Total
277638 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21278 | 2025-01-15 | 6.2 Medium | ||
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | ||||
| CVE-2025-21329 | 2025-01-15 | 4.3 Medium | ||
| MapUrlToZone Security Feature Bypass Vulnerability | ||||
| CVE-2025-21213 | 2025-01-15 | 4.6 Medium | ||
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2025-21224 | 2025-01-15 | 8.1 High | ||
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21225 | 2025-01-15 | 5.9 Medium | ||
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | ||||
| CVE-2025-21226 | 2025-01-15 | 6.6 Medium | ||
| Windows Digital Media Elevation of Privilege Vulnerability | ||||
| CVE-2025-21227 | 2025-01-15 | 6.6 Medium | ||
| Windows Digital Media Elevation of Privilege Vulnerability | ||||
| CVE-2025-21228 | 2025-01-15 | 6.6 Medium | ||
| Windows Digital Media Elevation of Privilege Vulnerability | ||||
| CVE-2025-21310 | 2025-01-15 | 6.6 Medium | ||
| Windows Digital Media Elevation of Privilege Vulnerability | ||||
| CVE-2025-21312 | 2025-01-15 | 2.4 Low | ||
| Windows Smart Card Reader Information Disclosure Vulnerability | ||||
| CVE-2025-0487 | 2025-01-15 | 6.3 Medium | ||
| A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/cat_edit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0486 | 2025-01-15 | 7.3 High | ||
| A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fladmin/login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-21514 | 1 Samsung | 1 Galaxy Store | 2025-01-15 | 7.5 High |
| Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||
| CVE-2024-4397 | 1 Thimpress | 1 Learnpress | 2025-01-15 | 8.8 High |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-1320 | 1 Metagauss | 1 Eventprime | 2025-01-15 | 6.5 Medium |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-1125 | 1 Metagauss | 1 Eventprime | 2025-01-15 | 6.5 Medium |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts. | ||||
| CVE-2024-1124 | 1 Metagauss | 1 Eventprime | 2025-01-15 | 4.3 Medium |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary emails with arbitrary content from the site. | ||||
| CVE-2025-0488 | 2025-01-15 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0482 | 2025-01-15 | 7.3 High | ||
| A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-57226 | 2025-01-15 | 8 High | ||
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. | ||||