Total
277667 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43176 | 1 Ibm | 1 Openpages | 2025-01-09 | 5.4 Medium |
| IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. | ||||
| CVE-2024-40765 | 2025-01-09 | 9.8 Critical | ||
| An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | ||||
| CVE-2024-40762 | 2025-01-09 | 9.8 Critical | ||
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass. | ||||
| CVE-2024-12805 | 2025-01-09 | 9.8 Critical | ||
| A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. | ||||
| CVE-2024-12803 | 2025-01-09 | 9.8 Critical | ||
| A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. | ||||
| CVE-2024-12802 | 2025-01-09 | 9.1 Critical | ||
| SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name. | ||||
| CVE-2024-12717 | 2025-01-09 | 4.8 Medium | ||
| The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12605 | 2025-01-09 | 4.3 Medium | ||
| The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the "al_scribe_content_data" actions. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-38729 | 1 Ibm | 2 Db2, Db2 Connect Server | 2025-01-09 | 6.8 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. | ||||
| CVE-2023-28164 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-01-09 | 6.5 Medium |
| Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | ||||
| CVE-2023-1907 | 2025-01-09 | 8 High | ||
| A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously. | ||||
| CVE-2022-22491 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2025-01-09 | 5.5 Medium |
| IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted. | ||||
| CVE-2023-23720 | 1 Skeepers | 1 Verified Reviews \(avis Verifies\) | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetReviews SAS Verified Reviews (Avis Vérifiés) plugin <= 2.3.13 versions. | ||||
| CVE-2023-23709 | 1 Wpjam Basic Project | 1 Wpjam Basic | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Denis WPJAM Basic plugin <= 6.2.1 versions. | ||||
| CVE-2023-23703 | 1 Tychesoftwares | 1 Arconix Shortcodes | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Arconix Shortcodes plugin <= 2.1.7 versions. | ||||
| CVE-2023-29439 | 1 Fooplugins | 1 Foogallery | 2025-01-09 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions. | ||||
| CVE-2023-30868 | 1 Cms Tree Page View Project | 1 Cms Tree Page View | 2025-01-09 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plugin <= 1.6.7 versions. | ||||
| CVE-2023-31233 | 1 Baidu Tongji Generator Project | 1 Baidu Tongji Generator | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <= 1.0.2 versions. | ||||
| CVE-2023-32515 | 1 Custom Field Suite Project | 1 Custom Field Suite | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <= 2.6.2.1 versions. | ||||
| CVE-2023-30780 | 1 Theguidex | 1 User Ip And Location | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TheGuideX User IP and Location plugin <= 2.2 versions. | ||||