Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23299 | 1 Garmin | 1 Connect-iq | 2025-01-21 | N/A | 7.5 HIGH |
|
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.
|
|||||
| CVE-2024-0917 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-01-19 | N/A | 9.8 CRITICAL |
|
remote code execution in paddlepaddle/paddle 2.6.0
|
|||||
| CVE-2024-1218 | 1 Kaliforms | 1 Contact Form Builder | 2025-01-19 | N/A | 4.3 MEDIUM |
|
The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.
|
|||||
| CVE-2024-1217 | 1 Kaliforms | 1 Contact Form Builder | 2025-01-19 | N/A | 7.6 HIGH |
|
The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins.
|
|||||
| CVE-2025-21360 | 1 Microsoft | 1 Autoupdate | 2025-01-17 | N/A | 7.8 HIGH |
|
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21361 | 1 Microsoft | 2 Office, Outlook | 2025-01-17 | N/A | 7.8 HIGH |
|
Microsoft Outlook Remote Code Execution Vulnerability
|
|||||
| CVE-2024-21409 | 1 Microsoft | 16 .net, .net Framework, Powershell and 13 more | 2025-01-17 | N/A | 7.3 HIGH |
|
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
|
|||||
| CVE-2023-28390 | 1 Icom | 4 Sr-7100vn, Sr-7100vn\#31, Sr-7100vn\#31 Firmware and 1 more | 2025-01-17 | N/A | 6.8 MEDIUM |
|
Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed.
|
|||||
| CVE-2023-52712 | 1 Huawei | 2 Curiem-wfg9b, Curiem-wfg9b Firmware | 2025-01-17 | N/A | 7.8 HIGH |
|
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM
|
|||||
| CVE-2024-54101 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-17 | N/A | 6.2 MEDIUM |
|
Denial of service (DoS) vulnerability in the installation module
Impact: Successful exploitation of this vulnerability will affect availability.
|
|||||
| CVE-2023-25915 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-01-17 | N/A | 9.9 CRITICAL |
|
Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system.
|
|||||
| CVE-2023-31994 | 1 Hanwhavision | 860 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 857 more | 2025-01-17 | N/A | 5.3 MEDIUM |
|
Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02.
|
|||||
| CVE-2024-1638 | 1 Zephyrproject | 1 Zephyr | 2025-01-17 | N/A | 8.2 HIGH |
|
The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional ...
Show More |
|||||
| CVE-2023-28015 | 1 Hcl | 1 Domino Appdev Pack | 2025-01-17 | N/A | 5.3 MEDIUM |
|
The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users.
|
|||||
| CVE-2022-24806 | 4 Debian, Fedoraproject, Net-snmp and 1 more | 15 Debian Linux, Fedora, Net-snmp and 12 more | 2025-01-17 | N/A | 6.5 MEDIUM |
|
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting acc ...
Show More |
|||||
| CVE-2024-30055 | 1 Microsoft | 1 Edge Chromium | 2025-01-17 | N/A | 5.4 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2024-29991 | 1 Microsoft | 1 Edge Chromium | 2025-01-17 | N/A | 5.0 MEDIUM |
|
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-29987 | 1 Microsoft | 1 Edge Chromium | 2025-01-17 | N/A | 6.5 MEDIUM |
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2024-29986 | 2 Google, Microsoft | 2 Android, Edge Chromium | 2025-01-17 | N/A | 5.4 MEDIUM |
|
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2025-21405 | 1 Microsoft | 1 Visual Studio 2022 | 2025-01-17 | N/A | 7.3 HIGH |
|
Visual Studio Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21393 | 1 Microsoft | 1 Sharepoint Server | 2025-01-17 | N/A | 6.3 MEDIUM |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2025-21378 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-17 | N/A | 7.8 HIGH |
|
Windows CSC Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21382 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-01-17 | N/A | 7.8 HIGH |
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-28235 | 1 Contao | 1 Contao | 2025-01-17 | N/A | 8.3 HIGH |
|
Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages.
|
|||||
| CVE-2025-21372 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-01-17 | N/A | 7.8 HIGH |
|
Microsoft Brokering File System Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21370 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 | 2025-01-17 | N/A | 7.8 HIGH |
|
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-49142 | 1 Microsoft | 4 365 Apps, Access, Office and 1 more | 2025-01-17 | N/A | 7.8 HIGH |
|
Microsoft Access Remote Code Execution Vulnerability
|
|||||
| CVE-2024-12008 | 1 Boldgrid | 1 W3 Total Cache | 2025-01-16 | N/A | 5.3 MEDIUM |
|
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks.
Note: the debug feature must be enabled for this to be a concern, and it is disabled by default.
|
|||||
| CVE-2025-21417 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-16 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21413 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-16 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21411 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-16 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21409 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-16 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2024-26149 | 1 Vyperlang | 1 Vyper | 2025-01-16 | N/A | 3.7 LOW |
|
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions.
|
|||||
| CVE-2024-30038 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-16 | N/A | 7.8 HIGH |
|
Win32k Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-30009 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-16 | N/A | 8.8 HIGH |
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-30008 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-16 | N/A | 5.5 MEDIUM |
|
Windows DWM Core Library Information Disclosure Vulnerability
|
|||||
| CVE-2024-30007 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-01-16 | N/A | 8.8 HIGH |
|
Microsoft Brokering File System Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-29996 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-16 | N/A | 7.8 HIGH |
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-30006 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-16 | N/A | 8.8 HIGH |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-29994 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-16 | N/A | 7.8 HIGH |
|
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
|
|||||