The manipulation of the argument s_lname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-09 | 3.5 | CVE-2025-0342 |
| CampCodes–DepEd Equipment Inventory System | A vulnerability was found in CampCodes DepEd Equipment Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /data/add_employee.php. The manipulation of the argument data leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 3.5 | CVE-2025-0348 |
| clevelandwebdeveloper–Spacer | The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information. | 2025-01-07 | 3.1 | CVE-2024-10527 |
| code-projects–Online Bike Rental | A vulnerability classified as problematic has been found in code-projects Online Bike Rental 1.0. Affected is an unknown function of the file /vehical-details.php of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. | 2025-01-09 | 3.5 | CVE-2025-0339 |
| code-projects–Online Book Shop | A vulnerability was found in code-projects Online Book Shop 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /booklist.php?subcatid=1. The manipulation of the argument subcatnm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 3.5 | CVE-2025-0295 |
| code-projects–Online Book Shop | A vulnerability, which was classified as problematic, has been found in code-projects Online Book Shop 1.0. Affected by this issue is some unknown functionality of the file /subcat.php. The manipulation of the argument catnm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 3.5 | CVE-2025-0301 |
| donglight–bookstore | A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been declared as problematic. This vulnerability affects the function BookSearchList of the file src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java. The manipulation of the argument keywords leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 3.5 | CVE-2024-13196 |
| donglight–bookstore | A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been rated as problematic. This issue affects the function updateUser of the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 3.5 | CVE-2024-13197 |
| Drupal–Acquia DAM | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3. | 2025-01-09 | 3.5 | CVE-2024-13261 |
| Drupal–POST File | Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2. | 2025-01-09 | 3.1 | CVE-2024-13293 |
| HCL Software–DRYiCE MyXalytics | HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames. | 2025-01-11 | 3.7 | CVE-2024-42174 |
| HCL Software–DRYiCE MyXalytics | HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow. | 2025-01-11 | 2.6 | CVE-2024-42175 |
| HCL Software–DRYiCE MyXalytics | HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server’s name & version. | 2025-01-12 | 2 | CVE-2024-42179 |
| HCL Software–DRYiCE MyXalytics | HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files. | 2025-01-12 | 1.6 | CVE-2024-42180 |
| HCL Software–DRYiCE MyXalytics | HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | 2025-01-12 | 1.6 | CVE-2024-42181 |
| Hewlett Packard Enterprise (HPE)–AOS-CX | A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure. | 2025-01-08 | 3.4 | CVE-2024-54010 |
| IBM–Controller | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-01-07 | 3.7 | CVE-2021-20455 |
| IBM–DevOps Deploy | IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | 2025-01-06 | 3.1 | CVE-2024-51472 |
| kurniaramadhan–E-Commerce-PHP | A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 2.4 | CVE-2024-13205 |
| langhsu–Mblog Blog System | A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 3.7 | CVE-2024-13198 |
| langhsu–Mblog Blog System | A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The manipulation of the argument kw leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 3.5 | CVE-2024-13199 |
| longpi1–warehouse | A vulnerability has been found in longpi1 warehouse 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /resources/..;/inport/updateInport of the component Backend. The manipulation of the argument remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-12 | 2.4 | CVE-2025-0398 |
| Mattermost–Mattermost | Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting. | 2025-01-09 | 3.5 | CVE-2025-22445 |
| Mattermost–Mattermost | Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the “allow_open_invite” field via making their team public. | 2025-01-09 | 3.8 | CVE-2025-22449 |
| Mozilla–Firefox | Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134. | 2025-01-07 | 3.3 | CVE-2025-0245 |
| n/a–n/a | An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the mode_name, wl_link parameters of the skk_get.cgi component. | 2025-01-06 | 2.7 | CVE-2024-48455 |
| OISF–suricata | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8. | 2025-01-06 | 3.3 | CVE-2024-55626 |
| reckcn–SPPanAdmin | A vulnerability, which was classified as problematic, was found in reckcn SPPanAdmin 1.0. Affected is an unknown function of the file /;/admin/role/edit. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-12 | 3.5 | CVE-2025-0397 |
| Redaxo–CMS | A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 2.4 | CVE-2024-13209 |
| silabs.com–Ember ZNet SDK | A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin’s buffer. | 2025-01-09 | 3.7 | CVE-2024-10106 |
| SingMR–HouseRent | A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 3.5 | CVE-2024-13213 |
| StarSea99–starsea-mall | A vulnerability was found in StarSea99 starsea-mall 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/categories/update. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-12 | 2.4 | CVE-2025-0400 |
| strawberry-graphql–strawberry | Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL’s relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node interface. When querying for a specific type using the global node field (e.g., FruitType:some-id), the resolver may incorrectly return an instance of a different type mapped to the same model (e.g., SpecialFruitType). This can lead to information disclosure if the alternate type exposes sensitive fields and potential privilege escalation if the alternate type contains data intended for restricted access. This vulnerability is fixed in 0.257.0. | 2025-01-09 | 3.7 | CVE-2025-22151 |
| TUBITAK BILGEM–Pardus OS My Computer | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus OS My Computer: before 0.7.2. | 2025-01-06 | 3.9 | CVE-2024-12970 |
| Unknown–Form Maker by 10Web | The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-07 | 2.7 | CVE-2024-10562 |
| Unknown–Photo Gallery, Images, Slider in Rbs Image Gallery | The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | 2025-01-07 | 2.7 | CVE-2024-10102 |
| Vanderbilt–REDCap | An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim click on the alert-title value, it can trigger a logout request and terminates their session, or redirect to a phishing website. This vulnerability stems from the absence of CSRF protections on the logout functionality. | 2025-01-10 | 3.4 | CVE-2025-23113 |
| wander-chu–SpringBoot-Blog | A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 2.4 | CVE-2024-13202 |
| ZeroWdd–myblog | A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-08 | 3.5 | CVE-2024-13192 |
| ZeroWdd–studentmanager | A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/PermissionController. java. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-06 | 2.4 | CVE-2024-13143 |
Severity Not Yet Assigned
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| CarbonPHP–carbon | Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers. This vulnerability is fixed in 3.8.4 and 2.72.6. | 2025-01-08 | not yet calculated | CVE-2025-22145 |
| charmbracelet–soft-serve | Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user’s repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without explicitly giving them permissions. This is patched in v0.8.2. | 2025-01-08 | not yet calculated | CVE-2025-22130 |
| dataease–dataease | DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class, “request.getRequestURI” is used to obtain the request URL, and it is passed to the “WhitelistUtils.match” method to determine whether the URL request is an interface that does not require authentication. The “match” method filters semicolons, but this is not enough. When users set “server.servlet.context-path” when deploying products, there is still a risk of being bypassed, which can be bypassed by any whitelist prefix /geo/../context-path/. The vulnerability has been fixed in v2.10.4. | 2025-01-10 | not yet calculated | CVE-2024-56511 |
| Drupal–Advanced Varnish | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11. | 2025-01-09 | not yet calculated | CVE-2024-13269 |
| Drupal–Allow All File Extensions for file fields | Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields: *.*. | 2025-01-09 | not yet calculated | CVE-2024-13311 |
| Drupal–Browser Back Button | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2. | 2025-01-09 | not yet calculated | CVE-2024-13308 |
| Drupal–Content Entity Clone | Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4. | 2025-01-09 | not yet calculated | CVE-2024-13271 |
| Drupal–Freelinking | Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1. | 2025-01-09 | not yet calculated | CVE-2024-13270 |
| Drupal–Git Utilities for Drupal | Vulnerability in Drupal Git Utilities for Drupal.This issue affects Git Utilities for Drupal: *.*. | 2025-01-09 | not yet calculated | CVE-2024-13310 |
| Drupal–Login Disable | Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1. | 2025-01-09 | not yet calculated | CVE-2024-13309 |
| Drupal–Megamenu Framework | Vulnerability in Drupal Megamenu Framework.This issue affects Megamenu Framework: *.*. | 2025-01-09 | not yet calculated | CVE-2024-13299 |
| Drupal–OhDear Integration | Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4. | 2025-01-09 | not yet calculated | CVE-2024-13290 |
| Drupal–Open Social | Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5. | 2025-01-09 | not yet calculated | CVE-2024-13274 |
| Drupal–Open Social | Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9. | 2025-01-09 | not yet calculated | CVE-2024-13312 |
| Drupal–Opigno | Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’) vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23. | 2025-01-09 | not yet calculated | CVE-2024-13268 |
| Drupal–Opigno Learning path | Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’) vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2. | 2025-01-09 | not yet calculated | CVE-2024-13265 |
| Drupal–Opigno TinCan Question Type | Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’) vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3. | 2025-01-09 | not yet calculated | CVE-2024-13267 |
| Drupal–Paragraphs table | Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2. | 2025-01-09 | not yet calculated | CVE-2024-13272 |
| Drupal–Print Anything | Vulnerability in Drupal Print Anything.This issue affects Print Anything: *.*. | 2025-01-09 | not yet calculated | CVE-2024-13300 |
| Drupal–Responsive and off-canvas menu | Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4. | 2025-01-09 | not yet calculated | CVE-2024-13266 |
| Drupal–Security Kit | Access of Resource Using Incompatible Type (‘Type Confusion’) vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3. | 2025-01-09 | not yet calculated | CVE-2024-13275 |
| Eugeny–tabby | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableNodeOptionsEnvironmentVariable. These fuses create potential code injection vectors even though the application is signed with hardened runtime and lacks dangerous entitlements such as com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables. This vulnerability is fixed in 1.0.217. | 2025-01-08 | not yet calculated | CVE-2025-22136 |
| guzzle–oauth-subscriber | Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixed in 0.8.1. | 2025-01-06 | not yet calculated | CVE-2025-21617 |
| Iocharger–Iocharger firmware for AC models | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects firmware versions before 24120701. Likelihood: Moderate – The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: The attack can be executed over any network connection serving the web interface (AV:N). There are no additional measures that need to be circumvented (AC:L) or attack preconditions (AT:N). THe attack is privileged, but the level does not matter (PR:L) and does not require user interaction (UI:N). Attack leads to full system compromised (VC:H/VI:H/VA:H) and compromised devices can be used to “pivot” to other networks that should be unreachable (SC:L/SI:L/SA:H). Because this an EV charger using high power, there is a potential safety impact (S:P). The attack can be automated (AU:Y). | 2025-01-09 | not yet calculated | CVE-2024-43650 |
