Total
277353 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-32325 | 1 Posthog | 1 Posthog-js | 2025-01-14 | 5.4 Medium |
PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place. | ||||
CVE-2024-52006 | 2025-01-14 | N/A | ||
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.1, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones. | ||||
CVE-2015-20108 | 1 Onelogin | 1 Ruby-saml | 2025-01-14 | 9.8 Critical |
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. | ||||
CVE-2024-12747 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-01-14 | 5.6 Medium |
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. | ||||
CVE-2024-50338 | 2025-01-14 | 7.4 High | ||
Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's documentation restricts the use of the NUL (`\0`) character and newlines to form part of the keys or values. When Git reads from standard input, it considers both LF and CRLF as newline characters for the credential protocol by virtue of calling `strbuf_getline` that calls to `strbuf_getdelim_strip_crlf`. Git also validates that a newline is not present in the value by checking for the presence of the line-feed character (LF, `\n`), and errors if this is the case. This captures both LF and CRLF-type newlines. Git Credential Manager uses the .NET standard library `StreamReader` class to read the standard input stream line-by-line and parse the `key=value` credential protocol format. The implementation of the `ReadLineAsync` method considers LF, CRLF, and CR as valid line endings. This is means that .NET considers a single CR as a valid newline character, whereas Git does not. This mismatch of newline treatment between Git and GCM means that an attacker can craft a malicious remote URL. When a user clones or otherwise interacts with a malicious repository that requires authentication, the attacker can capture credentials for another Git remote. The attack is also heightened when cloning from repositories with submodules when using the `--recursive` clone option as the user is not able to inspect the submodule remote URLs beforehand. This issue has been patched in version 2.6.1 and all users are advised to upgrade. Users unable to upgrade should only interact with trusted remote repositories, and not clone with `--recursive` to allow inspection of any submodule URLs before cloning those submodules. | ||||
CVE-2023-2942 | 1 Open-emr | 1 Openemr | 2025-01-14 | 8.1 High |
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. | ||||
CVE-2023-2943 | 1 Open-emr | 1 Openemr | 2025-01-14 | 8.8 High |
Code Injection in GitHub repository openemr/openemr prior to 7.0.1. | ||||
CVE-2023-2944 | 1 Open-emr | 1 Openemr | 2025-01-14 | 5.4 Medium |
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | ||||
CVE-2025-23072 | 2025-01-14 | N/A | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - RefreshSpecial Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | ||||
CVE-2023-2945 | 1 Open-emr | 1 Openemr | 2025-01-14 | 5.4 Medium |
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. | ||||
CVE-2022-47028 | 1 Actionlauncher | 1 Action Launcher | 2025-01-14 | 5.5 Medium |
An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert. | ||||
CVE-2025-21245 | 2025-01-14 | 8.8 High | ||
Windows Telephony Service Remote Code Execution Vulnerability | ||||
CVE-2025-21409 | 2025-01-14 | 8.8 High | ||
Windows Telephony Service Remote Code Execution Vulnerability | ||||
CVE-2025-21223 | 2025-01-14 | 8.8 High | ||
Windows Telephony Service Remote Code Execution Vulnerability | ||||
CVE-2025-21238 | 2025-01-14 | 8.8 High | ||
Windows Telephony Service Remote Code Execution Vulnerability | ||||
CVE-2025-21240 | 2025-01-14 | 8.8 High | ||
Windows Telephony Service Remote Code Execution Vulnerability | ||||
CVE-2025-21250 | 2025-01-14 | 8.8 High | ||
Windows Telephony Service Remote Code Execution Vulnerability | ||||
CVE-2025-21417 | 2025-01-14 | 8.8 High | ||
Windows Telephony Service Remote Code Execution Vulnerability | ||||
CVE-2025-21246 | 2025-01-14 | 8.8 High | ||
Windows Telephony Service Remote Code Execution Vulnerability | ||||
CVE-2025-21334 | 2025-01-14 | 7.8 High | ||
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |