Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21282 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-27 | N/A | N/A |
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2025-21284 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-27 | N/A | N/A |
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability | |||||
| CVE-2025-21402 | 1 Microsoft | 2 Office, Onenote | 2025-01-27 | N/A | 7.8 HIGH |
| Microsoft Office OneNote Remote Code Execution Vulnerability | |||||
| CVE-2025-21314 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-01-27 | N/A | N/A |
| Windows SmartScreen Spoofing Vulnerability | |||||
| CVE-2024-30258 | 1 Eprosima | 1 Fast Dds | 2025-01-27 | N/A | 7.5 HIGH |
| FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue. | |||||
| CVE-2023-20880 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-01-27 | N/A | 6.7 MEDIUM |
| VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | |||||
| CVE-2023-20877 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2025-01-27 | N/A | 8.8 HIGH |
| VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. | |||||
| CVE-2023-42929 | 1 Apple | 1 Macos | 2025-01-27 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data. | |||||
| CVE-2024-35171 | 1 Kodezen | 1 Academy Lms | 2025-01-27 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25. | |||||
| CVE-2024-28226 | 1 Openatom | 1 Openharmony | 2025-01-27 | N/A | 7.5 HIGH |
| in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input. | |||||
| CVE-2024-0616 | 1 Wpchill | 1 Passster | 2025-01-27 | N/A | 5.3 MEDIUM |
| The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages. | |||||
| CVE-2024-0620 | 1 Passwordprotectwp | 1 Password Protect Wordpress | 2025-01-27 | N/A | 5.3 MEDIUM |
| The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for password-protected posts. | |||||
| CVE-2023-32668 | 3 Luatex Project, Miktex, Tug | 3 Luatex, Miktex, Tex Live | 2025-01-27 | N/A | 5.5 MEDIUM |
| LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. | |||||
| CVE-2023-27238 | 1 Lavalite | 1 Lavalite | 2025-01-27 | N/A | 9.8 CRITICAL |
| LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. | |||||
| CVE-2023-31442 | 1 Lightbend | 2 Akka Actor, Akka Discovery | 2025-01-27 | N/A | 7.5 HIGH |
| In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not validate (e.g., via TLS) the authenticity of the discovered service, this may result in exfiltration of application data (e.g., persistence events may be published to an unintended Kafka broker). If such validation is performed, then the poisoning constitutes a denial of access to the intended service. This affects Akka 2.5.14 through 2.8.0, and Akka Discovery through 2.8.0. | |||||
| CVE-2022-47129 | 1 Phpok | 1 Phpok | 2025-01-27 | N/A | 9.8 CRITICAL |
| PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. | |||||
| CVE-2023-20879 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2025-01-27 | N/A | 6.7 MEDIUM |
| VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. | |||||
| CVE-2024-10360 | 1 Moveaddons | 1 Move Addons For Elementor | 2025-01-27 | N/A | 4.3 MEDIUM |
| The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | |||||
| CVE-2023-35888 | 1 Ibm | 1 Security Verify Governance | 2025-01-27 | N/A | 5.9 MEDIUM |
| IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. | |||||
| CVE-2025-21286 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | N/A |
| Windows Telephony Service Remote Code Execution Vulnerability | |||||