Total
277587 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22329 | 2025-01-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AGILELOGIX Free Google Maps allows Stored XSS.This issue affects Free Google Maps: from n/a through 1.0.1. | ||||
| CVE-2023-33119 | 1 Qualcomm | 324 Aqt1000, Aqt1000 Firmware, Ar8035 and 321 more | 2025-01-15 | 8.4 High |
| Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache. | ||||
| CVE-2024-25817 | 1 Eza.rock | 1 Eza | 2025-01-15 | 7.8 High |
| Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components. | ||||
| CVE-2025-21202 | 2025-01-15 | 6.1 Medium | ||
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | ||||
| CVE-2025-21187 | 2025-01-15 | 7.8 High | ||
| Microsoft Power Automate Remote Code Execution Vulnerability | ||||
| CVE-2025-21186 | 2025-01-15 | 7.8 High | ||
| Microsoft Access Remote Code Execution Vulnerability | ||||
| CVE-2024-27278 | 1 Openpne | 1 Optimelineplugin | 2025-01-15 | 5.4 Medium |
| OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users. | ||||
| CVE-2023-33677 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-01-15 | 7.5 High |
| Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". | ||||
| CVE-2023-49971 | 1 Oretnom23 | 1 Customer Support System | 2025-01-15 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. | ||||
| CVE-2024-0386 | 1 Weformspro | 1 Weforms | 2025-01-15 | 7.2 High |
| The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-49973 | 1 Oretnom23 | 1 Customer Support System | 2025-01-15 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list. | ||||
| CVE-2023-4627 | 1 Ladipage | 1 Ladipage | 2025-01-15 | 4.3 Medium |
| The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_config() function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladipage_config' option. | ||||
| CVE-2023-4628 | 1 Ladipage | 1 Ladipage | 2025-01-15 | 4.3 Medium |
| The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflow_hook_configs' option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-21211 | 2025-01-15 | 6.8 Medium | ||
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2023-4629 | 1 Ladipage | 1 Ladipage | 2025-01-15 | 4.3 Medium |
| The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the save_config() function in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to update the 'ladipage_config' option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-4728 | 1 Ladipage | 1 Ladipage | 2025-01-15 | 4.3 Medium |
| The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS | ||||
| CVE-2023-4729 | 1 Ladipage | 1 Ladipage | 2025-01-15 | 4.3 Medium |
| The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-4731 | 1 Ladipage | 1 Ladipage | 2025-01-15 | 4.3 Medium |
| The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modify a variety of settings, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts, | ||||
| CVE-2024-26204 | 1 Microsoft | 1 Outlook | 2025-01-15 | 7.5 High |
| Outlook for Android Information Disclosure Vulnerability | ||||
| CVE-2024-26203 | 1 Microsoft | 1 Azure Data Studio | 2025-01-15 | 7.3 High |
| Azure Data Studio Elevation of Privilege Vulnerability | ||||