| Iocharger–Iocharger firmware for AC models | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate – The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification:Â Any network connection serving the web interface is vulnerable (AV:N) and there are no additional measures to circumvent (AC:L) nor does the attack require special conditions to be present (AT:N). The attack requires authentication, but the level does not matter (PR:L), nor is user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H) and a compromised device can be used to potentially “pivot” into a network that should nopt be reachable (SC:L/SI:L/SA:H). Because this is an EV charger handing significant power, there is a potential safety impact (S:P). THe attack can be autometed (AU:Y). | 2025-01-09 | not yet calculated | CVE-2024-43651 |
| Iocharger–Iocharger firmware for AC models | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – The attacker will first need to find the name of the script, and needs a (low privilege) account to gain access to the script, or convince a user with such access to execute a request to it. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and deletefiles and services. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | 2025-01-09 | not yet calculated | CVE-2024-43655 |
| Iocharger–Iocharger firmware for AC models | Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files This issue affects Iocharger firmware for AC model before firmware version 25010801. Likelihood: High, but requires authentication Impact: Critical – The vulnerability can be used to delete any file on the charging station, severely impacting the integrity of the charging station. Furthermore, the vulnerability could be used to delete binaries required for the functioning of the charging station, severely impacting the availability of the charging station. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads compromised of the integrity and availability of the device (VVC:N/VI:H/VA:H), with no effect on subsequent systems (SC:N/SI:N/SA:N). We do not forsee a safety impact (S:N). This attack can be automated (AU:Y). | 2025-01-09 | not yet calculated | CVE-2024-43658 |
| Iocharger–Iocharger firmware for AC models | The <redacted>.exe or <redacted>.exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – An attacker will need to have knowledge of this CGI binary, e.g. by finding it in firmware. Furthermore, the attacker will need a (low privilege) account to gain access to the <redacted>.exe or <redacted>.exe CGI binary and upload the file, or convince a user with such access to upload it. Impact: Low – The attacker can upload arbitrary files to /tmp/upload/ or /tmp/. However, the attacker is unable to access or use these files without other vulnerabilities. CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). Artitrary files can be uploaded, be these files will not be in a location where they can influence confidentiality or availability and have a minimal impact on device integrity (VC:N/VI:L/VA:N). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, we do not expect this vulnerability to have a safety impact. The attack can be automated (AU:Y). | 2025-01-09 | not yet calculated | CVE-2024-43662 |
| Jan Syski–MegaBIP | Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under “/edytor/index.php?id=7,7,0” lacks protection mechanisms. A user could be tricked into visiting a malicious website, which would send POST request to this endpoint. If the victim is a logged in administrator, this could lead to creation of new accounts and granting of administrative permissions. | 2025-01-10 | not yet calculated | CVE-2024-6662 |
| Jan Syski–MegaBIP | During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of “/registered.php” discloses that path, allowing an attacker to attempt further attacks.  This issue affects MegaBIP software versions below 5.15 | 2025-01-10 | not yet calculated | CVE-2024-6880 |
| LabRedesCefetRJ–WeGIA | WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_permissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter. This vulnerability is fixed in 3.2.8. | 2025-01-08 | not yet calculated | CVE-2025-22143 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: block: avoid to reuse `hctx` not removed from cpuhp callback list If the ‘hctx’ isn’t removed from cpuhp callback list, we can’t reuse it, otherwise use-after-free may be triggered. | 2025-01-11 | not yet calculated | CVE-2024-41149 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: sched: fix warning in sched_setaffinity Commit 8f9ea86fdf99b added some logic to sched_setaffinity that included a WARN when a per-task affinity assignment races with a cpuset update. Specifically, we can have a race where a cpuset update results in the task affinity no longer being a subset of the cpuset. That’s fine; we have a fallback to instead use the cpuset mask. However, we have a WARN set up that will trigger if the cpuset mask has no overlap at all with the requested task affinity. This shouldn’t be a warning condition; its trivial to create this condition. Reproduced the warning by the following setup: – $PID inside a cpuset cgroup – another thread repeatedly switching the cpuset cpus from 1-2 to just 1 – another thread repeatedly setting the $PID affinity (via taskset) to 2 | 2025-01-11 | not yet calculated | CVE-2024-41932 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to shrink read extent node in batches We use rwlock to protect core structure data of extent tree during its shrink, however, if there is a huge number of extent nodes in extent tree, during shrink of extent tree, it may hold rwlock for a very long time, which may trigger kernel hang issue. This patch fixes to shrink read extent node in batches, so that, critical region of the rwlock can be shrunk to avoid its extreme long time hold. | 2025-01-11 | not yet calculated | CVE-2024-41935 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock A deadlock may happen since the i3c_master_register() acquires &i3cbus->lock twice. See the log below. Use i3cdev->desc->info instead of calling i3c_device_info() to avoid acquiring the lock twice. v2: – Modified the title and commit message ============================================ WARNING: possible recursive locking detected 6.11.0-mainline ——————————————– init/1 is trying to acquire lock: f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_bus_normaluse_lock but task is already holding lock: f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_master_register other info that might help us debug this: Possible unsafe locking scenario: CPU0 —- lock(&i3cbus->lock); lock(&i3cbus->lock); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by init/1: #0: fcffff809b6798f8 (&dev->mutex){….}-{3:3}, at: __driver_attach #1: f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_master_register stack backtrace: CPU: 6 UID: 0 PID: 1 Comm: init Call trace: dump_backtrace+0xfc/0x17c show_stack+0x18/0x28 dump_stack_lvl+0x40/0xc0 dump_stack+0x18/0x24 print_deadlock_bug+0x388/0x390 __lock_acquire+0x18bc/0x32ec lock_acquire+0x134/0x2b0 down_read+0x50/0x19c i3c_bus_normaluse_lock+0x14/0x24 i3c_device_get_info+0x24/0x58 i3c_device_uevent+0x34/0xa4 dev_uevent+0x310/0x384 kobject_uevent_env+0x244/0x414 kobject_uevent+0x14/0x20 device_add+0x278/0x460 device_register+0x20/0x34 i3c_master_register_new_i3c_devs+0x78/0x154 i3c_master_register+0x6a0/0x6d4 mtk_i3c_master_probe+0x3b8/0x4d8 platform_probe+0xa0/0xe0 really_probe+0x114/0x454 __driver_probe_device+0xa0/0x15c driver_probe_device+0x3c/0x1ac __driver_attach+0xc4/0x1f0 bus_for_each_dev+0x104/0x160 driver_attach+0x24/0x34 bus_add_driver+0x14c/0x294 driver_register+0x68/0x104 __platform_driver_register+0x20/0x30 init_module+0x20/0xfe4 do_one_initcall+0x184/0x464 do_init_module+0x58/0x1ec load_module+0xefc/0x10c8 __arm64_sys_finit_module+0x238/0x33c invoke_syscall+0x58/0x10c el0_svc_common+0xa8/0xdc do_el0_svc+0x1c/0x28 el0_svc+0x50/0xac el0t_64_sync_handler+0x70/0xbc el0t_64_sync+0x1a8/0x1ac | 2025-01-11 | not yet calculated | CVE-2024-43098 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request Bus cleanup path in DMA mode may trigger a RING_OP_STAT interrupt when the ring is being stopped. Depending on timing between ring stop request completion, interrupt handler removal and code execution this may lead to a NULL pointer dereference in hci_dma_irq_handler() if it gets to run after the io_data pointer is set to NULL in hci_dma_cleanup(). Prevent this my masking the ring interrupts before ring stop request. | 2025-01-11 | not yet calculated | CVE-2024-45828 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don’t access invalid sched Since 2320c9e6a768 (“drm/sched: memset() ‘job’ in drm_sched_job_init()”) accessing job->base.sched can produce unexpected results as the initialisation of (*job)->base.sched done in amdgpu_job_alloc is overwritten by the memset. This commit fixes an issue when a CS would fail validation and would be rejected after job->num_ibs is incremented. In this case, amdgpu_ib_free(ring->adev, …) will be called, which would crash the machine because the ring value is bogus. To fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this because the device is actually not used in this function. The next commit will remove the ring argument completely. (cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7) | 2025-01-11 | not yet calculated | CVE-2024-46896 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access desc->pinmux data When two client of the same gpio call pinctrl_select_state() for the same functionality, we are seeing NULL pointer issue while accessing desc->mux_owner. Let’s say two processes A, B executing in pin_request() for the same pin and process A updates the desc->mux_usecount but not yet updated the desc->mux_owner while process B see the desc->mux_usecount which got updated by A path and further executes strcmp and while accessing desc->mux_owner it crashes with NULL pointer. Serialize the access to mux related setting with a mutex lock. cpu0 (process A) cpu1(process B) pinctrl_select_state() { pinctrl_select_state() { pin_request() { pin_request() { … …. } else { desc->mux_usecount++; desc->mux_usecount && strcmp(desc->mux_owner, owner)) { if (desc->mux_usecount > 1) return 0; desc->mux_owner = owner; } } | 2025-01-11 | not yet calculated | CVE-2024-47141 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radix_lock radix_lock() shouldn’t be held while holding dma_hash_entry[idx].lock otherwise, there’s a possible deadlock scenario when dma debug API is called holding rq_lock(): CPU0 CPU1 CPU2 dma_free_attrs() check_unmap() add_dma_entry() __schedule() //out (A) rq_lock() get_hash_bucket() (A) dma_entry_hash check_sync() (A) radix_lock() (W) dma_entry_hash dma_entry_free() (W) radix_lock() // CPU2’s one (W) rq_lock() CPU1 situation can happen when it extending radix tree and it tries to wake up kswapd via wake_all_kswapd(). CPU2 situation can happen while perf_event_task_sched_out() (i.e. dma sync operation is called while deleting perf_event using etm and etr tmc which are Arm Coresight hwtracing driver backends). To remove this possible situation, call dma_entry_free() after put_hash_bucket() in check_unmap(). | 2025-01-11 | not yet calculated | CVE-2024-47143 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcd_v2_ext_offset exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the value of smcd_v2_ext_offset before using it. | 2025-01-11 | not yet calculated | CVE-2024-47408 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target for entry_freplace of tailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in entry_freplace leads to entry_tc. This results in an infinite loop: entry_tc -> subprog_tc -> entry_freplace –tailcall-> entry_tc. The problem arises because the tail_call_cnt in entry_freplace resets to zero each time entry_freplace is executed, causing the tail call mechanism to never terminate, eventually leading to a kernel panic. To fix this issue, the solution is twofold: 1. Prevent updating a program extended by an freplace program to a prog_array map. 2. Prevent extending a program that is already part of a prog_array map with an freplace program. This ensures that: * If a program or its subprogram has been extended by an freplace program, it can no longer be updated to a prog_array map. * If a program has been added to a prog_array map, neither it nor its subprograms can be extended by an freplace program. Moreover, an extension program should not be tailcalled. As such, return -EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a prog_array map. Additionally, fix a minor code style issue by replacing eight spaces with a tab for proper formatting. | 2025-01-11 | not yet calculated | CVE-2024-47794 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkb_resource null dereference This patch fixes a possible null pointer dereference when this function is called from request_lock() as lkb->lkb_resource is not assigned yet, only after validate_lock_args() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded. The log functionality is probably never being hit when DLM is used in normal way and no debug logging is enabled. The null pointer dereference can only occur on a new created lkb that does not have the resource assigned yet, it probably never hits the null pointer dereference but we should be sure that other changes might not change this behaviour and we actually