Total
277647 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21310 | 2025-01-15 | 6.6 Medium | ||
| Windows Digital Media Elevation of Privilege Vulnerability | ||||
| CVE-2025-21312 | 2025-01-15 | 2.4 Low | ||
| Windows Smart Card Reader Information Disclosure Vulnerability | ||||
| CVE-2025-0487 | 2025-01-15 | 6.3 Medium | ||
| A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/cat_edit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0486 | 2025-01-15 | 7.3 High | ||
| A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fladmin/login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-21514 | 1 Samsung | 1 Galaxy Store | 2025-01-15 | 7.5 High |
| Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||
| CVE-2024-4397 | 1 Thimpress | 1 Learnpress | 2025-01-15 | 8.8 High |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-1320 | 1 Metagauss | 1 Eventprime | 2025-01-15 | 6.5 Medium |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-1125 | 1 Metagauss | 1 Eventprime | 2025-01-15 | 6.5 Medium |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts. | ||||
| CVE-2024-1124 | 1 Metagauss | 1 Eventprime | 2025-01-15 | 4.3 Medium |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary emails with arbitrary content from the site. | ||||
| CVE-2025-0488 | 2025-01-15 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0482 | 2025-01-15 | 7.3 High | ||
| A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-57226 | 2025-01-15 | 8 High | ||
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. | ||||
| CVE-2024-57211 | 2025-01-15 | 8 High | ||
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function. | ||||
| CVE-2024-54887 | 2025-01-15 | 8 High | ||
| TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user. | ||||
| CVE-2024-48126 | 2025-01-15 | N/A | ||
| HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access. | ||||
| CVE-2024-48125 | 2025-01-15 | N/A | ||
| An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests. | ||||
| CVE-2024-48123 | 2025-01-15 | N/A | ||
| An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device. | ||||
| CVE-2024-48122 | 2025-01-15 | N/A | ||
| Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges. | ||||
| CVE-2024-48121 | 2025-01-15 | N/A | ||
| The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. This allows attackers to possibly gain access to sensitive information via a man-in-the-middle attack. | ||||
| CVE-2023-33255 | 1 Uthscsa | 1 Papaya Viewer | 2025-01-15 | 6.1 Medium |
| An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application. | ||||