Patch Tuesday — February 2025

2025-02-11 · 877 CVEs

CVEs published or modified the week of 2025-02-11, partitioned by vendor.

Microsoft (75 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2025-21198Critical9.02025-02-11Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
CVE-2025-21410High8.82025-02-11Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-21407High8.82025-02-11Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21406High8.82025-02-11Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21371High8.82025-02-11Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21369High8.82025-02-11Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21368High8.82025-02-11Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21208High8.82025-02-11Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-21201High8.82025-02-11Windows Telephony Server Remote Code Execution Vulnerability
CVE-2025-21200High8.82025-02-11Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21190High8.82025-02-11Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21376High8.12025-02-11Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2025-21400High8.02025-02-11Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21420High7.82025-02-11Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
CVE-2025-21418High7.8KEV2025-02-11Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-21397High7.82025-02-11Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21394High7.82025-02-11Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21392High7.82025-02-11Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21390High7.82025-02-11Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21387High7.82025-02-11Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21386High7.82025-02-11Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21383High7.82025-02-11Microsoft Excel Information Disclosure Vulnerability
CVE-2025-21381High7.82025-02-11Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21375High7.82025-02-11Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2025-21373High7.82025-02-11Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21367High7.82025-02-11Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2025-21359High7.82025-02-11Windows Kernel Security Feature Bypass Vulnerability
CVE-2025-21358High7.82025-02-11Windows Core Messaging Elevation of Privileges Vulnerability
CVE-2025-21322High7.82025-02-11Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2025-21163High7.82025-02-11Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-21160High7.82025-02-11Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-21159High7.82025-02-11Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-21156High7.82025-02-11InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-21158High7.82025-02-11InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-21157High7.82025-02-11InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-21123High7.82025-02-11InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-21121High7.82025-02-11InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-25199High7.52025-02-12go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG).
CVE-2025-21351High7.52025-02-11Windows Active Directory Domain Services API Denial of Service Vulnerability
CVE-2025-21181High7.52025-02-11Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-0525High7.52025-02-11In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file.
CVE-2025-21183High7.42025-02-11Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-21182High7.42025-02-11Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-24042High7.32025-02-11Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
CVE-2025-24039High7.32025-02-11Visual Studio Code Elevation of Privilege Vulnerability
CVE-2025-21206High7.32025-02-11Visual Studio Installer Elevation of Privilege Vulnerability
CVE-2025-21419High7.12025-02-11Windows Setup Files Cleanup Elevation of Privilege Vulnerability
CVE-2025-21391High7.1KEV2025-02-11Windows Storage Elevation of Privilege Vulnerability
CVE-2025-21379High7.12025-02-11DHCP Client Service Remote Code Execution Vulnerability
CVE-2025-21194High7.12025-02-11Microsoft Surface Security Feature Bypass Vulnerability
CVE-2025-24036High7.02025-02-11Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2025-21414High7.02025-02-11Windows Core Messaging Elevation of Privileges Vulnerability
CVE-2025-21184High7.02025-02-11Windows Core Messaging Elevation of Privileges Vulnerability
CVE-2025-21349Medium6.82025-02-11Windows Remote Desktop Configuration Service Tampering Vulnerability
CVE-2025-21377Medium6.52025-02-11NTLM Hash Disclosure Spoofing Vulnerability
CVE-2025-21352Medium6.52025-02-11Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2025-21254Medium6.52025-02-11Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2025-21216Medium6.52025-02-11Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2025-21212Medium6.52025-02-11Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2025-21347Medium6.02025-02-11Windows Deployment Services Denial of Service Vulnerability
CVE-2025-21188Medium6.02025-02-11Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
CVE-2025-21350Medium5.92025-02-11Windows Kerberos Denial of Service Vulnerability
CVE-2025-21155Medium5.52025-02-11Substance3D - Stager versions 3.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2025-21126Medium5.52025-02-11InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service condition.
CVE-2025-21125Medium5.52025-02-11InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2025-21124Medium5.52025-02-11InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-25193Medium5.52025-02-10Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final.
CVE-2025-0526Medium5.42025-02-11In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint.
CVE-2025-0513Medium5.42025-02-11In affected versions of Octopus Server error messages were handled unsafely on the error page.
CVE-2025-21259Medium5.32025-02-11Microsoft Outlook Spoofing Vulnerability
CVE-2025-0589Medium5.32025-02-11In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associate…
CVE-2024-53880Medium4.92025-02-12NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable.
CVE-2025-0588Medium4.92025-02-11In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses.
CVE-2025-21179Medium4.82025-02-11DHCP Client Service Denial of Service Vulnerability
CVE-2025-21337Low3.32025-02-11Windows NTFS Elevation of Privilege Vulnerability

Other vendors (802 CVEs across 293 vendors)

