Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22360 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905.
|
|||||
| CVE-2023-52296 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.3 MEDIUM |
|
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547.
|
|||||
| CVE-2023-31444 | 1 Talend | 1 Studio | 2025-01-31 | N/A | 7.5 HIGH |
|
In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.
|
|||||
| CVE-2024-46665 | 1 Fortinet | 1 Fortios | 2025-01-31 | N/A | 3.7 LOW |
|
An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.
|
|||||
| CVE-2023-38729 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2025-01-31 | N/A | 6.8 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.
|
|||||
| CVE-2024-2427 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2025-01-31 | N/A | 7.5 HIGH |
|
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover.
|
|||||
| CVE-2024-2426 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2025-01-31 | N/A | 7.5 HIGH |
|
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it.
|
|||||
| CVE-2024-2425 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2025-01-31 | N/A | 7.5 HIGH |
|
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it.
|
|||||
| CVE-2024-24789 | 1 Golang | 1 Go | 2025-01-31 | N/A | 5.5 MEDIUM |
|
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
|
|||||
| CVE-2023-31670 | 1 Webassembly | 1 Webassembly Binary Toolkit | 2025-01-31 | N/A | 7.5 HIGH |
|
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.
|
|||||
| CVE-2023-30506 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-01-31 | N/A | 7.2 HIGH |
|
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
|
|||||
| CVE-2024-27254 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2025-01-31 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.
|
|||||
| CVE-2024-52555 | 1 Jetbrains | 1 Webstorm | 2025-01-31 | N/A | 6.3 MEDIUM |
|
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
|
|||||
| CVE-2023-31458 | 1 Mitel | 1 Mivoice Connect | 2025-01-31 | N/A | 9.8 CRITICAL |
|
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.
|
|||||
| CVE-2023-31457 | 1 Mitel | 1 Mivoice Connect | 2025-01-31 | N/A | 9.8 CRITICAL |
|
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
|
|||||
| CVE-2023-29746 | 1 Thethaiger | 1 The Thaiger | 2025-01-31 | N/A | 9.8 CRITICAL |
|
An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files.
|
|||||
| CVE-2023-23304 | 1 Garmin | 1 Connect-iq | 2025-01-31 | N/A | 9.1 CRITICAL |
|
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information.
|
|||||
| CVE-2023-21117 | 1 Google | 1 Android | 2025-01-31 | N/A | 7.8 HIGH |
|
In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263358101
|
|||||
| CVE-2024-1668 | 1 Theme-fusion | 1 Avada | 2025-01-31 | N/A | 6.5 MEDIUM |
|
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form's "password" field).
|
|||||
| CVE-2024-2340 | 1 Theme-fusion | 1 Avada | 2025-01-31 | N/A | 5.3 MEDIUM |
|
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.
|
|||||
| CVE-2023-30455 | 1 Ebankit | 1 Ebankit | 2025-01-30 | N/A | 7.5 HIGH |
|
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without throwing an error. When this many IDs are supplied, the server takes around 60 seconds to respond and successfully generate the expected ZIP archive (during this time period, no other pages load). A threat a ...
Show More |
|||||
| CVE-2023-1526 | 1 Hp | 15 Designjet Z6, Designjet Z6 Firmware, Designjet Z6dr and 12 more | 2025-01-30 | N/A | 4.6 MEDIUM |
|
Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.
|
|||||
| CVE-2017-11197 | 1 Cyberark | 1 Viewfinity | 2025-01-30 | N/A | 7.8 HIGH |
|
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.
|
|||||
| CVE-2023-29868 | 1 Zammad | 1 Zammad | 2025-01-30 | N/A | 6.5 MEDIUM |
|
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
|
|||||
| CVE-2023-29867 | 1 Zammad | 1 Zammad | 2025-01-30 | N/A | 6.5 MEDIUM |
|
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.
|
|||||
| CVE-2023-27108 | 1 Kaiostech | 1 Kaios | 2025-01-30 | N/A | 5.3 MEDIUM |
|
An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user's call logs to a remote server via XMLHttpRequest or Fetch.
|
|||||
| CVE-2023-26987 | 1 Konga Project | 1 Konga | 2025-01-30 | N/A | 6.5 MEDIUM |
|
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.
|
|||||
| CVE-2022-31643 | 1 Hp | 182 Dragonfly Folio G3, Dragonfly Folio G3 Firmware, Elite Dragonfly G2 and 179 more | 2025-01-30 | N/A | 5.5 MEDIUM |
|
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability.
|
|||||
| CVE-2024-8494 | 1 Elementor | 1 Website Builder | 2025-01-30 | N/A | 4.3 MEDIUM |
|
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of Private, Pending, and Draft Templates. The vulnerability was partially patched in version 3.24.4.
|
|||||
| CVE-2023-1204 | 1 Gitlab | 1 Gitlab | 2025-01-30 | N/A | 4.3 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.
|
|||||
| CVE-2022-47876 | 1 Jedox | 1 Jedox | 2025-01-30 | N/A | 8.8 HIGH |
|
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.
|
|||||
| CVE-2024-22429 | 1 Dell | 100 Edge Gateway 3000, Edge Gateway 3000 Firmware, Edge Gateway 5000 and 97 more | 2025-01-30 | N/A | 7.5 HIGH |
|
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
|
|||||
| CVE-2025-21237 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-29 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2024-30060 | 1 Microsoft | 1 Azure Monitor Agent | 2025-01-29 | N/A | 7.8 HIGH |
|
Azure Monitor Agent Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-37999 | 1 Hasthemes | 1 Ht Mega | 2025-01-29 | N/A | 9.8 CRITICAL |
|
Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.
|
|||||
| CVE-2023-31478 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2025-01-29 | N/A | 7.5 HIGH |
|
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.
|
|||||
| CVE-2023-31474 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2025-01-29 | N/A | 7.5 HIGH |
|
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.
|
|||||
| CVE-2023-29963 | 1 S-cms | 1 S-cms | 2025-01-29 | N/A | 7.2 HIGH |
|
S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.
|
|||||
| CVE-2023-27933 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-01-29 | N/A | 6.7 MEDIUM |
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app with root privileges may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2023-27932 | 2 Apple, Debian | 7 Ipados, Iphone Os, Macos and 4 more | 2025-01-29 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.
|
|||||