Total
277464 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2115 | 1 Thimpress | 1 Learnpress | 2025-01-08 | 8.8 High |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filter_users functions. This makes it possible for unauthenticated attackers to elevate their privileges to that of a teacher via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-25780 | 1 Status | 1 Powerbpm | 2025-01-08 | 5.7 Medium |
| It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence. | ||||
| CVE-2023-28698 | 1 Wddgroup | 1 Fantsy | 2025-01-08 | 9.8 Critical |
| Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service. | ||||
| CVE-2023-28699 | 1 Wddgroup | 1 Fantasy | 2025-01-08 | 8.8 High |
| Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service. | ||||
| CVE-2023-28700 | 1 Itpison | 1 Omicard Edm | 2025-01-08 | 6.8 Medium |
| OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | ||||
| CVE-2023-3033 | 1 Mobatime | 1 Mobatime Web Application | 2025-01-08 | 6.8 Medium |
| Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22. | ||||
| CVE-2021-47007 | 1 Linux | 1 Linux Kernel | 2025-01-08 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fs_resize_fs() f2fs_resize_fs() hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at segment.c:2484! Call Trace: allocate_segment_by_default+0x92/0xf0 [f2fs] f2fs_allocate_data_block+0x44b/0x7e0 [f2fs] do_write_page+0x5a/0x110 [f2fs] f2fs_outplace_write_data+0x55/0x100 [f2fs] f2fs_do_write_data_page+0x392/0x850 [f2fs] move_data_page+0x233/0x320 [f2fs] do_garbage_collect+0x14d9/0x1660 [f2fs] free_segment_range+0x1f7/0x310 [f2fs] f2fs_resize_fs+0x118/0x330 [f2fs] __f2fs_ioctl+0x487/0x3680 [f2fs] __x64_sys_ioctl+0x8e/0xd0 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The root cause is we forgot to check that whether we have enough space in resized filesystem to store all valid blocks in before-resizing filesystem, then allocator will run out-of-space during block migration in free_segment_range(). | ||||
| CVE-2023-3031 | 1 Webbax | 1 King-avis | 2025-01-08 | 4.9 Medium |
| Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15. | ||||
| CVE-2024-30054 | 1 Microsoft | 1 Powerbi-javascript | 2025-01-08 | 6.5 Medium |
| Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability | ||||
| CVE-2023-3058 | 1 07fly | 1 Customer Relationship Management | 2025-01-08 | 3.5 Low |
| A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560. | ||||
| CVE-2023-34094 | 1 Chuanhuchatgpt Project | 1 Chuanhuchatgpt | 2025-01-08 | 7.5 High |
| ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can exploit this vulnerability to steal the API keys in the configuration file. The vulnerability has been fixed in commit bfac445. As a workaround, setting up access authentication can help mitigate the vulnerability. | ||||
| CVE-2023-2687 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-08 | 2.9 Low |
| Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. | ||||
| CVE-2025-0218 | 2025-01-08 | 5.5 Medium | ||
| When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks. | ||||
| CVE-2023-3044 | 1 Xpdfreader | 1 Xpdf | 2025-01-08 | 3.3 Low |
| An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. | ||||
| CVE-2024-2735 | 1 Bold-themes | 1 Bold Page Builder | 2025-01-08 | 6.4 Medium |
| The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Price List' element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2734 | 1 Bold-themes | 1 Bold Page Builder | 2025-01-08 | 6.4 Medium |
| The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2733 | 1 Bold-themes | 1 Bold Page Builder | 2025-01-08 | 5.4 Medium |
| The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-1297 | 1 Hashicorp | 1 Consul | 2025-01-08 | 4.9 Medium |
| Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3 | ||||
| CVE-2023-3084 | 1 Teampass | 1 Teampass | 2025-01-08 | 8.1 High |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-24510 | 1 Arista | 97 7010t, 7010t-48, 7010tx-48 and 94 more | 2025-01-08 | 7.5 High |
| On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. | ||||