Total
277502 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11849 | 2025-01-06 | 6.1 Medium | ||
| The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-11356 | 2025-01-06 | 6.1 Medium | ||
| The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. | ||||
| CVE-2024-30085 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-06 | 7.8 High |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-44211 | 1 Apple | 1 Macos | 2025-01-06 | 7.5 High |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data. | ||||
| CVE-2024-13144 | 2025-01-06 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13145 | 2025-01-06 | 6.3 Medium | ||
| A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-44223 | 1 Apple | 1 Macos | 2025-01-06 | 4.6 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window. | ||||
| CVE-2024-44231 | 1 Apple | 1 Macos | 2025-01-06 | 7.5 High |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. A person with physical access to a Mac may be able to bypass Login Window during a software update. | ||||
| CVE-2024-12970 | 2025-01-06 | 3.9 Low | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus OS My Computer: before 0.7.2. | ||||
| CVE-2024-53241 | 2025-01-05 | 5.7 Medium | ||
| In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations. This is part of XSA-466 / CVE-2024-53241. | ||||
| CVE-2024-13042 | 2025-01-04 | 4.3 Medium | ||
| A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). It has been classified as problematic. Affected is the function download of the file /Searchnew/Subject/download.html. The manipulation of the argument path leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-22389 | 2025-01-04 | N/A | ||
| An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems. | ||||
| CVE-2023-32221 | 1 Easeus | 1 Todo Backup | 2025-01-04 | 8.8 High |
| EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation. | ||||
| CVE-2022-38156 | 1 Kratosdefense | 2 Spectralnet Narrowband, Spectralnet Narrowband Firmware | 2025-01-03 | 7.2 High |
| A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user. | ||||
| CVE-2023-33253 | 1 Agilebio | 1 Labcollector | 2025-01-03 | 8.8 High |
| LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent. | ||||
| CVE-2023-33290 | 1 Git-url-parse Project | 1 Git-url-parse | 2025-01-03 | 7.5 High |
| The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python). | ||||
| CVE-2023-33492 | 1 Eyoucms | 1 Eyoucms | 2025-01-03 | 5.4 Medium |
| EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-33625 | 1 Dlink | 2 Dir-600, Dir-600 Firmware | 2025-01-03 | 9.8 Critical |
| D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. | ||||
| CVE-2023-33626 | 1 Dlink | 2 Dir-600, Dir-600 Firmware | 2025-01-03 | 9.8 Critical |
| D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. | ||||
| CVE-2023-34488 | 1 Emqx | 1 Nanomq | 2025-01-03 | 7.8 High |
| NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handler function of mqtt_parser.c when it processes malformed messages. | ||||