Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3872 | 1 Mattermost | 1 Mattermost Mobile | 2025-01-21 | N/A | 6.5 MEDIUM |
| Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link. | |||||
| CVE-2024-34717 | 1 Prestashop | 1 Prestashop | 2025-01-21 | N/A | 5.3 MEDIUM |
| PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available. | |||||
| CVE-2024-2966 | 1 Bdthemes | 1 Element Pack | 2025-01-21 | N/A | 7.5 HIGH |
| The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the element_pack_ajax_search function. This makes it possible for unauthenticated attackers to extract sensitive data including password protected post details. | |||||
| CVE-2023-23299 | 1 Garmin | 1 Connect-iq | 2025-01-21 | N/A | 7.5 HIGH |
| The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others. | |||||
| CVE-2024-4196 | 1 Avaya | 1 Ip Office | 2025-01-21 | N/A | 9.8 CRITICAL |
| An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1. | |||||
| CVE-2024-0917 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-01-19 | N/A | 9.8 CRITICAL |
| remote code execution in paddlepaddle/paddle 2.6.0 | |||||
| CVE-2024-1218 | 1 Kaliforms | 1 Contact Form Builder | 2025-01-19 | N/A | 5.4 MEDIUM |
| The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries. | |||||
| CVE-2024-1217 | 1 Kaliforms | 1 Contact Form Builder | 2025-01-19 | N/A | 4.3 MEDIUM |
| The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins. | |||||
| CVE-2024-44092 | 1 Google | 1 Android | 2025-01-17 | N/A | 7.8 HIGH |
| There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-21360 | 1 Microsoft | 1 Autoupdate | 2025-01-17 | N/A | 7.8 HIGH |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | |||||
| CVE-2025-21361 | 1 Microsoft | 2 Office, Outlook | 2025-01-17 | N/A | 7.8 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2024-21409 | 1 Microsoft | 16 .net, .net Framework, Powershell and 13 more | 2025-01-17 | N/A | N/A |
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-28390 | 1 Icom | 4 Sr-7100vn, Sr-7100vn\#31, Sr-7100vn\#31 Firmware and 1 more | 2025-01-17 | N/A | 6.8 MEDIUM |
| Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed. | |||||
| CVE-2023-52712 | 1 Huawei | 2 Curiem-wfg9b, Curiem-wfg9b Firmware | 2025-01-17 | N/A | 7.8 HIGH |
| Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM | |||||
| CVE-2024-54101 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-17 | N/A | 5.5 MEDIUM |
| Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-25915 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-01-17 | N/A | 8.8 HIGH |
| Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system. | |||||
| CVE-2023-31994 | 1 Hanwhavision | 860 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 857 more | 2025-01-17 | N/A | 5.3 MEDIUM |
| Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02. | |||||
| CVE-2024-1638 | 1 Zephyrproject | 1 Zephyr | 2025-01-17 | N/A | 9.1 CRITICAL |
| The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read. | |||||
| CVE-2023-28015 | 1 Hcl | 1 Domino Appdev Pack | 2025-01-17 | N/A | 5.3 MEDIUM |
| The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users. | |||||
| CVE-2022-24806 | 4 Debian, Fedoraproject, Net-snmp and 1 more | 15 Debian Linux, Fedora, Net-snmp and 12 more | 2025-01-17 | N/A | 5.3 MEDIUM |
| net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | |||||