can hit the mentioned null pointer dereference. In this patch we just drop the printout of the resource name, the lkb id is enough to make a possible connection to a resource name if this exists. | 2025-01-11 | not yet calculated | CVE-2024-47809 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: check return value of ieee80211_probereq_get() for RNR The return value of ieee80211_probereq_get() might be NULL, so check it before using to avoid NULL pointer access. Addresses-Coverity-ID: 1529805 (“Dereference null return value”) | 2025-01-11 | not yet calculated | CVE-2024-48873 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: btrfs: don’t take dev_replace rwsem on task already holding it Running fstests btrfs/011 with MKFS_OPTIONS=”-O rst” to force the usage of the RAID stripe-tree, we get the following splat from lockdep: BTRFS info (device sdd): dev_replace from /dev/sdd (devid 1) to /dev/sdb started ============================================ WARNING: possible recursive locking detected 6.11.0-rc3-btrfs-for-next #599 Not tainted ——————————————– btrfs/2326 is trying to acquire lock: ffff88810f215c98 (&fs_info->dev_replace.rwsem){++++}-{3:3}, at: btrfs_map_block+0x39f/0x2250 but task is already holding lock: ffff88810f215c98 (&fs_info->dev_replace.rwsem){++++}-{3:3}, at: btrfs_map_block+0x39f/0x2250 other info that might help us debug this: Possible unsafe locking scenario: CPU0 —- lock(&fs_info->dev_replace.rwsem); lock(&fs_info->dev_replace.rwsem); *** DEADLOCK *** May be due to missing lock nesting notation 1 lock held by btrfs/2326: #0: ffff88810f215c98 (&fs_info->dev_replace.rwsem){++++}-{3:3}, at: btrfs_map_block+0x39f/0x2250 stack backtrace: CPU: 1 UID: 0 PID: 2326 Comm: btrfs Not tainted 6.11.0-rc3-btrfs-for-next #599 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Call Trace: <TASK> dump_stack_lvl+0x5b/0x80 __lock_acquire+0x2798/0x69d0 ? __pfx___lock_acquire+0x10/0x10 ? __pfx___lock_acquire+0x10/0x10 lock_acquire+0x19d/0x4a0 ? btrfs_map_block+0x39f/0x2250 ? __pfx_lock_acquire+0x10/0x10 ? find_held_lock+0x2d/0x110 ? lock_is_held_type+0x8f/0x100 down_read+0x8e/0x440 ? btrfs_map_block+0x39f/0x2250 ? __pfx_down_read+0x10/0x10 ? do_raw_read_unlock+0x44/0x70 ? _raw_read_unlock+0x23/0x40 btrfs_map_block+0x39f/0x2250 ? btrfs_dev_replace_by_ioctl+0xd69/0x1d00 ? btrfs_bio_counter_inc_blocked+0xd9/0x2e0 ? __kasan_slab_alloc+0x6e/0x70 ? __pfx_btrfs_map_block+0x10/0x10 ? __pfx_btrfs_bio_counter_inc_blocked+0x10/0x10 ? kmem_cache_alloc_noprof+0x1f2/0x300 ? mempool_alloc_noprof+0xed/0x2b0 btrfs_submit_chunk+0x28d/0x17e0 ? __pfx_btrfs_submit_chunk+0x10/0x10 ? bvec_alloc+0xd7/0x1b0 ? bio_add_folio+0x171/0x270 ? __pfx_bio_add_folio+0x10/0x10 ? __kasan_check_read+0x20/0x20 btrfs_submit_bio+0x37/0x80 read_extent_buffer_pages+0x3df/0x6c0 btrfs_read_extent_buffer+0x13e/0x5f0 read_tree_block+0x81/0xe0 read_block_for_search+0x4bd/0x7a0 ? __pfx_read_block_for_search+0x10/0x10 btrfs_search_slot+0x78d/0x2720 ? __pfx_btrfs_search_slot+0x10/0x10 ? lock_is_held_type+0x8f/0x100 ? kasan_save_track+0x14/0x30 ? __kasan_slab_alloc+0x6e/0x70 ? kmem_cache_alloc_noprof+0x1f2/0x300 btrfs_get_raid_extent_offset+0x181/0x820 ? __pfx_lock_acquire+0x10/0x10 ? __pfx_btrfs_get_raid_extent_offset+0x10/0x10 ? down_read+0x194/0x440 ? __pfx_down_read+0x10/0x10 ? do_raw_read_unlock+0x44/0x70 ? _raw_read_unlock+0x23/0x40 btrfs_map_block+0x5b5/0x2250 ? __pfx_btrfs_map_block+0x10/0x10 scrub_submit_initial_read+0x8fe/0x11b0 ? __pfx_scrub_submit_initial_read+0x10/0x10 submit_initial_group_read+0x161/0x3a0 ? lock_release+0x20e/0x710 ? __pfx_submit_initial_group_read+0x10/0x10 ? __pfx_lock_release+0x10/0x10 scrub_simple_mirror.isra.0+0x3eb/0x580 scrub_stripe+0xe4d/0x1440 ? lock_release+0x20e/0x710 ? __pfx_scrub_stripe+0x10/0x10 ? __pfx_lock_release+0x10/0x10 ? do_raw_read_unlock+0x44/0x70 ? _raw_read_unlock+0x23/0x40 scrub_chunk+0x257/0x4a0 scrub_enumerate_chunks+0x64c/0xf70 ? __mutex_unlock_slowpath+0x147/0x5f0 ? __pfx_scrub_enumerate_chunks+0x10/0x10 ? bit_wait_timeout+0xb0/0x170 ? __up_read+0x189/0x700 ? scrub_workers_get+0x231/0x300 ? up_write+0x490/0x4f0 btrfs_scrub_dev+0x52e/0xcd0 ? create_pending_snapshots+0x230/0x250 ? __pfx_btrfs_scrub_dev+0x10/0x10 btrfs_dev_replace_by_ioctl+0xd69/0x1d00 ? lock_acquire+0x19d/0x4a0 ? __pfx_btrfs_dev_replace_by_ioctl+0x10/0x10 ? —truncated— | 2025-01-11 | not yet calculated | CVE-2024-48875 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: stackdepot: fix stack_depot_save_flags() in NMI context Per documentation, stack_depot_save_flags() was meant to be usable from NMI context if STACK_DEPOT_FLAG_CAN_ALLOC is unset. However, it still would try to take the pool_lock in an attempt to save a stack trace in the current pool (if space is available). This could result in deadlock if an NMI is handled while pool_lock is already held. To avoid deadlock, only try to take the lock in NMI context and give up if unsuccessful. The documentation is fixed to clearly convey this. | 2025-01-11 | not yet calculated | CVE-2024-48876 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b (“bcache: Remove unnecessary NULL point check in node allocations”) leads a NULL pointer deference in cache_set_flush(). 1721 if (!IS_ERR_OR_NULL(c->root)) 1722 list_add(&c->root->list, &c->btree_cache); >From the above code in cache_set_flush(), if previous registration code fails before allocating c->root, it is possible c->root is NULL as what it is initialized. __bch_btree_node_alloc() never returns NULL but c->root is possible to be NULL at above line 1721. This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this. | 2025-01-11 | not yet calculated | CVE-2024-48881 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg When receiving proposal msg in server, the fields v2_ext_offset/ eid_cnt/ism_gid_cnt in proposal msg are from the remote client and can not be fully trusted. Especially the field v2_ext_offset, once exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the fields v2_ext_offset/eid_cnt/ism_gid_cnt before using them. | 2025-01-11 | not yet calculated | CVE-2024-49568 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce admin_q before destroy it Kernel will hang on destroy admin_q while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: “nvme” #0 [ff61d23de260fb78] __schedule at ffffffff8323bc15 #1 [ff61d23de260fc08] schedule at ffffffff8323c014 #2 [ff61d23de260fc28] blk_mq_freeze_queue_wait at ffffffff82a3dba1 #3 [ff61d23de260fc78] blk_freeze_queue at ffffffff82a4113a #4 [ff61d23de260fc90] blk_cleanup_queue at ffffffff82a33006 #5 [ff61d23de260fcb0] nvme_rdma_destroy_admin_queue at ffffffffc12686ce #6 [ff61d23de260fcc8] nvme_rdma_setup_ctrl at ffffffffc1268ced #7 [ff61d23de260fd28] nvme_rdma_create_ctrl at ffffffffc126919b #8 [ff61d23de260fd68] nvmf_dev_write at ffffffffc024f362 #9 [ff61d23de260fe38] vfs_write at ffffffff827d5f25 RIP: 00007fda7891d574 RSP: 00007ffe2ef06958 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 000055e8122a4d90 RCX: 00007fda7891d574 RDX: 000000000000012b RSI: 000055e8122a4d90 RDI: 0000000000000004 RBP: 00007ffe2ef079c0 R8: 000000000000012b R9: 000055e8122a4d90 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004 R13: 000055e8122923c0 R14: 000000000000012b R15: 00007fda78a54500 ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b This due to we have quiesced admi_q before cancel requests, but forgot to unquiesce before destroy it, as a result we fail to drain the pending requests, and hang on blk_mq_freeze_queue_wait() forever. Here try to reuse nvme_rdma_teardown_admin_queue() to fix this issue and simplify the code. | 2025-01-11 | not yet calculated | CVE-2024-49569 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg When receiving proposal msg in server, the field iparea_offset and the field ipv6_prefixes_cnt in proposal msg are from the remote client and can not be fully trusted. Especially the field iparea_offset, once exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks iparea_offset and ipv6_prefixes_cnt before using them. | 2025-01-11 | not yet calculated | CVE-2024-49571 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix NEXT_BUDDY Adam reports that enabling NEXT_BUDDY insta triggers a WARN in pick_next_entity(). Moving clear_buddies() up before the delayed dequeue bits ensures no ->next buddy becomes delayed. Further ensure no new ->next buddy ever starts as delayed. | 2025-01-11 | not yet calculated | CVE-2024-49573 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancel_work_sync before module remove If we remove the module which will call mpc52xx_spi_remove it will free ‘ms’ through spi_unregister_controller. while the work ms->work will be used. The sequence of operations that may lead to a UAF bug. Fix it by ensuring that the work is canceled before proceeding with the cleanup in mpc52xx_spi_remove. | 2025-01-11 | not yet calculated | CVE-2024-50051 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in copy_user_gigantic_page() In current kernel, hugetlb_wp() calls copy_user_large_folio() with the fault address. Where the fault address may be not aligned with the huge page size. Then, copy_user_large_folio() may call copy_user_gigantic_page() with the address, while copy_user_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming ‘addr_hint’ instead of ‘addr’ for copy_user_gigantic_page(). | 2025-01-11 | not yet calculated | CVE-2024-51729 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in clear_gigantic_page() In current kernel, hugetlb_no_page() calls folio_zero_user() with the fault address. Where the fault address may be not aligned with the huge page size. Then, folio_zero_user() may call clear_gigantic_page() with the address, while clear_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming ‘addr_hint’ instead of ‘addr’ for clear_gigantic_page(). | 2025-01-11 | not yet calculated | CVE-2024-52319 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb fails to install, resulting to invalid memory access. | 2025-01-11 | not yet calculated | CVE-2024-52332 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instruction for ip_vs_protocol_init(), triggering the following objtool warning during build time: vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6() At runtime, this either causes an oops when trying to load the ipvs module or a boot-time panic if ipvs is built-in. This same issue has been reported by the Intel kernel test robot previously. Digging deeper into both LLVM and the kernel code reveals this to be a undefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer of 64 chars to store the registered protocol names and leaves it uninitialized after definition. The function calls strnlen() when concatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE strnlen() performs an extra step to check whether the last byte of the input char buffer is a null character (commit 3009f891bb9f (“fortify: Allow strlen() and strnlen() to pass compile-time known lengths”)). This, together with possibly other configurations, cause the following IR to be generated: define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section “.init.text” align 16 !kcfi_type !29 { %1 = alloca [64 x i8], align 16 … 14: ; preds = %11 %15 = getelementptr inbounds i8, ptr %1, i64 63 %16 = load i8, ptr %15, align 1 %17 = tail call i1 @llvm.is.constant.i8(i8 %16) %18 = icmp eq i8 %16, 0 %19 = select i1 %17, i1 %18, i1 false br i1 %19, label %20, label %23 20: ; preds = %14 %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23 … 23: ; preds = %14, %11, %20 %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24 … } The above code calculates the address of the last char in the buffer (value %15) and then loads from it (value %16). Because the buffer is never initialized, the LLVM GVN pass marks value %16 as undefined: %13 = getelementptr inbounds i8, ptr %1, i64 63 br i1 undef, label %14, label %17 This gives later passes (SCCP, in particular) more DCE opportunities by propagating the undef value further, and eventually removes everything after the load on the uninitialized stack location: define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section “.init.text” align 16 !kcfi_type !11 { %1 = alloca [64 x i8], align 16 … 12: ; preds = %11 %13 = getelementptr inbounds i8, ptr %1, i64 63 unreachable } In this way, the generated native code will just fall through to the next function, as LLVM does not generate any code for the unreachable IR instruction and leaves the function without a terminator. Zero the on-stack buffer to avoid this possible UB. | 2025-01-11 | not yet calculated | CVE-2024-53680 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: regulator: axp20x: AXP717: set ramp_delay AXP717 datasheet says that regulator ramp delay is 15.625 us/step, which is 10mV in our case. Add a AXP_DESC_RANGES_DELAY macro and update AXP_DESC_RANGES macro to expand to AXP_DESC_RANGES_DELAY with ramp_delay = 0 For DCDC4, steps is 100mv Add a AXP_DESC_DELAY macro and update AXP_DESC macro to expand to AXP_DESC_DELAY with ramp_delay = 0 This patch fix crashes when using CPU DVFS. | 2025-01-11 | not yet calculated | CVE-2024-53682 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effective DoS vulnerability. I cannot imagine why this retry was ever implemented, but it seems rather useless and harmful to me. Let’s remove it and fail with ENAMETOOLONG instead. | 2025-01-11 | not yet calculated | CVE-2024-53685 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: riscv: Fix IPIs usage in kfence_protect_page() flush_tlb_kernel_range() may use IPIs to flush the TLBs of all the cores, which triggers the following warning when the irqs are disabled: [ 3.455330] WARNING: CPU: 1 PID: 0 at kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520 [ 3.456647] Modules linked in: [ 3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-00010-g91d3de7240b8 #1 [ 3.457416] Hardware name: QEMU QEMU Virtual Machine, BIOS [ 3.457633] epc : smp_call_function_many_cond+0x452/0x520 [ 3.457736] ra : on_each_cpu_cond_mask+0x1e/0x30 [ 3.457786] epc : ffffffff800b669a ra : ffffffff800b67c2 sp : ff2000000000bb50 [ 3.457824] gp : ffffffff815212b8 tp : ff6000008014f080 t0 : 000000000000003f [ 3.457859] t1 : ffffffff815221e0 t2 : 000000000000000f s0 : ff2000000000bc10 [ 3.457920] s1 : 0000000000000040 a0 : ffffffff815221e0 a1 : 0000000000000001 [ 3.457953] a2 : 0000000000010000 a3 : 0000000000000003 a4 : 0000000000000000 [ 3.458006] a5 : 0000000000000000 a6 : ffffffffffffffff a7 : 0000000000000000 [ 3.458042] s2 : ffffffff815223be s3 : 00fffffffffff000 s4 : ff600001ffe38fc0 [ 3.458076] s5 : ff600001ff950d00 s6 : 0000000200000120 s7 : 0000000000000001 [ 3.458109] s8 : 0000000000000001 s9 : ff60000080841ef0 s10: 0000000000000001 [ 3.458141] s11: ffffffff81524812 t3 : 0000000000000001 t4 : ff60000080092bc0 [ 3.458172] t5 : 0000000000000000 t6 : ff200000000236d0 [ 3.458203] status: 0000000200000100 badaddr: ffffffff800b669a cause: 0000000000000003 [ 3.458373] [<ffffffff800b669a>] smp_call_function_many_cond+0x452/0x520 [ 3.458593] [<ffffffff800b67c2>] on_each_cpu_cond_mask+0x1e/0x30 [ 3.458625] [<ffffffff8000e4ca>] __flush_tlb_range+0x118/0x1ca [ 3.458656] [<ffffffff8000e6b2>] flush_tlb_kernel_range+0x1e/0x26 [ 3.458683] [<ffffffff801ea56a>] kfence_protect+0xc0/0xce [ 3.458717] [<ffffffff801e9456>] kfence_guarded_free+0xc6/0x1c0 [ 3.458742] [<ffffffff801e9d6c>] __kfence_free+0x62/0xc6 [ 3.458764] [<ffffffff801c57d8>] kfree+0x106/0x32c [ 3.458786] [<ffffffff80588cf2>] detach_buf_split+0x188/0x1a8 [ 3.458816] [<ffffffff8058708c>] virtqueue_get_buf_ctx+0xb6/0x1f6 [ 3.458839] [<ffffffff805871da>] virtqueue_get_buf+0xe/0x16 [ 3.458880] [<ffffffff80613d6a>] virtblk_done+0x5c/0xe2 [ 3.458908] [<ffffffff8058766e>] vring_interrupt+0x6a/0x74 [ 3.458930] [<ffffffff800747d8>] __handle_irq_event_percpu+0x7c/0xe2 [ 3.458956] [<ffffffff800748f0>] handle_irq_event+0x3c/0x86 [ 3.458978] [<ffffffff800786cc>] handle_simple_irq+0x9e/0xbe [ 3.459004] [<ffffffff80073934>] generic_handle_domain_irq+0x1c/0x2a [ 3.459027] [<ffffffff804bf87c>] imsic_handle_irq+0xba/0x120 [ 3.459056] [<ffffffff80073934>] generic_handle_domain_irq+0x1c/0x2a [ 3.459080] [<ffffffff804bdb76>] riscv_intc_aia_irq+0x24/0x34 [ 3.459103] [<ffffffff809d0452>] handle_riscv_irq+0x2e/0x4c [ 3.459133] [<ffffffff809d923e>] call_on_irq_stack+0x32/0x40 So only flush the local TLB and let the lazy kfence page fault handling deal with the faults which could happen when a core has an old protected pte version cached in its TLB. That leads to potential inaccuracies which can be tolerated when using kfence. | 2025-01-11 | not yet calculated | CVE-2024-53687 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: block: Fix potential deadlock while freezing queue and acquiring sysfs_lock For storing a value to a queue attribute, the queue_attr_store function first freezes the queue (->q_usage_counter(io)) and then acquire ->sysfs_lock. This seems not correct as the usual ordering should be to acquire ->sysfs_lock before freezing the queue. This incorrect ordering causes the following lockdep splat which we are able to reproduce always simply by accessing /sys/kernel/debug file using ls command: [ 57.597146] WARNING: possible circular locking dependency detected [ 57.597154] 6.12.0-10553-gb86545e02e8c #20 Tainted: G W [ 57.597162] —————————————————— [ 57.597168] ls/4605 is trying to acquire lock: [ 57.597176] c00000003eb56710 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0x58/0xc0 [ 57.597200] but task is already holding lock: [ 57.597207] c0000018e27c6810 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: iterate_dir+0x94/0x1d4 [ 57.597226] which lock already depends on the new lock. [ 57.597233] the existing dependency chain (in reverse order) is: [ 57.597241] -> #5 (&sb->s_type->i_mutex_key#3){++++}-{4:4}: [ 57.597255] down_write+0x6c/0x18c [ 57.597264] start_creating+0xb4/0x24c [ 57.597274] debugfs_create_dir+0x2c/0x1e8 [ 57.597283] blk_register_queue+0xec/0x294 [ 57.597292] add_disk_fwnode+0x2e4/0x548 [ 57.597302] brd_alloc+0x2c8/0x338 [ 57.597309] brd_init+0x100/0x178 [ 57.597317] do_one_initcall+0x88/0x3e4 [ 57.597326] kernel_init_freeable+0x3cc/0x6e0 [ 57.597334] kernel_init+0x34/0x1cc [ 57.597342] ret_from_kernel_user_thread+0x14/0x1c [ 57.597350] -> #4 (&q->debugfs_mutex){+.+.}-{4:4}: [ 57.597362] __mutex_lock+0xfc/0x12a0 [ 57.597370] blk_register_queue+0xd4/0x294 [ 57.597379] add_disk_fwnode+0x2e4/0x548 [ 57.597388] brd_alloc+0x2c8/0x338 [ 57.597395] brd_init+0x100/0x178 [ 57.597402] do_one_initcall+0x88/0x3e4 [ 57.597410] kernel_init_freeable+0x3cc/0x6e0 [ 57.597418] kernel_init+0x34/0x1cc [ 57.597426] ret_from_kernel_user_thread+0x14/0x1c [ 57.597434] -> #3 (&q->sysfs_lock){+.+.}-{4:4}: [ 57.597446] __mutex_lock+0xfc/0x12a0 [ 57.597454] queue_attr_store+0x9c/0x110 [ 57.597462] sysfs_kf_write+0x70/0xb0 [ 57.597471] kernfs_fop_write_iter+0x1b0/0x2ac [ 57.597480] vfs_write+0x3dc/0x6e8 [ 57.597488] ksys_write+0x84/0x140 [ 57.597495] system_call_exception+0x130/0x360 [ 57.597504] system_call_common+0x160/0x2c4 [ 57.597516] -> #2 (&q->q_usage_counter(io)#21){++++}-{0:0}: [ 57.597530] __submit_bio+0x5ec/0x828 [ 57.597538] submit_bio_noacct_nocheck+0x1e4/0x4f0 [ 57.597547] iomap_readahead+0x2a0/0x448 [ 57.597556] xfs_vm_readahead+0x28/0x3c [ 57.597564] read_pages+0x88/0x41c [ 57.597571] page_cache_ra_unbounded+0x1ac/0x2d8 [ 57.597580] filemap_get_pages+0x188/0x984 [ 57.597588] filemap_read+0x13c/0x4bc [ 57.597596] xfs_file_buffered_read+0x88/0x17c [ 57.597605] xfs_file_read_iter+0xac/0x158 [ 57.597614] vfs_read+0x2d4/0x3b4 [ 57.597622] ksys_read+0x84/0x144 [ 57.597629] system_call_exception+0x130/0x360 [ 57.597637] system_call_common+0x160/0x2c4 [ 57.597647] -> #1 (mapping.invalidate_lock#2){++++}-{4:4}: [ 57.597661] down_read+0x6c/0x220 [ 57.597669] filemap_fault+0x870/0x100c [ 57.597677] xfs_filemap_fault+0xc4/0x18c [ 57.597684] __do_fault+0x64/0x164 [ 57.597693] __handle_mm_fault+0x1274/0x1dac [ 57.597702] handle_mm_fault+0x248/0x48 —truncated— | 2025-01-11 | not yet calculated | CVE-2024-53689 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent use of deleted inode syzbot reported a WARNING in nilfs_rmdir. [1] Because the inode bitmap is corrupted, an inode with an inode number that should exist as a “.nilfs” file was reassigned by nilfs_mkdir for “file0”, causing an inode duplication during execution. And this causes an underflow of i_nlink in rmdir operations. The inode is used twice by the same task to unmount and remove directories “.nilfs” and “file0”, it trigger warning in nilfs_rmdir. Avoid to this issue, check i_nlink in nilfs_iget(), if it is 0, it means that this inode has been deleted, and iput is executed to reclaim it. [1] WARNING: CPU: 1 PID: 5824 at fs/inode.c:407 drop_nlink+0xc4/0x110 fs/inode.c:407 … Call Trace: <TASK> nilfs_rmdir+0x1b0/0x250 fs/nilfs2/namei.c:342 vfs_rmdir+0x3a3/0x510 fs/namei.c:4394 do_rmdir+0x3b5/0x580 fs/namei.c:4453 __do_sys_rmdir fs/namei.c:4472 [inline] __se_sys_rmdir fs/namei.c:4470 [inline] __x64_sys_rmdir+0x47/0x50 fs/namei.c:4470 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2025-01-11 | not yet calculated | CVE-2024-53690 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_conn_big_sync This fixes the circular locking dependency warning below, by reworking iso_sock_recvmsg, to ensure that the socket lock is always released before calling a function that locks hdev. [ 561.670344] ====================================================== [ 561.670346] WARNING: possible circular locking dependency detected [ 561.670349] 6.12.0-rc6+ #26 Not tainted [ 561.670351] —————————————————— [ 561.670353] iso-tester/3289 is trying to acquire lock: [ 561.670355] ffff88811f600078 (&hdev->lock){+.+.}-{3:3}, at: iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670405] but task is already holding lock: [ 561.670407] ffff88815af58258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: iso_sock_recvmsg+0xbf/0x500 [bluetooth] [ 561.670450] which lock already depends on the new lock. [ 561.670452] the existing dependency chain (in reverse order) is: [ 561.670453] -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}: [ 561.670458] lock_acquire+0x7c/0xc0 [ 561.670463] lock_sock_nested+0x3b/0xf0 [ 561.670467] bt_accept_dequeue+0x1a5/0x4d0 [bluetooth] [ 561.670510] iso_sock_accept+0x271/0x830 [bluetooth] [ 561.670547] do_accept+0x3dd/0x610 [ 561.670550] __sys_accept4+0xd8/0x170 [ 561.670553] __x64_sys_accept+0x74/0xc0 [ 561.670556] x64_sys_call+0x17d6/0x25f0 [ 561.670559] do_syscall_64+0x87/0x150 [ 561.670563] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670567] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 561.670571] lock_acquire+0x7c/0xc0 [ 561.670574] lock_sock_nested+0x3b/0xf0 [ 561.670577] iso_sock_listen+0x2de/0xf30 [bluetooth] [ 561.670617] __sys_listen_socket+0xef/0x130 [ 561.670620] __x64_sys_listen+0xe1/0x190 [ 561.670623] x64_sys_call+0x2517/0x25f0 [ 561.670626] do_syscall_64+0x87/0x150 [ 561.670629] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670632] -> #0 (&hdev->lock){+.+.}-{3:3}: [ 561.670636] __lock_acquire+0x32ad/0x6ab0 [ 561.670639] lock_acquire.part.0+0x118/0x360 [ 561.670642] lock_acquire+0x7c/0xc0 [ 561.670644] __mutex_lock+0x18d/0x12f0 [ 561.670647] mutex_lock_nested+0x1b/0x30 [ 561.670651] iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670687] iso_sock_recvmsg+0x3e9/0x500 [bluetooth] [ 561.670722] sock_recvmsg+0x1d5/0x240 [ 561.670725] sock_read_iter+0x27d/0x470 [ 561.670727] vfs_read+0x9a0/0xd30 [ 561.670731] ksys_read+0x1a8/0x250 [ 561.670733] __x64_sys_read+0x72/0xc0 [ 561.670736] x64_sys_call+0x1b12/0x25f0 [ 561.670738] do_syscall_64+0x87/0x150 [ 561.670741] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670744] other info that might help us debug this: [ 561.670745] Chain exists of: &hdev->lock –> sk_lock-AF_BLUETOOTH-BTPROTO_ISO –> sk_lock-AF_BLUETOOTH [ 561.670751] Possible unsafe locking scenario: [ 561.670753] CPU0 CPU1 [ 561.670754] —- —- [ 561.670756] lock(sk_lock-AF_BLUETOOTH); [ 561.670758] lock(sk_lock AF_BLUETOOTH-BTPROTO_ISO); [ 561.670761] lock(sk_lock-AF_BLUETOOTH); [ 561.670764] lock(&hdev->lock); [ 561.670767] *** DEADLOCK *** | 2025-01-11 | not yet calculated | CVE-2024-54191 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal() Move pm_runtime_set_active() to ivpu_pm_init() so when ivpu_ipc_send_receive_internal() is executed before ivpu_pm_enable() it already has correct runtime state, even if last resume was not successful. | 2025-01-11 | not yet calculated | CVE-2024-54193 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix general protection fault in ivpu_bo_list() Check if ctx is not NULL before accessing its fields. | 2025-01-11 | not yet calculated | CVE-2024-54455 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_listen_bis This fixes the circular locking dependency warning below, by releasing the socket lock before enterning iso_listen_bis, to avoid any potential deadlock with hdev lock. [ 75.307983] ====================================================== [ 75.307984] WARNING: possible circular locking dependency detected [ 75.307985] 6.12.0-rc6+ #22 Not tainted [ 75.307987] —————————————————— [ 75.307987] kworker/u81:2/2623 is trying to acquire lock: [ 75.307988] ffff8fde1769da58 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO) at: iso_connect_cfm+0x253/0x840 [bluetooth] [ 75.308021] but task is already holding lock: [ 75.308022] ffff8fdd61a10078 (&hdev->lock) at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth] [ 75.308053] which lock already depends on the new lock. [ 75.308054] the existing dependency chain (in reverse order) is: [ 75.308055] -> #1 (&hdev->lock){+.+.