N/a · 139 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-56973Critical9.82025-02-14Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.
CVE-2025-25389Critical9.82025-02-13A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
CVE-2025-25388Critical9.82025-02-13A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parameter.
CVE-2025-25343Critical9.82025-02-12Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.
CVE-2025-25351Critical9.82025-02-12PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.
CVE-2025-25349Critical9.82025-02-12PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter.
CVE-2025-25530Critical9.82025-02-11Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway 1.0 due to the lack of length verification, which is related to saving parental control configuration information.
CVE-2025-26156High8.82025-02-14A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter.
CVE-2024-57778High8.82025-02-14An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.
CVE-2024-34520High8.82025-02-12An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing th…
CVE-2024-37355High8.82025-02-12Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-46434High8.82025-02-10Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.
CVE-2024-46433High8.82025-02-10A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.
CVE-2024-46432High8.82025-02-10Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control.
CVE-2024-46429High8.82025-02-10A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.
CVE-2024-42512High8.62025-02-10Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.
CVE-2024-46436High8.32025-02-10Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.
CVE-2024-38310High8.22025-02-12Improper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43758High8.22025-02-12Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-31276High8.22025-02-12Heap-based buffer overflow in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board M50CYP and Intel(R) Server Board D50TNP bef…
CVE-2025-1094High8.12025-02-13Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns.
CVE-2025-22961High8.02025-02-13A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284).
CVE-2025-22960High8.02025-02-13A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters.
CVE-2024-46435High8.02025-02-10A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code.
CVE-2024-46431High8.02025-02-10Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow.
CVE-2024-54954High8.02025-02-10OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.
CVE-2024-32941High7.92025-02-12NULL pointer dereference for some Intel(R) MLC software before version v3.11b may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-48267High7.92025-02-12Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-33469High7.92025-02-11An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java.
CVE-2024-51440High7.82025-02-12An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component.
CVE-2024-39805High7.82025-02-12Insufficient verification of data authenticity in some Intel(R) DSA software before version 23.4.39 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-38307High7.72025-02-12Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow an authenticated user to potentially enable denial of service via network access.
CVE-2025-25901High7.52025-02-13A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm.
CVE-2025-25898High7.52025-02-13A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm.
CVE-2025-25897High7.52025-02-13A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm.
CVE-2024-51376High7.52025-02-12Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component.
CVE-2024-51123High7.52025-02-12An issue in Zertificon Z1 SecureMail Z1 SecureMail Gateway 4.44.2-7240-debian12 allows a remote attacker to obtain sensitive information via the /compose-pdf.xhtml?convid=[id] component.
CVE-2024-46923High7.52025-02-12An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400.
CVE-2024-46922High7.52025-02-12An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400.
CVE-2024-41917High7.52025-02-12Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-31155High7.52025-02-12Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-29214High7.52025-02-12Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-28127High7.52025-02-12Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-24582High7.52025-02-12Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.
CVE-2023-49618High7.52025-02-12Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-49615High7.52025-02-12Improper input validation in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-49603High7.52025-02-12Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-34440High7.52025-02-12Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-41168High7.42025-02-12Use after free in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-39356High7.42025-02-12NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-57378High7.32025-02-13Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability.
CVE-2023-29164High7.32025-02-12Improper access control in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board M50CYP and Intel(R) Server Board D50TNP before…
CVE-2024-57177High7.32025-02-10A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2.
CVE-2024-57407High7.32025-02-10An arbitrary file upload vulnerability in the component /userPicture of Timo v2.0.3 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2025-22962High7.22025-02-13A critical remote code execution (RCE) vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled.
CVE-2025-25387High7.22025-02-13A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
CVE-2025-25357High7.22025-02-13A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter.
CVE-2025-25356High7.22025-02-13A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter.
CVE-2025-25355High7.22025-02-13A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter.
CVE-2025-25354High7.22025-02-13A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter.
CVE-2025-25352High7.22025-02-13A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter.
CVE-2024-36262High7.22025-02-12Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-57782Medium6.82025-02-13An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service.
CVE-2024-56908Medium6.82025-02-13In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint.
CVE-2024-54916Medium6.82025-02-11An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the checkPasscode method.
CVE-2024-47006Medium6.72025-02-12Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-42492Medium6.72025-02-12Uncontrolled search path element in some BIOS and System Firmware Update Package for Intel(R) Server M50FCP family before version R01.02.0002 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-42419Medium6.72025-02-12Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-42405Medium6.72025-02-12Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.01std may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-39813Medium6.72025-02-12Uncontrolled search path for some EPCT software before version 1.42.8.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-39372Medium6.72025-02-12Uncontrolled search path for the Intel(R) XTU software for Windows before version 7.14.2.14 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-39365Medium6.72025-02-12Uncontrolled search path for the FPGA Support Package for the Intel(R) oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36291Medium6.72025-02-12Uncontrolled search path for some Intel(R) Chipset Software Installation Utility before version 10.1.19867.8574 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36283Medium6.72025-02-12Uncontrolled search path for the Intel(R) Thread Director Visualizer software before version 1.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36280Medium6.72025-02-12Uncontrolled search path for some Intel(R) High Level Synthesis Compiler software before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-32942Medium6.72025-02-12Incorrect default permissions for some Intel(R) DSA installer for Windows before version 24.2.19.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-32938Medium6.72025-02-12Uncontrolled search path for some Intel(R) MPI Library for Windows software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-24852Medium6.72025-02-12Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Driver Pack install before versions 29.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21830Medium6.72025-02-12Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-57725Medium6.52025-02-14An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.
CVE-2024-42410Medium6.52025-02-12Improper input validation in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-39797Medium6.52025-02-12Improper access control in some drivers for Intel(R) Ethernet Connection I219 Series before version 12.19.1.39 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-39355Medium6.52025-02-12Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access.
CVE-2024-39279Medium6.52025-02-12Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.
CVE-2024-36293Medium6.52025-02-12Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-36274Medium6.52025-02-12Out-of-bounds write in the Intel(R) 800 Series Ethernet Driver for Intel(R) Ethernet Adapter Complete Driver Pack before versions 29.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-37660Medium6.52025-02-11In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association.
CVE-2024-55212Medium6.52025-02-11DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx.
CVE-2025-1211Medium6.52025-02-11Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey.
CVE-2024-46437Medium6.52025-02-10A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and ba…
CVE-2024-46430Medium6.52025-02-10Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control.
CVE-2025-1227Medium6.32025-02-12A vulnerability was found in ywoa up to 2024.07.03.
CVE-2025-1225Medium6.32025-02-12A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03.
CVE-2025-1224Medium6.32025-02-12A vulnerability classified as critical was found in ywoa up to 2024.07.03.
CVE-2025-1216Medium6.32025-02-12A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03.
CVE-2024-51122Medium6.12025-02-12Cross Site Scripting vulnerability in Zertificon Z1 SecureMail Z1 CertServer v.3.16.4-2516-debian12 alllows a remote attacker to execute arbitrary code via the ST, L, O, OU, CN parameters.
CVE-2024-41166Medium6.12025-02-12Stack-based buffer overflow in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-40887Medium6.12025-02-12Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-39606Medium6.12025-02-12Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-32277Medium6.12025-02-12Untrusted Pointer Dereference in I/O subsystem for some Intel(R) QAT software before version 2.0.5 may allow authenticated user to potentially enable information disclosure via local operating system access.
CVE-2024-30211Medium6.02025-02-12Improper access control in some Intel(R) ME driver pack installer engines before version 2422.6.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-41934Medium5.92025-02-12Improper access control in some Intel(R) GPA software before version 2024.3 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-25523Medium5.92025-02-11Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of length verification, which is related to the mobile access point setup operation.
CVE-2024-57178Medium5.92025-02-10An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020.
CVE-2024-36285Medium5.62025-02-12Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-53311Medium5.52025-02-13A Stack buffer overflow in the arguments parameter in Immunity Inc.
CVE-2024-53310Medium5.52025-02-13A Structured Exception Handler based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when a specially crafted file is passed to the -ff parameter.
CVE-2024-53309Medium5.52025-02-13A stack-based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when an overly long string is passed to the "-f" parameter.
CVE-2024-57790Medium5.42025-02-14IXON B.V.
CVE-2024-57605Medium5.42025-02-12Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components.
CVE-2024-48170Medium5.42025-02-10PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php.
CVE-2024-31157Medium5.32025-02-12Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-31068Medium5.32025-02-12Improper Finite State Machines (FSMs) in Hardware Logic for some Intel(R) Processors may allow privileged user to potentially enable denial of service via local access.
CVE-2024-28047Medium5.32025-02-12Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-21859Medium5.32025-02-12Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2023-48366Medium5.32025-02-12Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable information disclosure via local access.
CVE-2025-1226Medium5.32025-02-12A vulnerability was found in ywoa up to 2024.07.03.
CVE-2024-44336Medium5.32025-02-11An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage.
CVE-2024-42513Medium5.32025-02-10Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.
CVE-2025-25529Medium5.12025-02-11Buffer overflow vulnerability in Digital China DCBC Gateway 200-2.1.1 due to the lack of length verification, which is related to the configuration of static NAT rules.
CVE-2025-25528Medium5.12025-02-11Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data.
CVE-2025-25527Medium5.12025-02-11Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length verification, which is related to the configuration of source address NAT rules.
CVE-2025-25526Medium5.12025-02-11Buffer overflow vulnerability in Mercury MIPC552W Camera v1.0 due to the lack of length verification, which is related to the configuration of the PPTP server.
CVE-2025-25525Medium5.12025-02-11Buffer overflow vulnerability in H3C FA3010L access points SWFA1B0V100R005 due to the lack of length verification, which is related to the setting of firewall rules.
CVE-2025-25524Medium5.12025-02-11Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules.
CVE-2022-35202Medium5.12025-02-11A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain (non-default) scenarios, to gain access to the private keys used for signing SAML Authn requests.
CVE-2025-25900Medium4.92025-02-13A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm.
CVE-2022-28693Medium4.72025-02-14Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2024-39779Medium4.72025-02-12Stack-based buffer overflow in some drivers for Intel(R) Ethernet Connection I219 Series before version 12.19.1.39 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-20097Medium4.32025-02-12Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access.
CVE-2024-37020Low3.82025-02-12Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-51324Low3.82025-02-11An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.
CVE-2025-25899Low3.52025-02-13A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm.
CVE-2024-34521Low3.52025-02-12A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an administrative user to access system files with the file permissions of the privileged system use…
CVE-2024-39286Low3.32025-02-12Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2025-1215Low2.82025-02-12A vulnerability classified as problematic was found in vim up to 9.1.1096.
CVE-2024-39271Low2.62025-02-12Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via a…
CVE-2024-26021Low2.32025-02-12Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-25571Low2.32025-02-12Improper input validation in some Intel(R) SPS firmware before SPS_E5_06.01.04.059.0 may allow a privileged user to potentially enable denial of service via local access.

