Total
277587 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33508 | 1 Kramerav | 2 Via Go2, Via Go2 Firmware | 2025-01-10 | 9.8 Critical |
| KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). | ||||
| CVE-2023-33507 | 1 Kramerav | 2 Via Go2, Via Go2 Firmware | 2025-01-10 | 7.5 High |
| KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read. | ||||
| CVE-2023-33485 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-10 | 8.8 High |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. | ||||
| CVE-2023-33287 | 1 Actonic | 1 Inline Table Editing | 2025-01-10 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables. | ||||
| CVE-2022-4697 | 1 Properfraction | 1 Profilepress | 2025-01-10 | 5.5 Medium |
| The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-23198 | 2025-01-10 | 6.6 Medium | ||
| Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access. | ||||
| CVE-2024-56716 | 1 Linux | 1 Linux Kernel | 2025-01-10 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash. | ||||
| CVE-2023-32217 | 1 Sailpoint | 1 Identityiq | 2025-01-10 | 9 Critical |
| IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath. | ||||
| CVE-2024-33067 | 1 Qualcomm | 154 Ar8035, Ar8035 Firmware, C-v2x 9150 and 151 more | 2025-01-10 | 6.1 Medium |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. | ||||
| CVE-2024-24988 | 1 Mattermost | 1 Mattermost Server | 2025-01-10 | 4.3 Medium |
| Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server. | ||||
| CVE-2024-43063 | 1 Qualcomm | 34 Qam8255p, Qam8255p Firmware, Qam8295p and 31 more | 2025-01-10 | 6.1 Medium |
| information disclosure while invoking the mailbox read API. | ||||
| CVE-2024-23493 | 1 Mattermost | 1 Mattermost Server | 2025-01-10 | 4.3 Medium |
| Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. | ||||
| CVE-2023-35685 | 1 Google | 1 Android | 2025-01-10 | 7.8 High |
| In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-20659 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-01-10 | 7.1 High |
| Windows Hyper-V Security Feature Bypass Vulnerability | ||||
| CVE-2024-30092 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-10 | 8 High |
| Windows Hyper-V Remote Code Execution Vulnerability | ||||
| CVE-2024-0550 | 1 Mintplexlabs | 1 Anythingllm | 2025-01-10 | 6.5 Medium |
| A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack. | ||||
| CVE-2024-57822 | 2025-01-10 | 4 Medium | ||
| In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal(). | ||||
| CVE-2024-57686 | 2025-01-10 | 9.8 Critical | ||
| A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter. | ||||
| CVE-2024-52896 | 1 Ibm | 1 Mq | 2025-01-10 | 6.2 Medium |
| IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | ||||
| CVE-2024-51072 | 2025-01-10 | 5.3 Medium | ||
| An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service. NOTE: this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the ECUReset specification does not allow a manufacturer to require SecurityAccess and Authentication. | ||||