Total
277614 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21220 | 2025-01-15 | 7.5 High | ||
| Microsoft Message Queuing Information Disclosure Vulnerability | ||||
| CVE-2025-21193 | 2025-01-15 | 6.5 Medium | ||
| Active Directory Federation Server Spoofing Vulnerability | ||||
| CVE-2023-43526 | 1 Qualcomm | 76 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 73 more | 2025-01-15 | 6.7 Medium |
| Memory corruption while querying module parameters from Listen Sound model client in kernel from user space. | ||||
| CVE-2023-43525 | 1 Qualcomm | 80 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 77 more | 2025-01-15 | 6.7 Medium |
| Memory corruption while copying the sound model data from user to kernel buffer during sound model register. | ||||
| CVE-2023-43524 | 1 Qualcomm | 114 Ar8035, Ar8035 Firmware, Fastconnect 6800 and 111 more | 2025-01-15 | 6.7 Medium |
| Memory corruption when the bandpass filter order received from AHAL is not within the expected range. | ||||
| CVE-2023-43521 | 1 Qualcomm | 154 Ar8035, Ar8035 Firmware, C-v2x 9150 and 151 more | 2025-01-15 | 6.7 Medium |
| Memory corruption when multiple listeners are being registered with the same file descriptor. | ||||
| CVE-2025-21207 | 2025-01-15 | 7.5 High | ||
| Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability | ||||
| CVE-2024-3661 | 9 Apple, Cisco, Citrix and 6 more | 12 Iphone Os, Macos, Anyconnect Vpn Client and 9 more | 2025-01-15 | 7.6 High |
| DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | ||||
| CVE-2025-22329 | 2025-01-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AGILELOGIX Free Google Maps allows Stored XSS.This issue affects Free Google Maps: from n/a through 1.0.1. | ||||
| CVE-2023-33119 | 1 Qualcomm | 324 Aqt1000, Aqt1000 Firmware, Ar8035 and 321 more | 2025-01-15 | 8.4 High |
| Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache. | ||||
| CVE-2024-25817 | 1 Eza.rock | 1 Eza | 2025-01-15 | 7.8 High |
| Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components. | ||||
| CVE-2025-21202 | 2025-01-15 | 6.1 Medium | ||
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | ||||
| CVE-2025-21187 | 2025-01-15 | 7.8 High | ||
| Microsoft Power Automate Remote Code Execution Vulnerability | ||||
| CVE-2025-21186 | 2025-01-15 | 7.8 High | ||
| Microsoft Access Remote Code Execution Vulnerability | ||||
| CVE-2024-27278 | 1 Openpne | 1 Optimelineplugin | 2025-01-15 | 5.4 Medium |
| OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users. | ||||
| CVE-2023-33677 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-01-15 | 7.5 High |
| Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". | ||||
| CVE-2023-49971 | 1 Oretnom23 | 1 Customer Support System | 2025-01-15 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. | ||||
| CVE-2024-0386 | 1 Weformspro | 1 Weforms | 2025-01-15 | 7.2 High |
| The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-49973 | 1 Oretnom23 | 1 Customer Support System | 2025-01-15 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list. | ||||
| CVE-2023-4627 | 1 Ladipage | 1 Ladipage | 2025-01-15 | 4.3 Medium |
| The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_config() function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladipage_config' option. | ||||