Q-free · 43 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26359Critical9.82025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests.
CVE-2025-26347Critical9.82025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests.
CVE-2025-26345Critical9.82025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP request…
CVE-2025-26344Critical9.82025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via crafted HTT…
CVE-2025-26342Critical9.82025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators…
CVE-2025-26341Critical9.82025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP…
CVE-2025-26339Critical9.82025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availa…
CVE-2025-1100Critical9.82025-02-12A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH.
CVE-2025-26361Critical9.12025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.
CVE-2025-26378High8.82025-02-12A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via…
CVE-2025-26375High8.82025-02-12A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests.
CVE-2025-26371High8.82025-02-12A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests.
CVE-2025-26369High8.82025-02-12A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to user groups via crafted HTTP requests.
CVE-2025-26340High8.82025-02-12A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the authentication via crafted HTTP requests.
CVE-2025-26377High8.12025-02-12A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests.
CVE-2025-26368High8.12025-02-12A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups via crafted HTTP requests.
CVE-2025-26343High8.12025-02-12A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to brute-force user PINs via multiple crafted HTTP requests.
CVE-2025-26366High7.52025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP…
CVE-2025-26365High7.52025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP…
CVE-2025-26364High7.52025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafte…
CVE-2025-26363High7.52025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted…
CVE-2025-26362High7.52025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via…
CVE-2025-26356High7.22025-02-12A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests.
CVE-2025-26354High7.22025-02-12A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests.
CVE-2025-26349High7.22025-02-12A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted HTTP requests.
CVE-2025-26372High7.12025-02-12A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests.
CVE-2025-26370High7.12025-02-12A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests.
CVE-2025-26376Medium6.52025-02-12A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests.
CVE-2025-26374Medium6.52025-02-12A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
CVE-2025-26373Medium6.52025-02-12A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
CVE-2025-26355Medium6.52025-02-12A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests.
CVE-2025-26352Medium6.52025-02-12A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests.
CVE-2025-26358Medium5.52025-02-12A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests.
CVE-2025-26348Medium5.52025-02-12A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote atta…
CVE-2025-26346Medium5.52025-02-12A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserGroupMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote…
CVE-2025-1102Medium5.52025-02-12A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URL…
CVE-2025-26360Medium5.32025-02-12A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests.
CVE-2025-1101Medium5.32025-02-12A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests.
CVE-2025-26357Medium4.92025-02-12A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.
CVE-2025-26353Medium4.92025-02-12A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.
CVE-2025-26351Medium4.92025-02-12A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.
CVE-2025-26350Medium4.92025-02-12A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload malicious files via crafted HTTP requests.
CVE-2025-26367Medium4.32025-02-12A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests.

