Total
276690 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24568 | 1 Dell | 1 Networker | 2025-01-10 | 5 Medium |
| Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates. | ||||
| CVE-2025-0212 | 1 Campcodes | 1 Student Grading System | 2025-01-10 | 6.3 Medium |
| A vulnerability was found in Campcodes Student Grading System 1.0. It has been classified as critical. This affects an unknown part of the file /view_students.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-29094 | 1 Piwebsolution | 1 Product Page Shipping Calculator For Woocommerce | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.20 versions. | ||||
| CVE-2023-23799 | 1 Easy Panorama Project | 1 Easy Panorama | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin <= 1.1.4 versions. | ||||
| CVE-2023-27620 | 1 Robogallery | 1 Robo Gallery | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions. | ||||
| CVE-2023-28792 | 1 I13websolution | 1 Continuous Image Carosel With Lightbox | 2025-01-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions. | ||||
| CVE-2023-29172 | 1 Wp-property-hive | 1 Propertyhive | 2025-01-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions. | ||||
| CVE-2023-29170 | 1 Piwebsolution | 1 Product Enquiry For Woocommerce | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions. | ||||
| CVE-2023-29388 | 1 Implecode | 1 Product Catalog Simple | 2025-01-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions. | ||||
| CVE-2025-0213 | 1 Campcodes | 1 Project Management System | 2025-01-10 | 6.3 Medium |
| A vulnerability was found in Campcodes Project Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forms/update_forms.php?action=change_pic2&id=4. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-45358 | 1 Colorlib | 1 Activello | 2025-01-10 | 5.4 Medium |
| Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions. | ||||
| CVE-2023-27610 | 1 Transbank | 1 Transbank Webpay Rest | 2025-01-10 | 5.5 Medium |
| Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelopers Transbank Webpay REST plugin <= 1.6.6 versions. | ||||
| CVE-2023-30474 | 1 Ultimate Noindex Nofollow Tool Ii Project | 1 Ultimate Noindex Nofollow Tool Ii | 2025-01-10 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultimate Noindex Nofollow Tool II plugin <= 1.3 versions. | ||||
| CVE-2023-22687 | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup Project | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup | 2025-01-10 | 3.7 Low |
| Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin <= 1.9.4.0 versions. | ||||
| CVE-2022-43480 | 1 Magneticlab | 1 Homepage Pop-up | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | ||||
| CVE-2022-43458 | 1 Codetides | 1 Advanced Floating Content | 2025-01-10 | 4.1 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Code Tides Advanced Floating Content plugin <= 1.2.1 versions. | ||||
| CVE-2024-56786 | 1 Linux | 1 Linux Kernel | 2025-01-10 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: bpf: put bpf_link's program when link is safe to be deallocated In general, BPF link's underlying BPF program should be considered to be reachable through attach hook -> link -> prog chain, and, pessimistically, we have to assume that as long as link's memory is not safe to free, attach hook's code might hold a pointer to BPF program and use it. As such, it's not (generally) correct to put link's program early before waiting for RCU GPs to go through. More eager bpf_prog_put() that we currently do is mostly correct due to BPF program's release code doing similar RCU GP waiting, but as will be shown in the following patches, BPF program can be non-sleepable (and, thus, reliant on only "classic" RCU GP), while BPF link's attach hook can have sleepable semantics and needs to be protected by RCU Tasks Trace, and for such cases BPF link has to go through RCU Tasks Trace + "classic" RCU GPs before being deallocated. And so, if we put BPF program early, we might free BPF program before we free BPF link, leading to use-after-free situation. So, this patch defers bpf_prog_put() until we are ready to perform bpf_link's deallocation. At worst, this delays BPF program freeing by one extra RCU GP, but that seems completely acceptable. Alternatively, we'd need more elaborate ways to determine BPF hook, BPF link, and BPF program lifetimes, and how they relate to each other, which seems like an unnecessary complication. Note, for most BPF links we still will perform eager bpf_prog_put() and link dealloc, so for those BPF links there are no observable changes whatsoever. Only BPF links that use deferred dealloc might notice slightly delayed freeing of BPF programs. Also, to reduce code and logic duplication, extract program put + link dealloc logic into bpf_link_dealloc() helper. | ||||
| CVE-2023-2972 | 1 Antfu | 1 Utils | 2025-01-10 | 9.8 Critical |
| Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3. | ||||
| CVE-2022-44734 | 1 Bestwebsoft | 1 Car Rental | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Car Rental by BestWebSoft plugin <= 1.1.2 versions. | ||||
| CVE-2022-45849 | 1 Colorlib | 1 Activello Theme | 2025-01-10 | 5.4 Medium |
| Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions. | ||||