Total
277701 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22906 | 2025-01-16 | 9.8 Critical | ||
| RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. | ||||
| CVE-2025-22905 | 2025-01-16 | 9.8 Critical | ||
| RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. | ||||
| CVE-2024-57016 | 2025-01-16 | 9.8 Critical | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg. | ||||
| CVE-2024-57015 | 2025-01-16 | 9.8 Critical | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg. | ||||
| CVE-2024-57014 | 2025-01-16 | 9.8 Critical | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg. | ||||
| CVE-2024-57013 | 2025-01-16 | 9.8 Critical | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg. | ||||
| CVE-2024-57012 | 2025-01-16 | 9.8 Critical | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg. | ||||
| CVE-2024-57011 | 2025-01-16 | 9.8 Critical | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg. | ||||
| CVE-2024-54540 | 2025-01-16 | 5.5 Medium | ||
| The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app. | ||||
| CVE-2024-44136 | 2025-01-16 | 9.1 Critical | ||
| This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection. | ||||
| CVE-2024-27856 | 2025-01-16 | 7.8 High | ||
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution. | ||||
| CVE-2023-33355 | 1 Thecosy | 1 Icecms | 2025-01-16 | 7.5 High |
| IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information. | ||||
| CVE-2023-33280 | 1 Storecommander | 1 Quickaccounting | 2025-01-16 | 9.8 Critical |
| In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | ||||
| CVE-2023-33279 | 1 Scfixmyprestashop Project | 1 Scfixmyprestashop | 2025-01-16 | 9.8 Critical |
| In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | ||||
| CVE-2023-33278 | 1 Storecommander | 1 Customers Export | 2025-01-16 | 9.8 Critical |
| In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | ||||
| CVE-2023-33263 | 1 Wftpd Project | 1 Wftpd | 2025-01-16 | 7.5 High |
| In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006. | ||||
| CVE-2023-31861 | 1 Zlmediakit | 1 Zlmediakit | 2025-01-16 | 7.5 High |
| ZLMediaKit 4.0 is vulnerable to Directory Traversal. | ||||
| CVE-2023-31594 | 1 Ic | 2 Realtime Icip-p2012t, Realtime Icip-p2012t Firmware | 2025-01-16 | 7.5 High |
| IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. | ||||
| CVE-2023-20883 | 2 Redhat, Vmware | 5 Camel Spring Boot, Jboss Enterprise Bpms Platform, Jboss Fuse and 2 more | 2025-01-16 | 7.5 High |
| In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. | ||||
| CVE-2023-20882 | 1 Cloudfoundry | 2 Cf-deployment, Routing Release | 2025-01-16 | 5.9 Medium |
| In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool. | ||||