Adobe · 33 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24434Critical9.12025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation.
CVE-2025-24438High8.72025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into…
CVE-2025-24417High8.72025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into…
CVE-2025-24416High8.72025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into…
CVE-2025-24415High8.72025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into…
CVE-2025-24414High8.72025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into…
CVE-2025-24413High8.72025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into…
CVE-2025-24412High8.72025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into…
CVE-2025-24410High8.72025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into…
CVE-2025-24409High8.22025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass.
CVE-2025-24418High8.12025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation.
CVE-2025-24411High8.12025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2025-21161High7.82025-02-11Substance3D - Designer versions 14.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-24406High7.52025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature…
CVE-2025-24407High7.12025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
CVE-2025-24427Medium6.52025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2025-24426Medium6.52025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2025-24424Medium6.52025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2025-24422Medium6.52025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2025-24408Medium6.52025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation.
CVE-2025-21162Medium5.52025-02-11Photoshop Elements versions 2025.0 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user.
CVE-2025-24437Medium5.42025-02-11Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
CVE-2025-24428Medium5.42025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into…
CVE-2025-24425Medium5.32025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass.
CVE-2025-24436Medium4.32025-02-11Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
CVE-2025-24435Medium4.32025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation.
CVE-2025-24423Medium4.32025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation.
CVE-2025-24421Medium4.32025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
CVE-2025-24420Medium4.32025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
CVE-2025-24419Medium4.32025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
CVE-2025-24432Low3.72025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass.
CVE-2025-24430Low3.72025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass.
CVE-2025-24429Low3.52025-02-11Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access.

