Total
280990 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-29172 | 2025-02-12 | 5.9 Medium | ||
Dell BSAFE SSL-J contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service. | ||||
CVE-2024-29171 | 2025-02-12 | 5.9 Medium | ||
Dell BSAFE SSL-J contains an Improper certificate verification vulnerability. A remote attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
CVE-2024-0145 | 2025-02-12 | 6.8 Medium | ||
NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
CVE-2024-0144 | 2025-02-12 | 6.8 Medium | ||
NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to data tampering. | ||||
CVE-2024-0143 | 2025-02-12 | 6.8 Medium | ||
NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
CVE-2024-40891 | 2025-02-12 | 8.8 High | ||
**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet. | ||||
CVE-2024-40890 | 2025-02-12 | 8.8 High | ||
**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request. | ||||
CVE-2025-21391 | 2025-02-12 | 7.1 High | ||
Windows Storage Elevation of Privilege Vulnerability | ||||
CVE-2024-3459 | 1 Kioware | 1 Kioware | 2025-02-12 | 8.4 High |
KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges. | ||||
CVE-2024-34566 | 1 Vanderwijk | 1 Content Blocks | 2025-02-12 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.0. | ||||
CVE-2024-31349 | 1 Mailmunch | 1 Mailmunch | 2025-02-12 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailMunch – Grow your Email List allows Stored XSS.This issue affects MailMunch – Grow your Email List: from n/a through 3.1.6. | ||||
CVE-2024-29793 | 1 Mailmunch | 1 Mailchimp Forms | 2025-02-12 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2. | ||||
CVE-2024-1707 | 1 Garo | 2 Wallbox Glb\+ T2ev7, Wallbox Glb\+ T2ev7 Firmware | 2025-02-12 | 4.3 Medium |
A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. This affects an unknown part of the file /index.jsp#settings of the component Software Update Handler. The manipulation of the argument Reference leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254397 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2025-23359 | 2025-02-12 | 8.3 High | ||
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
CVE-2025-1243 | 2025-02-12 | N/A | ||
The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the `update response` field not having Data Converter transformations (e.g. encryption) applied. This is an issue only when using the UpdateWorkflowExecution APIs (released on 13th January 2025) with a proxy leveraging the api-go library before version 1.44.1. Other data fields were correctly sent to Data Converter. This issue does not impact the Data Converter server. Data was encrypted in transit. Temporal Cloud services are not impacted. | ||||
CVE-2024-53880 | 2025-02-12 | 4.9 Medium | ||
NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial of service. | ||||
CVE-2024-0142 | 2025-02-12 | 6.8 Medium | ||
NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
CVE-2024-25898 | 1 Churchcrm | 1 Churchcrm | 2025-02-12 | 6.1 Medium |
A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php. | ||||
CVE-2024-1706 | 1 Zkteco | 1 Zkbio Access Ivs | 2025-02-12 | 3.5 Low |
A vulnerability, which was classified as problematic, has been found in ZKTeco ZKBio Access IVS up to 3.3.2. Affected by this issue is some unknown functionality of the component Department Name Search Bar. The manipulation with the input <marquee>hi leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254396. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-1702 | 1 Keerti1924 | 1 Php Mysql User Signup Login System | 2025-02-12 | 6.3 Medium |
A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |