Total
277590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-57483 | 2025-01-14 | N/A | ||
| Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function. | ||||
| CVE-2024-57473 | 2025-01-14 | N/A | ||
| H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | ||||
| CVE-2024-54730 | 2025-01-14 | N/A | ||
| Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function. | ||||
| CVE-2024-42911 | 2025-01-14 | N/A | ||
| ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability. | ||||
| CVE-2024-57482 | 2025-01-14 | N/A | ||
| H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | ||||
| CVE-2024-57480 | 2025-01-14 | N/A | ||
| H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | ||||
| CVE-2024-57479 | 2025-01-14 | N/A | ||
| H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | ||||
| CVE-2024-57471 | 2025-01-14 | N/A | ||
| H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | ||||
| CVE-2024-54036 | 1 Adobe | 1 Connect | 2025-01-14 | 9.3 Critical |
| Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | ||||
| CVE-2024-49530 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-01-14 | 7 High |
| Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and be tricked in to interacting with it in a specific manner, increasing the attack complexity. | ||||
| CVE-2024-12747 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-01-14 | 5.6 Medium |
| A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. | ||||
| CVE-2023-0034 | 1 Crocoblock | 1 Jetwidgets For Elementor | 2025-01-14 | 5.4 Medium |
| The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-4444 | 1 Thimpress | 1 Learnpress | 2025-01-14 | 5.3 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. | ||||
| CVE-2024-11868 | 1 Thimpress | 1 Learnpress | 2025-01-14 | 5.3 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material. | ||||
| CVE-2022-4555 | 1 Wpvar | 1 Wp Shamsi | 2025-01-14 | 6.5 Medium |
| The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities. | ||||
| CVE-2022-4698 | 1 Properfraction | 1 Profilepress | 2025-01-14 | 5.5 Medium |
| The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-29241 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 9.9 Critical |
| Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | ||||
| CVE-2024-29240 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 4.3 Medium |
| Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. | ||||
| CVE-2024-29231 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 5.4 Medium |
| Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | ||||
| CVE-2024-29230 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-01-14 | 5.4 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||