Linux · 18 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23359High8.32025-02-12NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system.
CVE-2025-21700High7.82025-02-13In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the fo…
CVE-2024-57951High7.82025-02-12In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfway through a CPU hotunplug down to CPUHP_HRTIMERS_P…
CVE-2025-21693High7.82025-02-10In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the current CPU at the beginn…
CVE-2025-21692High7.82025-02-10In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <g1042620637@gmail.com> found that ets_class_from_arg() can index an Out-Of-Bound class in ets_class_from_arg() when pa…
CVE-2025-21687High7.82025-02-10In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used t…
CVE-2025-21699Medium5.52025-02-12In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages…
CVE-2025-21697Medium5.52025-02-12In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job pointer is set to NULL after job completion After a job completes, the corresponding pointer in the device must be set to NULL.
CVE-2025-21696Medium5.52025-02-12In the Linux kernel, the following vulnerability has been resolved: mm: clear uffd-wp PTE/PMD state on mremap() When mremap()ing a memory region previously registered with userfaultfd as write-protected but without UFFD_FEATURE_EVENT_REM…
CVE-2025-21694Medium5.52025-02-12In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in __read_vmcore (part 2) Since commit 5cbcb62dddf5 ("fs/proc: fix softlockup in __read_vmcore") the number of softlockups in __read_vmcore at kd…
CVE-2024-57952Medium5.52025-02-12In the Linux kernel, the following vulnerability has been resolved: Revert "libfs: fix infinite directory reads for offset dir" The current directory offset allocator (based on mtree_alloc_cyclic) stores the next offset value to return i…
CVE-2025-21691Medium5.52025-02-10In the Linux kernel, the following vulnerability has been resolved: cachestat: fix page cache statistics permission checking When the 'cachestat()' system call was added in commit cf264e1329fb ("cachestat: implement cachestat syscall")…
CVE-2025-21690Medium5.52025-02-10In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kern…
CVE-2025-21689Medium5.52025-02-10In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due to an incorrect bounds check in t…
CVE-2024-57950Medium5.52025-02-10In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 [WHAT & HOW] Variables, used as denominators and maybe not assigned to other values, should be initialized to non-z…
CVE-2025-21701Medium4.72025-02-13In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modi…
CVE-2025-21695Medium4.72025-02-12In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The dell_uart_bl_serdev_probe() function calls devm_serdev_device_open() before setting the client ops via serdev_devi…
CVE-2025-21688Medium4.72025-02-10In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion"), we introduced…

Amd · 17 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21925High8.22025-02-11Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.
CVE-2024-21924High8.22025-02-11SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.
CVE-2024-0179High8.22025-02-11SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.
CVE-2023-31345High7.52025-02-12Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
CVE-2023-31343High7.52025-02-11Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
CVE-2023-31342High7.52025-02-11Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
CVE-2024-21966High7.32025-02-11A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2023-31361High7.32025-02-11A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2023-31360High7.32025-02-11Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2023-31352Medium6.02025-02-11A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.
CVE-2023-20515Medium5.72025-02-11Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.
CVE-2024-21971Medium5.52025-02-12Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.
CVE-2023-20582Medium5.32025-02-11Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.
CVE-2023-20508Medium5.02025-02-12Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.
CVE-2023-31331Low3.02025-02-11Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.
CVE-2023-20581Low2.52025-02-11Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity.
CVE-2023-20507Low2.32025-02-11An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity.

