Total
30655 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11868 | 1 Thimpress | 1 Learnpress | 2025-01-14 | 5.3 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material. | ||||
| CVE-2023-33440 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2025-01-14 | 7.2 High |
| Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. | ||||
| CVE-2024-28923 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-14 | 6.4 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-28924 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-14 | 6.7 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-28925 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-14 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-28931 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | 8.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28941 | 1 Microsoft | 3 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-14 | 8.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28938 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | 8.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28937 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | 8.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28936 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | 8.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28935 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | 8.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28934 | 1 Microsoft | 6 Odbc Driver For Sql Server, Sql Server, Sql Server 2019 and 3 more | 2025-01-14 | 8.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28933 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | 8.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28932 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | 8.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28930 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | 8.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28929 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | 8.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2023-33779 | 1 Xuxueli | 1 Xxl-job | 2025-01-14 | 8.8 High |
| A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/. | ||||
| CVE-2023-32681 | 3 Fedoraproject, Python, Redhat | 8 Fedora, Requests, Ansible Automation Platform and 5 more | 2025-01-14 | 6.1 Medium |
| Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. | ||||
| CVE-2017-9553 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. | ||||
| CVE-2022-22680 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 5.3 Medium |
| Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||