Total
277558 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31894 | 1 Ibm | 1 App Connect Enterprise | 2025-01-08 | 4.3 Medium |
| IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175. | ||||
| CVE-2023-3086 | 1 Teampass | 1 Teampass | 2025-01-08 | 9.0 Critical |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-3095 | 1 Teampass | 1 Teampass | 2025-01-08 | 6.5 Medium |
| Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2024-4563 | 1 Progress | 1 Moveit Automation | 2025-01-08 | 6.1 Medium |
| The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. | ||||
| CVE-2023-22862 | 1 Ibm | 2 Aspera Cargo, Aspera Connect | 2025-01-08 | 5.9 Medium |
| IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | ||||
| CVE-2023-27285 | 1 Ibm | 2 Aspera Cargo, Aspera Connect | 2025-01-08 | 8.4 High |
| IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625. | ||||
| CVE-2024-2666 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-01-08 | 5.4 Medium |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and attempts to edit the content. | ||||
| CVE-2023-3067 | 1 Trilium Project | 1 Trilium | 2025-01-08 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4. | ||||
| CVE-2023-3069 | 1 Corebos | 1 Corebos | 2025-01-08 | 9.8 Critical |
| Unverified Password Change in GitHub repository tsolucio/corebos prior to 8. | ||||
| CVE-2023-3070 | 1 Corebos | 1 Corebos | 2025-01-08 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | ||||
| CVE-2023-3071 | 1 Tsolucio | 1 Corebos | 2025-01-08 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | ||||
| CVE-2024-3333 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-01-08 | 6.4 Medium |
| The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets in all versions up to, and including, 5.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-3073 | 1 Corebos | 1 Corebos | 2025-01-08 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via evvtgendoc. | ||||
| CVE-2023-3074 | 1 Corebos | 1 Corebos | 2025-01-08 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | ||||
| CVE-2024-3018 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-01-08 | 8.8 High |
| The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'error_resetpassword' attribute of the "Login | Register Form" widget (disabled by default). This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||
| CVE-2025-22137 | 2025-01-08 | 9.8 Critical | ||
| Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0. | ||||
| CVE-2024-4971 | 1 Thimpress | 1 Learnpress | 2025-01-08 | 6.4 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-22136 | 2025-01-08 | N/A | ||
| Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableNodeOptionsEnvironmentVariable. These fuses create potential code injection vectors even though the application is signed with hardened runtime and lacks dangerous entitlements such as com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables. This vulnerability is fixed in 1.0.217. | ||||
| CVE-2025-22130 | 2025-01-08 | N/A | ||
| Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without explicitly giving them permissions. This is patched in v0.8.2. | ||||
| CVE-2024-53526 | 2025-01-08 | N/A | ||
| composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function. | ||||