Siemens · 16 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45386High8.82025-02-11A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Saf…
CVE-2025-24811High7.52025-02-11A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C A…
CVE-2024-54089High7.52025-02-11A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions).
CVE-2024-54015High7.52025-02-11A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versi…
CVE-2025-23363High7.42025-02-11A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.000…
CVE-2025-24499High7.22025-02-11A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCA…
CVE-2025-23403High7.02025-02-11A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions).
CVE-2024-53648Medium6.82025-02-11A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.90), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP…
CVE-2024-53977Medium6.72025-02-11A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1).
CVE-2025-24812Medium6.52025-02-11A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0) (All versions < V4.7), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0) (All versions < V4.7), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7…
CVE-2025-24956Medium6.22025-02-11A vulnerability has been identified in OpenV2G (All versions < V0.9.6).
CVE-2024-54090Medium5.92025-02-11A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions).
CVE-2024-23814Medium5.32025-02-11The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly.
CVE-2023-37482Medium5.32025-02-11The login functionality of the web server in affected devices does not normalize the response times of login attempts.
CVE-2024-53651Medium4.62025-02-11A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versio…
CVE-2025-24532Medium4.32025-02-11A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCA…

Fortinet · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-40591High8.82025-02-11An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission t…
CVE-2025-24470High8.62025-02-11An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.
CVE-2025-24472High8.1KEV2025-02-11An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior kno…
CVE-2024-35279High8.12025-02-11A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets th…
CVE-2024-50567High7.22025-02-11An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.
CVE-2024-40584High7.22025-02-11An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and…
CVE-2024-27781High7.12025-02-11An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all ve…
CVE-2024-52968Medium6.72025-02-11An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.
CVE-2024-40586Medium6.72025-02-11An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.
CVE-2023-40721Medium6.72025-02-11A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.
CVE-2024-50569Medium6.62025-02-11A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.
CVE-2024-36508Medium6.02025-02-11An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and befor…
CVE-2024-33504Medium4.12025-02-11A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API a…
CVE-2024-52966Low2.32025-02-11An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation.
CVE-2024-27780Low2.22025-02-11Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to…

Sap_se · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25243High8.62025-02-11SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction.
CVE-2025-24876High8.12025-02-11The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass.
CVE-2025-24868High7.12025-02-11The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirec…
CVE-2025-24875Medium6.82025-02-11SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None).
CVE-2025-24874Medium6.82025-02-11SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking.
CVE-2025-24867Medium6.12025-02-11SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2025-24870Medium6.02025-02-11SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation.
CVE-2025-25241Medium5.42025-02-11Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information.
CVE-2025-0054Medium5.42025-02-11SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability.
CVE-2025-23187Medium5.32025-02-11Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data.
CVE-2025-24872Medium4.32025-02-11The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction.
CVE-2025-24869Medium4.32025-02-11SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions.
CVE-2025-23190Medium4.32025-02-11Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to.
CVE-2025-23189Medium4.32025-02-11Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data.
CVE-2025-23191Low3.12025-02-11Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request.

Gnu · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1178Medium5.62025-02-11A vulnerability was found in GNU Binutils 2.43.
CVE-2025-1182Medium5.02025-02-11A vulnerability, which was classified as critical, was found in GNU Binutils 2.43.
CVE-2025-1181Medium5.02025-02-11A vulnerability classified as critical was found in GNU Binutils 2.43.
CVE-2025-1179Medium5.02025-02-11A vulnerability was found in GNU Binutils 2.43.
CVE-2025-1176Medium5.02025-02-11A vulnerability was found in GNU Binutils 2.43 and classified as critical.
CVE-2025-1180Low3.12025-02-11A vulnerability classified as problematic has been found in GNU Binutils 2.43.
CVE-2025-1153Low3.12025-02-10A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44.
CVE-2025-1152Low3.12025-02-10A vulnerability classified as problematic has been found in GNU Binutils 2.43.
CVE-2025-1151Low3.12025-02-10A vulnerability was found in GNU Binutils 2.43.
CVE-2025-1150Low3.12025-02-10A vulnerability was found in GNU Binutils 2.43.
CVE-2025-1149Low3.12025-02-10A vulnerability was found in GNU Binutils 2.43.
CVE-2025-1148Low3.12025-02-10A vulnerability was found in GNU Binutils 2.43 and classified as problematic.
CVE-2025-1147Low3.12025-02-10A vulnerability has been found in GNU Binutils 2.43 and classified as problematic.

Mercedes-benz · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-34399Critical9.82025-02-13Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB.
CVE-2023-34402High7.72025-02-13Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB.
CVE-2023-34400High7.52025-02-13Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB.
CVE-2023-34398High7.52025-02-13Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB.
CVE-2023-34397High7.52025-02-13Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB.
CVE-2024-37600Medium6.82025-02-13An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021.
CVE-2023-34404Medium4.92025-02-13Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB.
CVE-2023-34403Medium4.92025-02-13Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB.
CVE-2024-37603Medium4.62025-02-13An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6.
CVE-2024-37602Medium4.62025-02-13An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021.
CVE-2024-37601Medium4.62025-02-13An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6.
CVE-2023-34401Low3.72025-02-13Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB.
CVE-2023-34406Low3.32025-02-13An issue was discovered on Mercedes Benz NTG 6.

