Total
277570 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2817 | 1 Craftcms | 1 Craft Cms | 2025-01-15 | 5.4 Medium |
| A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively. | ||||
| CVE-2023-28382 | 1 Et-x | 1 Ess Rec | 2025-01-15 | 8.1 High |
| Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1 | ||||
| CVE-2023-28321 | 6 Apple, Debian, Fedoraproject and 3 more | 17 Macos, Debian Linux, Fedora and 14 more | 2025-01-15 | 5.9 Medium |
| An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. | ||||
| CVE-2025-21274 | 2025-01-15 | 5.5 Medium | ||
| Windows Event Tracing Denial of Service Vulnerability | ||||
| CVE-2023-28320 | 3 Apple, Haxx, Netapp | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2025-01-15 | 5.9 Medium |
| A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. | ||||
| CVE-2023-28319 | 4 Apple, Haxx, Netapp and 1 more | 13 Macos, Curl, Clustered Data Ontap and 10 more | 2025-01-15 | 7.5 High |
| A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. | ||||
| CVE-2023-27311 | 1 Netapp | 1 Blue Xp Connector | 2025-01-15 | 5.3 Medium |
| NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector. | ||||
| CVE-2024-9865 | 1 Metagauss | 1 Eventprime | 2025-01-15 | 6.1 Medium |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ep_booking_attendee_fields’ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the transaction log for a booking. | ||||
| CVE-2022-48478 | 1 Huawei | 1 Harmonyos | 2025-01-15 | 9.8 Critical |
| The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | ||||
| CVE-2022-48479 | 1 Huawei | 1 Harmonyos | 2025-01-15 | 9.8 Critical |
| The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | ||||
| CVE-2022-48480 | 1 Huawei | 1 Emui | 2025-01-15 | 7.5 High |
| Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2020-8094 | 2025-01-15 | N/A | ||
| An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file. | ||||
| CVE-2024-50858 | 2025-01-15 | N/A | ||
| Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration. | ||||
| CVE-2023-0116 | 1 Huawei | 1 Emui | 2025-01-15 | 7.5 High |
| The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-21083 | 2025-01-15 | 6.5 Medium | ||
| Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | ||||
| CVE-2025-20036 | 2025-01-15 | 6.5 Medium | ||
| Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | ||||
| CVE-2023-21516 | 1 Samsung | 1 Galaxy Store | 2025-01-15 | 7.5 High |
| XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||
| CVE-2023-21515 | 1 Samsung | 1 Galaxy Store | 2025-01-15 | 7.5 High |
| InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||
| CVE-2024-57620 | 2025-01-15 | 7.5 High | ||
| An issue in the trimchars component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-22970 | 2 Fedoraproject, Usebottles | 2 Fedora, Bottles | 2025-01-15 | 7.8 High |
| Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file. | ||||