Total 279108 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-0243 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-01-13 5.1 Medium
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
CVE-2025-0242 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-01-13 6.5 Medium
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.
CVE-2025-0241 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-01-13 6.5 Medium
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
CVE-2025-0240 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-01-13 4 Medium
Parsing a JavaScript module as JSON could under some circumstances cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
CVE-2025-0239 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-01-13 4 Medium
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
CVE-2025-0238 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-01-13 5.3 Medium
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.
CVE-2025-0237 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-01-13 5.4 Medium
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
CVE-2024-55494 2025-01-13 6.1 Medium
A PHP Code Injection vulnerability that can lead to Remote Code Execution (RCE) and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the op_func parameter at /occontrolpanel/index.php.
CVE-2024-54997 2025-01-13 5.4 Medium
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.
CVE-2023-42248 2025-01-13 N/A
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php".
CVE-2023-42243 2025-01-13 N/A
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.
CVE-2023-42242 2025-01-13 N/A
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.
CVE-2023-42241 2025-01-13 N/A
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.
CVE-2023-42240 2025-01-13 N/A
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.
CVE-2023-42239 2025-01-13 N/A
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.
CVE-2023-42238 2025-01-13 N/A
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php.
CVE-2023-42237 2025-01-13 N/A
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.
CVE-2023-42236 2025-01-13 N/A
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.
CVE-2023-42235 2025-01-13 N/A
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.
CVE-2023-42234 2025-01-13 N/A
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.