Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21402 | 1 Microsoft | 2 Office, Onenote | 2025-01-27 | N/A | 7.8 HIGH |
|
Microsoft Office OneNote Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21403 | 1 Microsoft | 1 On-prem Data Gateway | 2025-01-27 | N/A | 6.4 MEDIUM |
|
On-Premises Data Gateway Information Disclosure Vulnerability
|
|||||
| CVE-2024-30258 | 1 Eprosima | 1 Fast Dds | 2025-01-27 | N/A | 8.2 HIGH |
|
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.
|
|||||
| CVE-2023-20880 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-01-27 | N/A | 6.7 MEDIUM |
|
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
|
|||||
| CVE-2023-20877 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2025-01-27 | N/A | 8.8 HIGH |
|
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
|
|||||
| CVE-2024-35171 | 1 Kodezen | 1 Academy Lms | 2025-01-27 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25.
|
|||||
| CVE-2024-28226 | 1 Openatom | 1 Openharmony | 2025-01-27 | N/A | 8.1 HIGH |
|
in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input.
|
|||||
| CVE-2024-0616 | 1 Wpchill | 1 Passster | 2025-01-27 | N/A | 5.3 MEDIUM |
|
The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages.
|
|||||
| CVE-2024-0620 | 1 Passwordprotectwp | 1 Password Protect Wordpress | 2025-01-27 | N/A | 5.3 MEDIUM |
|
The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for password-protected posts.
|
|||||
| CVE-2023-31442 | 1 Lightbend | 2 Akka Actor, Akka Discovery | 2025-01-27 | N/A | 7.5 HIGH |
|
In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not validate (e.g., via TLS) the authenticity of the discovered service, this may result in exfiltration of application data (e.g., persistence events may be published to an unintended Kafka broker). If suc ...
Show More |
|||||
| CVE-2023-27238 | 1 Lavalite | 1 Lavalite | 2025-01-27 | N/A | 9.8 CRITICAL |
|
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.
|
|||||
| CVE-2023-20879 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2025-01-27 | N/A | 6.7 MEDIUM |
|
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
|
|||||
| CVE-2022-47129 | 1 Phpok | 1 Phpok | 2025-01-27 | N/A | 9.8 CRITICAL |
|
PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.
|
|||||
| CVE-2024-10360 | 1 Moveaddons | 1 Move Addons For Elementor | 2025-01-27 | N/A | 4.3 MEDIUM |
|
The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
|
|||||
| CVE-2023-35888 | 1 Ibm | 1 Security Verify Governance | 2025-01-27 | N/A | 5.9 MEDIUM |
|
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375.
|
|||||
| CVE-2025-21287 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 7.8 HIGH |
|
Windows Installer Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21286 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21285 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 7.5 HIGH |
|
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
|
|||||
| CVE-2025-21252 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21251 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 7.5 HIGH |
|
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
|
|||||
| CVE-2025-21250 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21249 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 6.6 MEDIUM |
|
Windows Digital Media Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21246 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21248 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21245 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21244 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21243 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21242 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 5.9 MEDIUM |
|
Windows Kerberos Information Disclosure Vulnerability
|
|||||
| CVE-2025-21241 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21239 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21240 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21238 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21236 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21233 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21234 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-01-24 | N/A | 7.8 HIGH |
|
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21235 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-01-24 | N/A | 7.8 HIGH |
|
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21232 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 6.6 MEDIUM |
|
Windows Digital Media Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21312 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-24 | N/A | 2.4 LOW |
|
Windows Smart Card Reader Information Disclosure Vulnerability
|
|||||
| CVE-2025-21311 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-01-24 | N/A | 9.8 CRITICAL |
|
Windows NTLM V1 Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21310 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 6.6 MEDIUM |
|
Windows Digital Media Elevation of Privilege Vulnerability
|
|||||