Total
277558 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21305 | 2025-01-15 | 8.8 High | ||
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-23052 | 2025-01-15 | 7.2 High | ||
| Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-23366 | 1 Redhat | 3 Jboss Data Grid, Jboss Enterprise Application Platform, Jbosseapxp | 2025-01-15 | 6.5 Medium |
| A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”. | ||||
| CVE-2025-21234 | 2025-01-15 | 7.8 High | ||
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | ||||
| CVE-2025-21235 | 2025-01-15 | 7.8 High | ||
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | ||||
| CVE-2025-21236 | 2025-01-15 | 8.8 High | ||
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2024-57649 | 2025-01-15 | 7.5 High | ||
| An issue in the qst_vec_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2025-21237 | 2025-01-15 | 8.8 High | ||
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21268 | 2025-01-15 | 4.3 Medium | ||
| MapUrlToZone Security Feature Bypass Vulnerability | ||||
| CVE-2025-21269 | 2025-01-15 | 4.3 Medium | ||
| Windows HTML Platforms Security Feature Bypass Vulnerability | ||||
| CVE-2025-21314 | 2025-01-15 | 6.5 Medium | ||
| Windows SmartScreen Spoofing Vulnerability | ||||
| CVE-2025-21315 | 2025-01-15 | 7.8 High | ||
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2025-21316 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21318 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21319 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21320 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21321 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2024-49375 | 2025-01-15 | 9.1 Critical | ||
| Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on the Rasa instance eg with `--enable-api`. This is not the default configuration. 2. For unauthenticated RCE to be exploitable, the user must not have configured any authentication or other security controls recommended in our documentation. 3. For authenticated RCE, the attacker must posses a valid authentication token or JWT to interact with the Rasa API. This issue has been addressed in rasa version 3.6.21 and all users are advised to upgrade. Users unable to upgrade should ensure that they require authentication and that only trusted users are given access. | ||||
| CVE-2025-21327 | 2025-01-15 | 6.6 Medium | ||
| Windows Digital Media Elevation of Privilege Vulnerability | ||||
| CVE-2025-21232 | 2025-01-15 | 6.6 Medium | ||
| Windows Digital Media Elevation of Privilege Vulnerability | ||||