}-{3:3}: [ 75.308057] __mutex_lock+0xad/0xc50 [ 75.308061] mutex_lock_nested+0x1b/0x30 [ 75.308063] iso_sock_listen+0x143/0x5c0 [bluetooth] [ 75.308085] __sys_listen_socket+0x49/0x60 [ 75.308088] __x64_sys_listen+0x4c/0x90 [ 75.308090] x64_sys_call+0x2517/0x25f0 [ 75.308092] do_syscall_64+0x87/0x150 [ 75.308095] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 75.308098] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 75.308100] __lock_acquire+0x155e/0x25f0 [ 75.308103] lock_acquire+0xc9/0x300 [ 75.308105] lock_sock_nested+0x32/0x90 [ 75.308107] iso_connect_cfm+0x253/0x840 [bluetooth] [ 75.308128] hci_connect_cfm+0x6c/0x190 [bluetooth] [ 75.308155] hci_le_per_adv_report_evt+0x27b/0x2f0 [bluetooth] [ 75.308180] hci_le_meta_evt+0xe7/0x200 [bluetooth] [ 75.308206] hci_event_packet+0x21f/0x5c0 [bluetooth] [ 75.308230] hci_rx_work+0x3ae/0xb10 [bluetooth] [ 75.308254] process_one_work+0x212/0x740 [ 75.308256] worker_thread+0x1bd/0x3a0 [ 75.308258] kthread+0xe4/0x120 [ 75.308259] ret_from_fork+0x44/0x70 [ 75.308261] ret_from_fork_asm+0x1a/0x30 [ 75.308263] other info that might help us debug this: [ 75.308264] Possible unsafe locking scenario: [ 75.308264] CPU0 CPU1 [ 75.308265] —- —- [ 75.308265] lock(&hdev->lock); [ 75.308267] lock(sk_lock- AF_BLUETOOTH-BTPROTO_ISO); [ 75.308268] lock(&hdev->lock); [ 75.308269] lock(sk_lock-AF_BLUETOOTH-BTPROTO_ISO); [ 75.308270] *** DEADLOCK *** [ 75.308271] 4 locks held by kworker/u81:2/2623: [ 75.308272] #0: ffff8fdd66e52148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x443/0x740 [ 75.308276] #1: ffffafb488b7fe48 ((work_completion)(&hdev->rx_work)), at: process_one_work+0x1ce/0x740 [ 75.308280] #2: ffff8fdd61a10078 (&hdev->lock){+.+.}-{3:3} at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth] [ 75.308304] #3: ffffffffb6ba4900 (rcu_read_lock){….}-{1:2}, at: hci_connect_cfm+0x29/0x190 [bluetooth] | 2025-01-11 | not yet calculated | CVE-2024-54460 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix TCP timers deadlock after rmmod Commit ef7134c7fc48 (“smb: client: Fix use-after-free of network namespace.”) fixed a netns UAF by manually enabled socket refcounting (sk->sk_net_refcnt=1 and sock_inuse_add(net, 1)). The reason the patch worked for that bug was because we now hold references to the netns (get_net_track() gets a ref internally) and they’re properly released (internally, on __sk_destruct()), but only because sk->sk_net_refcnt was set. Problem: (this happens regardless of CONFIG_NET_NS_REFCNT_TRACKER and regardless if init_net or other) Setting sk->sk_net_refcnt=1 *manually* and *after* socket creation is not only out of cifs scope, but also technically wrong — it’s set conditionally based on user (=1) vs kernel (=0) sockets. And net/ implementations seem to base their user vs kernel space operations on it. e.g. upon TCP socket close, the TCP timers are not cleared because sk->sk_net_refcnt=1: (cf. commit 151c9c724d05 (“tcp: properly terminate timers for kernel sockets”)) net/ipv4/tcp.c: void tcp_close(struct sock *sk, long timeout) { lock_sock(sk); __tcp_close(sk, timeout); release_sock(sk); if (!sk->sk_net_refcnt) inet_csk_clear_xmit_timers_sync(sk); sock_put(sk); } Which will throw a lockdep warning and then, as expected, deadlock on tcp_write_timer(). A way to reproduce this is by running the reproducer from ef7134c7fc48 and then ‘rmmod cifs’. A few seconds later, the deadlock/lockdep warning shows up. Fix: We shouldn’t mess with socket internals ourselves, so do not set sk_net_refcnt manually. Also change __sock_create() to sock_create_kern() for explicitness. As for non-init_net network namespaces, we deal with it the best way we can — hold an extra netns reference for server->ssocket and drop it when it’s released. This ensures that the netns still exists whenever we need to create/destroy server->ssocket, but is not directly tied to it. | 2025-01-11 | not yet calculated | CVE-2024-54680 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: | ====================================================== | WARNING: possible circular locking dependency detected | 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted | —————————————————— | iptables/3303 is trying to acquire lock: | ffff8881057e04b8 (kn->active#48){++++}-{0:0}, at: __kernfs_remove+0x20 | | but task is already holding lock: | ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v] | | which lock already depends on the new lock. A simple reproducer is: | #!/bin/bash | | while true; do | iptables -A INPUT -i foo -j IDLETIMER –timeout 10 –label “testme” | iptables -D INPUT -i foo -j IDLETIMER –timeout 10 –label “testme” | done & | while true; do | cat /sys/class/xt_idletimer/timers/testme >/dev/null | done Avoid this by freeing list_mutex right after deleting the element from the list, then continuing with the teardown. | 2025-01-11 | not yet calculated | CVE-2024-54683 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitch_device structure is used at several driver locations. So passing this node to of_node_put() after the first use is wrong. Move of_node_put() for this node to exit paths. | 2025-01-11 | not yet calculated | CVE-2024-55639 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfs_trans_alloc_dir Debugging a filesystem patch with generic/475 caused the system to hang after observing the following sequences in dmesg: XFS (dm-0): metadata I/O error in “xfs_imap_to_bp+0x61/0xe0 [xfs]” at daddr 0x491520 len 32 error 5 XFS (dm-0): metadata I/O error in “xfs_btree_read_buf_block+0xba/0x160 [xfs]” at daddr 0x3445608 len 8 error 5 XFS (dm-0): metadata I/O error in “xfs_imap_to_bp+0x61/0xe0 [xfs]” at daddr 0x138e1c0 len 32 error 5 XFS (dm-0): log I/O error -5 XFS (dm-0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x1ea/0x4b0 [xfs] (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. XFS (dm-0): Please unmount the filesystem and rectify the problem(s) XFS (dm-0): Internal error dqp->q_ino.reserved < dqp->q_ino.count at line 869 of file fs/xfs/xfs_trans_dquot.c. Caller xfs_trans_dqresv+0x236/0x440 [xfs] XFS (dm-0): Corruption detected. Unmount and run xfs_repair XFS (dm-0): Unmounting Filesystem be6bcbcc-9921-4deb-8d16-7cc94e335fa7 The system is stuck in unmount trying to lock a couple of inodes so that they can be purged. The dquot corruption notice above is a clue to what happened — a link() call tried to set up a transaction to link a child into a directory. Quota reservation for the transaction failed after IO errors shut down the filesystem, but then we forgot to unlock the inodes on our way out. Fix that. | 2025-01-11 | not yet calculated | CVE-2024-55641 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: block: Prevent potential deadlocks in zone write plug error recovery Zone write plugging for handling writes to zones of a zoned block device always execute a zone report whenever a write BIO to a zone fails. The intent of this is to ensure that the tracking of a zone write pointer is always correct to ensure that the alignment to a zone write pointer of write BIOs can be checked on submission and that we can always correctly emulate zone append operations using regular write BIOs. However, this error recovery scheme introduces a potential deadlock if a device queue freeze is initiated while BIOs are still plugged in a zone write plug and one of these write operation fails. In such case, the disk zone write plug error recovery work is scheduled and executes a report zone. This in turn can result in a request allocation in the underlying driver to issue the report zones command to the device. But with the device queue freeze already started, this allocation will block, preventing the report zone execution and the continuation of the processing of the plugged BIOs. As plugged BIOs hold a queue usage reference, the queue freeze itself will never complete, resulting in a deadlock. Avoid this problem by completely removing from the zone write plugging code the use of report zones operations after a failed write operation, instead relying on the device user to either execute a report zones, reset the zone, finish the zone, or give up writing to the device (which is a fairly common pattern for file systems which degrade to read-only after write failures). This is not an unreasonnable requirement as all well-behaved applications, FSes and device mapper already use report zones to recover from write errors whenever possible by comparing the current position of a zone write pointer with what their assumption about the position is. The changes to remove the automatic error recovery are as follows: – Completely remove the error recovery work and its associated resources (zone write plug list head, disk error list, and disk zone_wplugs_work work struct). This also removes the functions disk_zone_wplug_set_error() and disk_zone_wplug_clear_error(). – Change the BLK_ZONE_WPLUG_ERROR zone write plug flag into BLK_ZONE_WPLUG_NEED_WP_UPDATE. This new flag is set for a zone write plug whenever a write opration targetting the zone of the zone write plug fails. This flag indicates that the zone write pointer offset is not reliable and that it must be updated when the next report zone, reset zone, finish zone or disk revalidation is executed. – Modify blk_zone_write_plug_bio_endio() to set the BLK_ZONE_WPLUG_NEED_WP_UPDATE flag for the target zone of a failed write BIO. – Modify the function disk_zone_wplug_set_wp_offset() to clear this new flag, thus implementing recovery of a correct write pointer offset with the reset (all) zone and finish zone operations. – Modify blkdev_report_zones() to always use the disk_report_zones_cb() callback so that disk_zone_wplug_sync_wp_offset() can be called for any zone marked with the BLK_ZONE_WPLUG_NEED_WP_UPDATE flag. This implements recovery of a correct write pointer offset for zone write plugs marked with BLK_ZONE_WPLUG_NEED_WP_UPDATE and within the range of the report zones operation executed by the user. – Modify blk_revalidate_seq_zone() to call disk_zone_wplug_sync_wp_offset() for all sequential write required zones when a zoned block device is revalidated, thus always resolving any inconsistency between the write pointer offset of zone write plugs and the actual write pointer position of sequential zones. | 2025-01-11 | not yet calculated | CVE-2024-55642 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in complete_hypercall_exit() Use is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit mode as the vCPU state needed to detect 64-bit mode is unavailable. Hacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE hypercall via VMGEXIT trips the WARN: ————[ cut here ]———— WARNING: CPU: 273 PID: 326626 at arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm] Modules linked in: kvm_amd kvm … [last unloaded: kvm] CPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test Not tainted 6.12.0-smp–392e932fa0f3-feat #470 Hardware name: Google Astoria/astoria, BIOS 0.20240617.0-0 06/17/2024 RIP: 0010:complete_hypercall_exit+0x44/0xe0 [kvm] Call Trace: <TASK> kvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm] kvm_vcpu_ioctl+0x54f/0x630 [kvm] __se_sys_ioctl+0x6b/0xc0 do_syscall_64+0x83/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> —[ end trace 0000000000000000 ]— | 2025-01-11 | not yet calculated | CVE-2024-55881 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet If the KVP (or VSS) daemon starts before the VMBus channel’s ringbuffer is fully initialized, we can hit the panic below: hv_utils: Registering HyperV Utility Driver hv_vmbus: registering driver hv_utils … BUG: kernel NULL pointer dereference, address: 0000000000000000 CPU: 44 UID: 0 PID: 2552 Comm: hv_kvp_daemon Tainted: G E 6.11.0-rc3+ #1 RIP: 0010:hv_pkt_iter_first+0x12/0xd0 Call Trace: … vmbus_recvpacket hv_kvp_onchannelcallback vmbus_on_event tasklet_action_common tasklet_action handle_softirqs irq_exit_rcu sysvec_hyperv_stimer0 </IRQ> <TASK> asm_sysvec_hyperv_stimer0 … kvp_register_done hvt_op_read vfs_read ksys_read __x64_sys_read This can happen because the KVP/VSS channel callback can be invoked even before the channel is fully opened: 1) as soon as hv_kvp_init() -> hvutil_transport_init() creates /dev/vmbus/hv_kvp, the kvp daemon can open the device file immediately and register itself to the driver by writing a message KVP_OP_REGISTER1 to the file (which is handled by kvp_on_msg() ->kvp_handle_handshake()) and reading the file for the driver’s response, which is handled by hvt_op_read(), which calls hvt->on_read(), i.e. kvp_register_done(). 