Total
276814 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55224 | 2025-01-10 | 9.6 Critical | ||
| An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message. | ||||
| CVE-2024-54687 | 2025-01-10 | N/A | ||
| Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php. | ||||
| CVE-2024-46464 | 2025-01-10 | 7.8 High | ||
| In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege. | ||||
| CVE-2024-42898 | 2025-01-10 | 5.4 Medium | ||
| A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. | ||||
| CVE-2024-13304 | 2025-01-10 | 4.5 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS allows Cross Site Request Forgery.This issue affects Minify JS: from 0.0.0 before 3.0.3. | ||||
| CVE-2024-13303 | 2025-01-10 | 5.3 Medium | ||
| Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2. | ||||
| CVE-2021-47437 | 1 Linux | 1 Linux Kernel | 2025-01-10 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: iio: adis16475: fix deadlock on frequency set With commit 39c024b51b560 ("iio: adis16475: improve sync scale mode handling"), two deadlocks were introduced: 1) The call to 'adis_write_reg_16()' was not changed to it's unlocked version. 2) The lock was not being released on the success path of the function. This change fixes both these issues. | ||||
| CVE-2024-13302 | 2025-01-10 | 5.3 Medium | ||
| Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.This issue affects Pages Restriction Access: from 2.0.0 before 2.0.3. | ||||
| CVE-2024-13297 | 2025-01-10 | 6.6 Medium | ||
| Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X-* before 7.X-1.15. | ||||
| CVE-2024-13296 | 2025-01-10 | 6.6 Medium | ||
| Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1. | ||||
| CVE-2024-13242 | 2025-01-10 | 9.1 Critical | ||
| Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*. | ||||
| CVE-2024-13241 | 2025-01-10 | 9.1 Critical | ||
| Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5. | ||||
| CVE-2024-13240 | 2025-01-10 | 7.5 High | ||
| Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05. | ||||
| CVE-2024-13239 | 2025-01-10 | 9.8 Critical | ||
| Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. | ||||
| CVE-2023-2470 | 1 Add To Feedly Project | 1 Add To Feedly | 2025-01-10 | 4.8 Medium |
| The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2023-2296 | 1 Loginizer | 1 Loginizer | 2025-01-10 | 6.1 Medium |
| The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-2256 | 1 Themeisle | 1 Product Addons \& Fields For Woocommerce | 2025-01-10 | 6.1 Medium |
| The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting. | ||||
| CVE-2023-2223 | 1 12net | 1 Login Rebuilder | 2025-01-10 | 4.8 Medium |
| The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-28354 | 2025-01-10 | 9.8 Critical | ||
| An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT_AUTHORITY\SYSTEM. | ||||
| CVE-2023-25731 | 1 Mozilla | 1 Firefox | 2025-01-10 | 8.8 High |
| Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110. | ||||