Total
277570 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51229 | 2025-01-10 | 8.8 High | ||
| Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function. | ||||
| CVE-2024-46210 | 2025-01-10 | N/A | ||
| An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2023-33633 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | 7.2 High |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. | ||||
| CVE-2023-33632 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | 7.2 High |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. | ||||
| CVE-2023-33631 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | 7.2 High |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm. | ||||
| CVE-2023-33629 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | 7.2 High |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. | ||||
| CVE-2023-33628 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | 7.2 High |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. | ||||
| CVE-2023-33509 | 1 Kramerav | 2 Via Go2, Via Go2 Firmware | 2025-01-10 | 9.8 Critical |
| KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection. | ||||
| CVE-2023-33508 | 1 Kramerav | 2 Via Go2, Via Go2 Firmware | 2025-01-10 | 9.8 Critical |
| KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). | ||||
| CVE-2023-33507 | 1 Kramerav | 2 Via Go2, Via Go2 Firmware | 2025-01-10 | 7.5 High |
| KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read. | ||||
| CVE-2023-33485 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-10 | 8.8 High |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. | ||||
| CVE-2023-33287 | 1 Actonic | 1 Inline Table Editing | 2025-01-10 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables. | ||||
| CVE-2022-4697 | 1 Properfraction | 1 Profilepress | 2025-01-10 | 5.5 Medium |
| The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-23198 | 2025-01-10 | 6.6 Medium | ||
| Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access. | ||||
| CVE-2024-56716 | 1 Linux | 1 Linux Kernel | 2025-01-10 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash. | ||||
| CVE-2023-32217 | 1 Sailpoint | 1 Identityiq | 2025-01-10 | 9 Critical |
| IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath. | ||||
| CVE-2024-33067 | 1 Qualcomm | 154 Ar8035, Ar8035 Firmware, C-v2x 9150 and 151 more | 2025-01-10 | 6.1 Medium |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. | ||||
| CVE-2024-24988 | 1 Mattermost | 1 Mattermost Server | 2025-01-10 | 4.3 Medium |
| Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server. | ||||
| CVE-2024-43063 | 1 Qualcomm | 34 Qam8255p, Qam8255p Firmware, Qam8295p and 31 more | 2025-01-10 | 6.1 Medium |
| information disclosure while invoking the mailbox read API. | ||||
| CVE-2024-23493 | 1 Mattermost | 1 Mattermost Server | 2025-01-10 | 4.3 Medium |
| Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. | ||||