Pdf-xchange · 12 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0911High8.82025-02-11PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.
CVE-2025-0910High8.82025-02-11PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability.
CVE-2025-0909High8.82025-02-11PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.
CVE-2025-0908High8.82025-02-11PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.
CVE-2025-0907High8.82025-02-11PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.
CVE-2025-0906High8.82025-02-11PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.
CVE-2025-0905High8.82025-02-11PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.
CVE-2025-0904High8.82025-02-11PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.
CVE-2025-0903High8.82025-02-11PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability.
CVE-2025-0902High8.82025-02-11PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.
CVE-2025-0901High8.82025-02-11PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability.
CVE-2025-0899High8.82025-02-11PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability.

Gitlab · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7102Critical9.62025-02-13An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.
CVE-2025-0376High8.72025-02-12An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.
CVE-2024-12379Medium6.52025-02-12A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via th…
CVE-2024-3303Medium6.42025-02-13An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue…
CVE-2025-1042Medium4.92025-02-12An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.
CVE-2024-8266Medium4.42025-02-13An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.
CVE-2025-0516Medium4.32025-02-12Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.
CVE-2024-9870Medium4.32025-02-12An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.
CVE-2025-1212Medium4.32025-02-12An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive in…
CVE-2025-1198Medium4.22025-02-13An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens acces…

Ivanti · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22467Critical9.92025-02-11A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
CVE-2024-47908Critical9.12025-02-11OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-10644Critical9.12025-02-11Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-13813High7.12025-02-11Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
CVE-2024-12058Medium6.82025-02-11External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.
CVE-2024-13830Medium6.12025-02-11Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges.
CVE-2024-13843Medium6.02025-02-11Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
CVE-2024-13842Medium6.02025-02-11A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
CVE-2024-11771Medium5.32025-02-11Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.

Schneider Electric · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1070High8.12025-02-13CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded.
CVE-2025-1058High8.12025-02-13CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device inoperable when malicious firmware is downloaded.
CVE-2025-0327High7.82025-02-13CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availabi…
CVE-2025-1060High7.52025-02-13CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker.
CVE-2025-1059High7.52025-02-13CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device.
CVE-2025-0816Medium6.52025-02-13CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious IPV6 packets are sent to the device.
CVE-2025-0815Medium6.52025-02-13CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious ICMPV6 packets are sent to the device.
CVE-2024-10083Medium5.52025-02-13CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input.
CVE-2025-0814Medium5.32025-02-13CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network services running on the product when malicious IEC61850-MMS packets are sent to the device.

Code-projects · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1197Medium6.32025-02-12A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical.
CVE-2025-1187Medium5.32025-02-12A vulnerability classified as critical was found in code-projects Police FIR Record Management System 1.0.
CVE-2025-1164Medium5.32025-02-11A vulnerability, which was classified as problematic, has been found in code-projects Police FIR Record Management System 1.0.
CVE-2025-1163Medium5.32025-02-11A vulnerability classified as critical was found in code-projects Vehicle Parking Management System 1.0.
CVE-2025-1196Low3.52025-02-12A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0.
CVE-2025-1195Low3.52025-02-12A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0.
CVE-2025-1171Low3.52025-02-11A vulnerability classified as problematic was found in code-projects Real Estate Property Management System 1.0.
CVE-2025-1170Low3.52025-02-11A vulnerability classified as problematic has been found in code-projects Real Estate Property Management System 1.0.

Progress · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0556High8.82025-02-12In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over…
CVE-2024-11343High8.32025-02-12In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access.
CVE-2025-0332High7.82025-02-12In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.
CVE-2024-12251High7.82025-02-12In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.
CVE-2024-11629High7.12025-02-12In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF.
CVE-2024-6097Medium5.32025-02-12In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.
CVE-2024-11628Medium4.12025-02-12In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.
CVE-2024-12629Medium4.12025-02-12In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.
CVESeverityCVSSKEVPublishedSummary
CVE-2025-25746Critical9.82025-02-12D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module.
CVE-2025-25744Critical9.82025-02-12D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module.
CVE-2025-25742Critical9.82025-02-12D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module.
CVE-2025-25745High8.82025-02-14D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module.
CVE-2025-25743High7.22025-02-12D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module.
CVE-2025-25740Medium5.52025-02-14D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module.
CVE-2025-25741Medium5.42025-02-12D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the IPv6_PppoePassword parameter in the SetIPv6PppoeSettings module.

