Total
277570 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21202 | 2025-01-15 | 6.1 Medium | ||
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | ||||
| CVE-2025-21187 | 2025-01-15 | 7.8 High | ||
| Microsoft Power Automate Remote Code Execution Vulnerability | ||||
| CVE-2024-50861 | 2025-01-15 | N/A | ||
| The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks. | ||||
| CVE-2025-21186 | 2025-01-15 | 7.8 High | ||
| Microsoft Access Remote Code Execution Vulnerability | ||||
| CVE-2024-7085 | 2025-01-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Solutions Business Manager (SBM) allows Stored XSS. The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutions Business Manager (SBM): through 12.2.1. | ||||
| CVE-2025-21211 | 2025-01-15 | 6.8 Medium | ||
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-57025 | 2025-01-15 | N/A | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg. | ||||
| CVE-2024-57023 | 2025-01-15 | N/A | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg. | ||||
| CVE-2024-57022 | 2025-01-15 | N/A | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg. | ||||
| CVE-2024-57021 | 2025-01-15 | N/A | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg. | ||||
| CVE-2024-57024 | 2025-01-15 | N/A | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg. | ||||
| CVE-2024-57020 | 2025-01-15 | N/A | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg. | ||||
| CVE-2025-22996 | 2025-01-15 | N/A | ||
| A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | ||||
| CVE-2024-26204 | 1 Microsoft | 1 Outlook | 2025-01-15 | 7.5 High |
| Outlook for Android Information Disclosure Vulnerability | ||||
| CVE-2024-26203 | 1 Microsoft | 1 Azure Data Studio | 2025-01-15 | 7.3 High |
| Azure Data Studio Elevation of Privilege Vulnerability | ||||
| CVE-2025-21088 | 2025-01-15 | 6.5 Medium | ||
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input. | ||||
| CVE-2025-22997 | 2025-01-15 | N/A | ||
| A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | ||||
| CVE-2025-21229 | 2025-01-15 | 6.6 Medium | ||
| Windows Digital Media Elevation of Privilege Vulnerability | ||||
| CVE-2025-21189 | 2025-01-15 | 4.3 Medium | ||
| MapUrlToZone Security Feature Bypass Vulnerability | ||||
| CVE-2025-21273 | 2025-01-15 | 8.8 High | ||
| Windows Telephony Service Remote Code Execution Vulnerability | ||||