2) the problem with kvp_register_done() is that it can cause the channel callback to be called even before the channel is fully opened, and when the channel callback is starting to run, util_probe()-> vmbus_open() may have not initialized the ringbuffer yet, so the callback can hit the panic of NULL pointer dereference. To reproduce the panic consistently, we can add a “ssleep(10)” for KVP in __vmbus_open(), just before the first hv_ringbuffer_init(), and then we unload and reload the driver hv_utils, and run the daemon manually within the 10 seconds. Fix the panic by reordering the steps in util_probe() so the char dev entry used by the KVP or VSS daemon is not created until after vmbus_open() has completed. This reordering prevents the race condition from happening. | 2025-01-11 | not yet calculated | CVE-2024-55916 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix overflow in __rb_map_vma An overflow occurred when performing the following calculation: nr_pages = ((nr_subbufs + 1) << subbuf_order) – pgoff; Add a check before the calculation to avoid this problem. syzbot reported this as a slab-out-of-bounds in __rb_map_vma: BUG: KASAN: slab-out-of-bounds in __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 Read of size 8 at addr ffff8880767dd2b8 by task syz-executor187/5836 CPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 ring_buffer_map+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138 tracing_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482 call_mmap include/linux/fs.h:2183 [inline] mmap_file mm/internal.h:124 [inline] __mmap_new_file_vma mm/vma.c:2291 [inline] __mmap_new_vma mm/vma.c:2355 [inline] __mmap_region+0x1786/0x2670 mm/vma.c:2456 mmap_region+0x127/0x320 mm/mmap.c:1348 do_mmap+0xc00/0xfc0 mm/mmap.c:496 vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580 ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The reproducer for this bug is: ————————8<————————- #include <fcntl.h> #include <stdlib.h> #include <unistd.h> #include <asm/types.h> #include <sys/mman.h> int main(int argc, char **argv) { int page_size = getpagesize(); int fd; void *meta; system(“echo 1 > /sys/kernel/tracing/buffer_size_kb”); fd = open(“/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw”, O_RDONLY); meta = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, page_size * 5); } ————————>8————————- | 2025-01-11 | not yet calculated | CVE-2024-56368 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() drm_mode_vrefresh() is trying to avoid divide by zero by checking whether htotal or vtotal are zero. But we may still end up with a div-by-zero of vtotal*htotal*… | 2025-01-11 | not yet calculated | CVE-2024-56369 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: tun: fix tun_napi_alloc_frags() syzbot reported the following crash [1] Issue came with the blamed commit. Instead of going through all the iov components, we keep using the first one and end up with a malformed skb. [1] kernel BUG at net/core/skbuff.c:2849 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 6230 Comm: syz-executor132 Not tainted 6.13.0-rc1-syzkaller-00407-g96b6fcc0ee41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:__pskb_pull_tail+0x1568/0x1570 net/core/skbuff.c:2848 Code: 38 c1 0f 8c 32 f1 ff ff 4c 89 f7 e8 92 96 74 f8 e9 25 f1 ff ff e8 e8 ae 09 f8 48 8b 5c 24 08 e9 eb fb ff ff e8 d9 ae 09 f8 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc90004cbef30 EFLAGS: 00010293 RAX: ffffffff8995c347 RBX: 00000000fffffff2 RCX: ffff88802cf45a00 RDX: 0000000000000000 RSI: 00000000fffffff2 RDI: 0000000000000000 RBP: ffff88807df0c06a R08: ffffffff8995b084 R09: 1ffff1100fbe185c R10: dffffc0000000000 R11: ffffed100fbe185d R12: ffff888076e85d50 R13: ffff888076e85c80 R14: ffff888076e85cf4 R15: ffff888076e85c80 FS: 00007f0dca6ea6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0dca6ead58 CR3: 00000000119da000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_cow_data+0x2da/0xcb0 net/core/skbuff.c:5284 tipc_aead_decrypt net/tipc/crypto.c:894 [inline] tipc_crypto_rcv+0x402/0x24e0 net/tipc/crypto.c:1844 tipc_rcv+0x57e/0x12a0 net/tipc/node.c:2109 tipc_l2_rcv_msg+0x2bd/0x450 net/tipc/bearer.c:668 __netif_receive_skb_list_ptype net/core/dev.c:5720 [inline] __netif_receive_skb_list_core+0x8b7/0x980 net/core/dev.c:5762 __netif_receive_skb_list net/core/dev.c:5814 [inline] netif_receive_skb_list_internal+0xa51/0xe30 net/core/dev.c:5905 gro_normal_list include/net/gro.h:515 [inline] napi_complete_done+0x2b5/0x870 net/core/dev.c:6256 napi_complete include/linux/netdevice.h:567 [inline] tun_get_user+0x2ea0/0x4890 drivers/net/tun.c:1982 tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2057 do_iter_readv_writev+0x600/0x880 vfs_writev+0x376/0xba0 fs/read_write.c:1050 do_writev+0x1b6/0x360 fs/read_write.c:1096 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2025-01-11 | not yet calculated | CVE-2024-56372 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: oa_tc6: fix tx skb race condition between reference pointers There are two skb pointers to manage tx skb’s enqueued from n/w stack. waiting_tx_skb pointer points to the tx skb which needs to be processed and ongoing_tx_skb pointer points to the tx skb which is being processed. SPI thread prepares the tx data chunks from the tx skb pointed by the ongoing_tx_skb pointer. When the tx skb pointed by the ongoing_tx_skb is processed, the tx skb pointed by the waiting_tx_skb is assigned to ongoing_tx_skb and the waiting_tx_skb pointer is assigned with NULL. Whenever there is a new tx skb from n/w stack, it will be assigned to waiting_tx_skb pointer if it is NULL. Enqueuing and processing of a tx skb handled in two different threads. Consider a scenario where the SPI thread processed an ongoing_tx_skb and it moves next tx skb from waiting_tx_skb pointer to ongoing_tx_skb pointer without doing any NULL check. At this time, if the waiting_tx_skb pointer is NULL then ongoing_tx_skb pointer is also assigned with NULL. After that, if a new tx skb is assigned to waiting_tx_skb pointer by the n/w stack and there is a chance to overwrite the tx skb pointer with NULL in the SPI thread. Finally one of the tx skb will be left as unhandled, resulting packet missing and memory leak. – Consider the below scenario where the TXC reported from the previous transfer is 10 and ongoing_tx_skb holds an tx ethernet frame which can be transported in 20 TXCs and waiting_tx_skb is still NULL. tx_credits = 10; /* 21 are filled in the previous transfer */ ongoing_tx_skb = 20; waiting_tx_skb = NULL; /* Still NULL */ – So, (tc6->ongoing_tx_skb || tc6->waiting_tx_skb) becomes true. – After oa_tc6_prepare_spi_tx_buf_for_tx_skbs() ongoing_tx_skb = 10; waiting_tx_skb = NULL; /* Still NULL */ – Perform SPI transfer. – Process SPI rx buffer to get the TXC from footers. – Now let’s assume previously filled 21 TXCs are freed so we are good to transport the next remaining 10 tx chunks from ongoing_tx_skb. tx_credits = 21; ongoing_tx_skb = 10; waiting_tx_skb = NULL; – So, (tc6->ongoing_tx_skb || tc6->waiting_tx_skb) becomes true again. – In the oa_tc6_prepare_spi_tx_buf_for_tx_skbs() ongoing_tx_skb = NULL; waiting_tx_skb = NULL; – Now the below bad case might happen, Thread1 (oa_tc6_start_xmit) Thread2 (oa_tc6_spi_thread_handler) ————————— ———————————– – if waiting_tx_skb is NULL – if ongoing_tx_skb is NULL – ongoing_tx_skb = waiting_tx_skb – waiting_tx_skb = skb – waiting_tx_skb = NULL … – ongoing_tx_skb = NULL – if waiting_tx_skb is NULL – waiting_tx_skb = skb To overcome the above issue, protect the moving of tx skb reference from waiting_tx_skb pointer to ongoing_tx_skb pointer and assigning new tx skb to waiting_tx_skb pointer, so that the other thread can’t access the waiting_tx_skb pointer until the current thread completes moving the tx skb reference safely. | 2025-01-11 | not yet calculated | CVE-2024-56788 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sock_recvmsg when draining clc data When receiving clc msg, the field length in smc_clc_msg_hdr indicates the length of msg should be received from network and the value should not be fully trusted as it is from the network. Once the value of length exceeds the value of buflen in function smc_clc_wait_msg it may run into deadloop when trying to drain the remaining data exceeding buflen. This patch checks the return value of sock_recvmsg when draining data in case of deadloop in draining. | 2025-01-11 | not yet calculated | CVE-2024-57791 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: power: supply: gpio-charger: Fix set charge current limits Fix set charge current limits for devices which allow to set the lowest charge current limit to be greater zero. If requested charge current limit is below lowest limit, the index equals current_limit_map_size which leads to accessing memory beyond allocated memory. | 2025-01-11 | not yet calculated | CVE-2024-57792 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. Leak the decrypted memory when set_memory_decrypted() fails, and don’t need to print an error since set_memory_decrypted() will call WARN_ONCE(). | 2025-01-11 | not yet calculated | CVE-2024-57793 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() While receiving an MST up request message from one thread in drm_dp_mst_handle_up_req(), the MST topology could be removed from another thread via drm_dp_mst_topology_mgr_set_mst(false), freeing mst_primary and setting drm_dp_mst_topology_mgr::mst_primary to NULL. This could lead to a NULL deref/use-after-free of mst_primary in drm_dp_mst_handle_up_req(). Avoid the above by holding a reference for mst_primary in drm_dp_mst_handle_up_req() while it’s used. v2: Fix kfreeing the request if getting an mst_primary reference fails. | 2025-01-11 | not yet calculated | CVE-2024-57798 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM In some cases, rk_hdptx_phy_runtime_resume() may be invoked before platform_set_drvdata() is executed in ->probe(), leading to a NULL pointer dereference when using the return of dev_get_drvdata(). Ensure platform_set_drvdata() is called before devm_pm_runtime_enable(). | 2025-01-11 | not yet calculated | CVE-2024-57799 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ALSA: memalloc: prefer dma_mapping_error() over explicit address checking With CONFIG_DMA_API_DEBUG enabled, the following warning is observed: DMA-API: snd_hda_intel 0000:03:00.1: device driver failed to check map error[device address=0x00000000ffff0000] [size=20480 bytes] [mapped as single] WARNING: CPU: 28 PID: 2255 at kernel/dma/debug.c:1036 check_unmap+0x1408/0x2430 CPU: 28 UID: 42 PID: 2255 Comm: wireplumber Tainted: G W L 6.12.0-10-133577cad6bf48e5a7848c4338124081393bfe8a+ #759 debug_dma_unmap_page+0xe9/0xf0 snd_dma_wc_free+0x85/0x130 [snd_pcm] snd_pcm_lib_free_pages+0x1e3/0x440 [snd_pcm] snd_pcm_common_ioctl+0x1c9a/0x2960 [snd_pcm] snd_pcm_ioctl+0x6a/0xc0 [snd_pcm] … Check for returned DMA addresses using specialized dma_mapping_error() helper which is generally recommended for this purpose by Documentation/core-api/dma-api.rst. | 2025-01-11 | not yet calculated | CVE-2024-57800 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and enabled in rapid succession, the persistent and current config pages related to SAS IO unit/SAS Expander pages could get corrupted. Use separate memory for each config request. | 2025-01-11 | not yet calculated | CVE-2024-57804 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP The linkDMA should not be released on stop trigger since a stream re-start might happen without closing of the stream. This leaves a short time for other streams to ‘steal’ the linkDMA since it has been released. This issue is not easy to reproduce under normal conditions as usually after stop the stream is closed, or the same stream is restarted, but if another stream got in between the stop and start, like this: aplay -Dhw:0,3 -c2 -r48000 -fS32_LE /dev/zero -d 120 CTRL+z aplay -Dhw:0,0 -c2 -r48000 -fS32_LE /dev/zero -d 120 then the link DMA channels will be mixed up, resulting firmware error or crash. | 2025-01-11 | not yet calculated | CVE-2024-57805 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction atomicity bug when enabling simple quotas Set squota incompat bit before committing the transaction that enables the feature. With the config CONFIG_BTRFS_ASSERT enabled, an assertion failure occurs regarding the simple quota feature. [5.596534] assertion failed: btrfs_fs_incompat(fs_info, SIMPLE_QUOTA), in fs/btrfs/qgroup.c:365 [5.597098] ————[ cut here ]———— [5.597371] kernel BUG at fs/btrfs/qgroup.c:365! [5.597946] CPU: 1 UID: 0 PID: 268 Comm: mount Not tainted 6.13.0-rc2-00031-gf92f4749861b #146 [5.598450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [5.599008] RIP: 0010:btrfs_read_qgroup_config+0x74d/0x7a0 [5.604303] <TASK> [5.605230] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.605538] ? exc_invalid_op+0x56/0x70 [5.605775] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.606066] ? asm_exc_invalid_op+0x1f/0x30 [5.606441] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.606741] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.607038] ? try_to_wake_up+0x317/0x760 [5.607286] open_ctree+0xd9c/0x1710 [5.607509] btrfs_get_tree+0x58a/0x7e0 [5.608002] vfs_get_tree+0x2e/0x100 [5.608224] fc_mount+0x16/0x60 [5.608420] btrfs_get_tree+0x2f8/0x7e0 [5.608897] vfs_get_tree+0x2e/0x100 [5.609121] path_mount+0x4c8/0xbc0 [5.609538] __x64_sys_mount+0x10d/0x150 The issue can be easily reproduced using the following reproducer: root@q:linux# cat repro.sh set -e mkfs.btrfs -q -f /dev/sdb mount /dev/sdb /mnt/btrfs btrfs quota enable -s /mnt/btrfs umount /mnt/btrfs mount /dev/sdb /mnt/btrfs The issue is that when enabling quotas, at btrfs_quota_enable(), we set BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE at fs_info->qgroup_flags and persist it in the quota root in the item with the key BTRFS_QGROUP_STATUS_KEY, but we only set the incompat bit BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA after we commit the transaction used to enable simple quotas. This means that if after that transaction commit we unmount the filesystem without starting and committing any other transaction, or we have a power failure, the next time we mount the filesystem we will find the flag BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE set in the item with the key BTRFS_QGROUP_STATUS_KEY but we will not find the incompat bit BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA set in the superblock, triggering an assertion failure at: btrfs_read_qgroup_config() -> qgroup_read_enable_gen() To fix this issue, set the BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA flag immediately after setting the BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE. This ensures that both flags are flushed to disk within the same transaction. | 2025-01-11 | not yet calculated | CVE-2024-57806 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a ‘possible circular locking dependency detected’ warning CPU0 CPU1 —- —- lock(&instance->reset_mutex); lock(&shost->scan_mutex); lock(&instance->reset_mutex); lock(&shost->scan_mutex); Fix this by temporarily releasing the reset_mutex. | 2025-01-11 | not yet calculated | CVE-2024-57807 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: PCI: imx6: Fix suspend/resume support on i.MX6QDL The suspend/resume functionality is currently broken on the i.MX6QDL platform, as documented in the NXP errata (ERR005723): https://www.nxp.com/docs/en/errata/IMX6DQCE.pdf This patch addresses the issue by sharing most of the suspend/resume sequences used by other i.MX devices, while avoiding modifications to critical registers that disrupt the PCIe functionality. It targets the same problem as the following downstream commit: https://github.com/nxp-imx/linux-imx/commit/4e92355e1f79d225ea842511fcfd42b343b32995 Unlike the downstream commit, this patch also resets the connected PCIe device if possible. Without this reset, certain drivers, such as ath10k or iwlwifi, will crash on resume. The device reset is also done by the driver on other i.MX platforms, making this patch consistent with existing practices. Upon resuming, the kernel will hang and display an error. Here’s an example of the error encountered with the ath10k driver: ath10k_pci 0000:01:00.0: Unable to change power state from D3hot to D0, device inaccessible Unhandled fault: imprecise external abort (0x1406) at 0x0106f944 Without this patch, suspend/resume will fail on i.MX6QDL devices if a PCIe device is connected. [kwilczynski: commit log, added tag for stable releases] | 2025-01-11 | not yet calculated | CVE-2024-57809 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: s390/entry: Mark IRQ entries to fix stack depot warnings The stack depot filters out everything outside of the top interrupt context as an uninteresting or irrelevant part of the stack traces. This helps with stack trace de-duplication, avoiding an explosion of saved stack traces that share the same IRQ context code path but originate from different randomly interrupted points, eventually exhausting the stack depot. Filtering uses in_irqentry_text() to identify functions within the .irqentry.text and .softirqentry.text sections, which then become the last stack trace entries being saved. While __do_softirq() is placed into the .softirqentry.text section by common code, populating .irqentry.text is architecture-specific. Currently, the .irqentry.text section on s390 is empty, which prevents stack depot filtering and de-duplication and could result in warnings like: Stack depot reached limit capacity WARNING: CPU: 0 PID: 286113 at lib/stackdepot.c:252 depot_alloc_stack+0x39a/0x3c8 with PREEMPT and KASAN enabled. Fix this by moving the IO/EXT interrupt handlers from .kprobes.text into the .irqentry.text section and updating the kprobes blacklist to include the .irqentry.text section. This is done only for asynchronous interrupts and explicitly not for program checks, which are synchronous and where the context beyond the program check is important to preserve. Despite machine checks being somewhat in between, they are extremely rare, and preserving context when possible is also of value. SVCs and Restart Interrupts are not relevant, one being always at the boundary to user space and the other being a one-time thing. IRQ entries filtering is also optionally used in ftrace function graph, where the same logic applies. | 2025-01-11 | not yet calculated | CVE-2024-57838 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Revert “readahead: properly shorten readahead when falling back to do_page_cache_ra()” This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used with NFS in readahead code. The problem has been bisected to 7c877586da3 (“readahead: properly shorten readahead when falling back to do_page_cache_ra()”). The cause of the problem is that ra->size can be shrunk by read_pages() call and subsequently we end up calling do_page_cache_ra() with negative (read huge positive) number of pages. Let’s revert 7c877586da3 for now until we can find a proper way how the logic in read_pages() and page_cache_ra_order() can coexist. This can lead to reduced readahead throughput due to readahead window confusion but that’s better than outright hangs. | 2025-01-11 | not yet calculated | CVE-2024-57839 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix overflow inside virtnet_rq_alloc When the frag just got a page, then may lead to regression on VM. Specially if the sysctl net.core.high_order_alloc_disable value is 1, then the frag always get a page when do refill. Which could see reliable crashes or scp failure (scp a file 100M in size to VM). The issue is that the virtnet_rq_dma takes up 16 bytes at the beginning of a new frag. When the frag size is larger than PAGE_SIZE, everything is fine. However, if the frag is only one page and the total size of the buffer and virtnet_rq_dma is larger than one page, an overflow may occur. The commit f9dac92ba908 (“virtio_ring: enable premapped mode whatever use_dma_api”) introduced this problem. And we reverted some commits to fix this in last linux version. Now we try to enable it and fix this bug directly. Here, when the frag size is not enough, we reduce the buffer len to fix this problem. | 2025-01-11 | not yet calculated | CVE-2024-57843 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: s390/cpum_sf: Handle CPU hotplug remove during sampling CPU hotplug remove handling triggers the following function call sequence: CPUHP_AP_PERF_S390_SF_ONLINE –> s390_pmu_sf_offline_cpu() … CPUHP_AP_PERF_ONLINE –> perf_event_exit_cpu() The s390 CPUMF sampling CPU hotplug handler invokes: s390_pmu_sf_offline_cpu() +–> cpusf_pmu_setup() +–> setup_pmc_cpu() +–> deallocate_buffers() This function de-allocates all sampling data buffers (SDBs) allocated for that CPU at event initialization. It also clears the PMU_F_RESERVED bit. The CPU is gone and can not be sampled. With the event still being active on the removed CPU, the CPU event hotplug support in kernel performance subsystem triggers the following function calls on the removed CPU: perf_event_exit_cpu() +–> perf_event_exit_cpu_context() +–> __perf_event_exit_context() +–> __perf_remove_from_context() +–> event_sched_out() +–> cpumsf_pmu_del() +–> cpumsf_pmu_stop() +–> hw_perf_event_update() to stop and remove the event. During removal of the event, the sampling device driver tries to read out the remaining samples from the sample data buffers (SDBs). But they have already been freed (and may have been re-assigned). This may lead to a use after free situation in which case the samples are most likely invalid. In the best case the memory has not been reassigned and still contains valid data. Remedy this situation and check if the CPU is still in reserved state (bit PMU_F_RESERVED set). In this case the SDBs have not been released an contain valid data. This is always the case when the event is removed (and no CPU hotplug off occured). If the PMU_F_RESERVED bit is not set, the SDB buffers are gone. | 2025-01-11 | not yet calculated | CVE-2024-57849 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode. | 2025-01-11 | not yet calculated | CVE-2024-57850 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. | 2025-01-11 | not yet calculated | CVE-2024-57872 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn’t initialize the temporary ‘ctrl’ variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently tagged_addr_ctrl_set() will consume an arbitrary value, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism. As set_tagged_addr_ctrl() only accepts values where bits [63:4] zero and rejects other values, a partial SETREGSET attempt will randomly succeed or fail depending on the value of the uninitialized value, and the exposure is significantly limited. Fix this by initializing the temporary value before copying the regset from userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG, NT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing value of the tagged address ctrl will be retained. The NT_ARM_TAGGED_ADDR_CTRL regset is only visible in the user_aarch64_view used by a native AArch64 task to manipulate another native AArch64 task. As get_tagged_addr_ctrl() only returns an error value when called for a compat task, tagged_addr_ctrl_get() and tagged_addr_ctrl_set() should never observe an error value from get_tagged_addr_ctrl(). Add a WARN_ON_ONCE() to both to indicate that such an error would be unexpected, and error handlnig is not missing in either case. | 2025-01-11 | not yet calculated | CVE-2024-57874 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: block: RCU protect disk->conv_zones_bitmap Ensure that a disk revalidation changing the conventional zones bitmap of a disk does not cause invalid memory references when using the disk_zone_is_conv() helper by RCU protecting the disk->conv_zones_bitmap pointer. disk_zone_is_conv() is modified to operate under the RCU read lock and the function disk_set_conv_zones_bitmap() is added to update a disk conv_zones_bitmap pointer using rcu_replace_pointer() with the disk zone_wplugs_lock spinlock held. disk_free_zone_resources() is modified to call disk_update_zone_resources() with a NULL bitmap pointer to free the disk conv_zones_bitmap. disk_set_conv_zones_bitmap() is also used in disk_update_zone_resources() to set the new (revalidated) bitmap and free the old one. | 2025-01-11 | not yet calculated | CVE-2024-57875 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down reply or MST up request sideband message, the drm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset from one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with the reading/parsing of the message from another thread via drm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The race is possible since the reader/parser doesn’t hold any lock while accessing the reception state. This in turn can lead to a memory corruption in the reader/parser as described by commit bd2fccac61b4 (“drm/dp_mst: Fix MST sideband message body length check”). Fix the above by resetting the message reception state if needed before reading/parsing a message. Another solution would be to hold the drm_dp_mst_topology_mgr::lock for the whole duration of the message reception/parsing in drm_dp_mst_handle_down_rep() and drm_dp_mst_handle_up_req(), however this would require a bigger change. Since the fix is also needed for stable, opting for the simpler solution in this patch. | 2025-01-11 | not yet calculated | CVE-2024-57876 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_POE Currently poe_set() doesn’t initialize the temporary ‘ctrl’ variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will be written back to target->thread.por_el0, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism. Fix this by initializing the temporary value before copying the regset from userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG, NT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing contents of POR_EL1 will be retained. Before this patch: | # ./poe-test | Attempting to write NT_ARM_POE::por_el0 = 0x900d900d900d900d | SETREGSET(nt=0x40f, len=8) wrote 8 bytes | | Attempting to read NT_ARM_POE::por_el0 | GETREGSET(nt=0x40f, len=8) read 8 bytes | Read NT_ARM_POE::por_el0 = 0x900d900d900d900d | | Attempting to write NT_ARM_POE (zero length) | SETREGSET(nt=0x40f, len=0) wrote 0 bytes | | Attempting to read NT_ARM_POE::por_el0 | GETREGSET(nt=0x40f, len=8) read 8 bytes | Read NT_ARM_POE::por_el0 = 0xffff8000839c3d50 After this patch: | # ./poe-test | Attempting to write NT_ARM_POE::por_el0 = 0x900d900d900d900d | SETREGSET(nt=0x40f, len=8) wrote 8 bytes | | Attempting to read NT_ARM_POE::por_el0 | GETREGSET(nt=0x40f, len=8) read 8 bytes | Read NT_ARM_POE::por_el0 = 0x900d900d900d900d | | Attempting to write NT_ARM_POE (zero length) | SETREGSET(nt=0x40f, len=0) wrote 0 bytes | | Attempting to read NT_ARM_POE::por_el0 | GETREGSET(nt=0x40f, len=8) read 8 bytes | Read NT_ARM_POE::por_el0 = 0x900d900d900d900d | 2025-01-11 | not yet calculated | CVE-2024-57877 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Currently fpmr_set() doesn’t initialize the temporary ‘fpmr’ variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will be written back to target->thread.uw.fpmr, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism. Fix this by initializing the temporary value before copying the regset from userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG, NT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing contents of FPMR will be retained. Before this patch: | # ./fpmr-test | Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d | SETREGSET(nt=0x40e, len=8) wrote 8 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d | | Attempting to write NT_ARM_FPMR (zero length) | SETREGSET(nt=0x40e, len=0) wrote 0 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0xffff800083963d50 After this patch: | # ./fpmr-test | Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d | SETREGSET(nt=0x40e, len=8) wrote 8 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d | | Attempting to write NT_ARM_FPMR (zero length) | SETREGSET(nt=0x40e, len=0) wrote 0 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d | 2025-01-11 | not yet calculated | CVE-2024-57878 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of iso_listen_bis Since hci_get_route holds the device before returning, the hdev should be released with hci_dev_put at the end of iso_listen_bis even if the function returns with an error. | 2025-01-11 | not yet calculated | CVE-2024-57879 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array The code uses the initialised member of the asoc_sdw_dailink struct to determine if a member of the array is in use. However in the case the array is completely full this will lead to an access 1 past the end of the array, expand the array by one entry to include a space for a terminator. | 2025-01-11 | not yet calculated | CVE-2024-57880 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: don’t call pfn_to_page() on possibly non-existent PFN in split_large_buddy() In split_large_buddy(), we might call pfn_to_page() on a PFN that might not exist. In corner cases, such as when freeing the highest pageblock in the last memory section, this could result with CONFIG_SPARSEMEM && !CONFIG_SPARSEMEM_EXTREME in __pfn_to_section() returning NULL and and __section_mem_map_addr() dereferencing that NULL pointer. Let’s fix it, and avoid doing a pfn_to_page() call for the first iteration, where we already have the page. So far this was found by code inspection, but let’s just CC stable as the fix is easy. | 2025-01-11 | not yet calculated | CVE-2024-57881 |
| MicahParks–jwkset | JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project’s provided HTTP client’s local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal from a JWK Set is equivalent to revocation. The affected auto-caching HTTP client was added in version v0.5.0 and fixed in v0.6.0. The only workaround would be to remove the provided auto-caching HTTP client and replace it with a custom implementation. This involves setting the HTTPClientStorageOptions.RefreshInterval to zero (or not specifying the value). | 2025-01-09 | not yet calculated | CVE-2025-22149 |
| moyangzhan–langchain4j-aideepin | LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0. | 2025-01-06 | not yet calculated | CVE-2025-21604 |
| Mozilla–Firefox | When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | not yet calculated | CVE-2025-0241 |
| Mozilla–Firefox | Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134. | 2025-01-07 | not yet calculated | CVE-2025-0247 |
| Mozilla–Firefox for iOS | Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134. | 2025-01-11 | not yet calculated | CVE-2025-23108 |
| Mozilla–Firefox for iOS | Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134. | 2025-01-11 | not yet calculated | CVE-2025-23109 |
| n/a–n/a | Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from an Interface vulnerability due to mismatching SW signals vs HW exceptions. | 2025-01-10 | not yet calculated | CVE-2024-25371 |
| n/a–n/a | Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads to state corruption via injected signals. | 2025-01-10 | not yet calculated | CVE-2024-29970 |
| n/a–n/a | Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected signals. | 2025-01-10 | not yet calculated | CVE-2024-29971 |
| n/a–n/a | Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function | 2025-01-10 | not yet calculated | CVE-2024-33297 |
| n/a–n/a | Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup | 2025-01-10 | not yet calculated | CVE-2024-33298 |
| n/a–n/a | Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users | 2025-01-10 | not yet calculated | CVE-2024-33299 |
| n/a–n/a | An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file. | 2025-01-10 | not yet calculated | CVE-2024-46210 |
| n/a–n/a | Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | 2025-01-09 | not yet calculated | CVE-2024-46505 |
| n/a–n/a | Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field | 2025-01-09 | not yet calculated | CVE-2024-48806 |
| n/a–n/a | Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting (XSS) via file upload using the svg and pdf extensions. | 2025-01-10 | not yet calculated | CVE-2024-50807 |
| n/a–n/a | Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database systems, some service/system user accounts, and possibly systems administrator created user accounts, are incorrectly assigned to groups that allow higher system-level privileges than intended for those user accounts. Depending on the usage of these accounts, this may lead to full system compromise. | 2025-01-08 | not yet calculated | CVE-2024-52869 |
| n/a–n/a | composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function. | 2025-01-08 | not yet calculated | CVE-2024-53526 |
| n/a–n/a | The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component. | 2025-01-06 | not yet calculated | CVE-2024-53931 |
| n/a–n/a | The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.remi.colorphone.callscreen.calltheme.callerscreen.dialer.DialerActivity component. | 2025-01-06 | not yet calculated | CVE-2024-53932 |
| n/a–n/a | Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php. | 2025-01-10 | not yet calculated | CVE-2024-54687 |
| n/a–n/a | PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion. | 2025-01-09 | not yet calculated | CVE-2024-54724 |
| n/a–n/a | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack. | 2025-01-10 | not yet calculated | CVE-2024-54846 |
| n/a–n/a | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack. | 2025-01-10 | not yet calculated | CVE-2024-54847 |
| n/a–n/a | Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks. | 2025-01-10 | not yet calculated | CVE-2024-54848 |
| n/a–n/a | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack. | 2025-01-10 | not yet calculated | CVE-2024-54849 |
| n/a–n/a | TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user. | 2025-01-09 | not yet calculated | CVE-2024-54887 |
| n/a–n/a | Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function. | 2025-01-10 | not yet calculated | CVE-2024-54910 |
| n/a–n/a | MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature. | 2025-01-10 | not yet calculated | CVE-2024-54994 |
| n/a–n/a | MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create. | 2025-01-10 | not yet calculated | CVE-2024-54996 |
| n/a–n/a | MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit. | 2025-01-10 | not yet calculated | CVE-2024-54997 |
| n/a–n/a | MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create. | 2025-01-10 | not yet calculated | CVE-2024-54998 |
| n/a–n/a | Smart Toilet Lab – Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page. | 2025-01-09 | not yet calculated | CVE-2024-56113 |
| n/a–n/a | Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their account. | 2025-01-09 | not yet calculated | CVE-2024-56114 |
| n/a–n/a | File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the base64-encoded image is parsed. For example, given a string like: data:image/html;base64,PGh0bWw+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPjwvaHRtbD4= the content after the comma is extracted and decoded using Base64.getDecoder().decode(). The substring from the 11th character up to the first occurrence of a semicolon (;) is assigned to the suffix variable (representing the file extension). The decoded content is then written to a file. However, the file extension is not validated, and since this functionality is exposed to the frontend, it poses significant security risks. | 2025-01-06 | not yet calculated | CVE-2024-56828 |
| n/a–n/a | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function. | 2025-01-10 | not yet calculated | CVE-2024-57211 |
| n/a–n/a | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function. | 2025-01-10 | not yet calculated | CVE-2024-57212 |
| n/a–n/a | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function. | 2025-01-10 | not yet calculated | CVE-2024-57213 |
| n/a–n/a | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | 2025-01-10 | not yet calculated | CVE-2024-57214 |
| n/a–n/a | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. | 2025-01-10 | not yet calculated | CVE-2024-57222 |
| n/a–n/a | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | 2025-01-10 | not yet calculated | CVE-2024-57223 |
| n/a–n/a | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | 2025-01-10 | not yet calculated | CVE-2024-57224 |
| n/a–n/a | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | 2025-01-10 | not yet calculated | CVE-2024-57225 |
| n/a–n/a | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. | 2025-01-10 | not yet calculated | CVE-2024-57226 |
| n/a–n/a | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | 2025-01-10 | not yet calculated | CVE-2024-57227 |
| n/a–n/a | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | 2025-01-10 | not yet calculated | CVE-2024-57228 |
| n/a–n/a | Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution. | 2025-01-10 | not yet calculated | CVE-2025-22946 |
| n/a–n/a | Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. | 2025-01-10 | not yet calculated | CVE-2025-22949 |
| nilsonLazarin–WeGIA | WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_geral.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8. | 2025-01-08 | not yet calculated | CVE-2025-22139 |
| nilsonLazarin–WeGIA | WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8. | 2025-01-08 | not yet calculated | CVE-2025-22140 |
| nilsonLazarin–WeGIA | WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8. | 2025-01-08 | not yet calculated | CVE-2025-22141 |
| Node.js–Node.js | Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. | 2025-01-09 | not yet calculated | CVE-2024-27980 |
| nodejs–node | The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. | 2025-01-09 | not yet calculated | CVE-2024-37372 |
| Palo Alto Networks–Cloud NGFW | An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system. | 2025-01-11 | not yet calculated | CVE-2025-0103 |
| Palo Alto Networks–Cloud NGFW | A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to Expedition browser-session theft. | 2025-01-11 | not yet calculated | CVE-2025-0104 |
| Palo Alto Networks–Cloud NGFW | An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem. | 2025-01-11 | not yet calculated | CVE-2025-0105 |
| Palo Alto Networks–Cloud NGFW | A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem. | 2025-01-11 | not yet calculated | CVE-2025-0106 |
| Palo Alto Networks–Cloud NGFW | An OS command injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software. | 2025-01-11 | not yet calculated | CVE-2025-0107 |
| Rails–ActiveSupport | ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file’s permissions are defaulted to the user’s current `umask` settings, meaning that it’s possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately. | 2025-01-09 | not yet calculated | CVE-2023-38037 |
| SickChill–sickchill | SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint’s `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter. | 2025-01-08 | not yet calculated | CVE-2024-53995 |
| The Document Foundation–LibreOffice | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with “.ttf”, by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4. | 2025-01-07 | not yet calculated | CVE-2024-12425 |
| The Document Foundation–LibreOffice | Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4. | 2025-01-07 | not yet calculated | CVE-2024-12426 |
| Unknown–Contact Form Master | The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-01-11 | not yet calculated | CVE-2024-12587 |
| Wikimedia Foundation–Mediawiki – ArticleFeedbackv5 extension | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki – ArticleFeedbackv5 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki – ArticleFeedbackv5 extension: from 1.42.X before 1.42.2. | 2025-01-10 | not yet calculated | CVE-2025-23079 |
| Wikimedia Foundation–Mediawiki – Breadcrumbs2 extension | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki – Breadcrumbs2 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki – Breadcrumbs2 extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.5, from 1.42.X before 1.42.4. | 2025-01-10 | not yet calculated | CVE-2025-23078 |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