Eniture · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13532High7.52025-02-12The Small Package Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user suppl…
CVE-2024-13480High7.52025-02-12The LTL Freight Quotes – For Customers of FedEx Freight plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.4.1 due to insufficient escaping on the…
CVE-2024-13477High7.52025-02-12The LTL Freight Quotes – Unishippers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 2.5.8 due to insufficient escaping on the user supplied parameter and lack o…
CVE-2024-13490High7.52025-02-12The LTL Freight Quotes – XPO Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.7 due to insufficient escaping on the user supplied para…
CVE-2024-13475High7.52025-02-12The Small Package Quotes – UPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 4.5.16 due to insufficient escaping on the user supplied parameter and lack of suf…
CVE-2024-13473High7.52025-02-12The LTL Freight Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameter in all versions up to, and including, 5.0.20 due to insufficient escaping on the user…

Anisha · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1210Medium6.32025-02-12A vulnerability classified as critical was found in code-projects Wazifa System 1.0.
CVE-2025-1162Medium6.32025-02-10A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0.
CVE-2025-1209Low3.52025-02-12A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0.
CVE-2025-1208Low3.52025-02-12A vulnerability was found in code-projects Wazifa System 1.0.
CVE-2025-1190Low3.52025-02-12A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic.

Apache · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-56180Critical9.82025-02-14CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g.
CVE-2024-52577Critical9.02025-02-14In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints.
CVE-2024-32838High8.82025-02-12SQL Injection vulnerability in various API endpoints - offices, dashboards, etc.
CVE-2024-46910High7.12025-02-13An authenticated user can perform XSS and potentially impersonate another user.
CVE-2025-25247Medium6.12025-02-10Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole.

Chimpstudio · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13182Critical9.82025-02-13The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5.
CVE-2025-0181Critical9.82025-02-11The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8.
CVE-2025-0180Critical9.82025-02-11The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.7.
CVE-2024-13011Critical9.82025-02-10The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7.
CVE-2024-13010Medium6.12025-02-10The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on the 'search_type' parameter.

Intel · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31858High7.82025-02-12Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-26083High7.52025-02-14Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.
CVE-2024-39284Medium6.72025-02-12Uncontrolled search path for some Intel(R) Advisor software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-29223Medium6.72025-02-12Uncontrolled search path for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-31153Medium5.02025-02-12Improper input validation for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable denial of service via local access.

Nvidia · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0112High7.52025-02-12NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree.
CVE-2024-0145Medium6.82025-02-12NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file.
CVE-2024-0144Medium6.82025-02-12NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a buffer overflow issue by means of a specially crafted JPEG2000 file.
CVE-2024-0143Medium6.82025-02-12NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file.
CVE-2024-0142Medium6.82025-02-12NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file.

Palo Alto Networks · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0108Critical9.1KEV2025-02-12An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interfa…
CVE-2025-0111Medium6.5KEV2025-02-12An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobod…
CVE-2025-01132025-02-12A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM.
CVE-2025-01102025-02-12A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run…
CVE-2025-01092025-02-12An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user…

Red Hat · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1244High8.82025-02-12A command injection flaw was found in the text editor Emacs.
CVE-2025-1247High8.32025-02-13A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope.
CVE-2024-11831Medium5.42025-02-10A flaw was found in npm-serialize-javascript.
CVE-2024-12243Medium5.32025-02-10A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing.
CVE-2024-12133Medium5.32025-02-10A flaw in libtasn1 causes inefficient handling of specific certificate data.

Solarwinds · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52612Medium6.82025-02-11SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability.
CVE-2024-28989Medium5.52025-02-11SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
CVE-2024-45718Medium4.62025-02-11Sensitive data could be exposed to non- privileged users in a configuration file.
CVE-2024-52611Low3.52025-02-11The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message.
CVE-2024-52606Low3.52025-02-11SolarWinds Platform is affected by server-side request forgery vulnerability.

Tungsten Automation · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12547High8.82025-02-11Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability.
CVE-2024-12551High7.82025-02-11Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability.
CVE-2024-12550High7.82025-02-11Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.
CVE-2024-12549High7.82025-02-11Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability.
CVE-2024-12548Low3.32025-02-11Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability.

1000 Projects · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1189Medium6.32025-02-12A vulnerability, which was classified as critical, was found in 1000 Projects Attendance Tracking Management System 1.0.
CVE-2025-1172Medium6.32025-02-11A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0.
CVE-2025-1173Medium4.72025-02-11A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0.
CVE-2025-1174Low2.42025-02-11A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as problematic.

Dell · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22399High7.92025-02-11Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability.
CVE-2025-22480High7.02025-02-13Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability.
CVE-2024-29172Medium5.92025-02-12Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability.
CVE-2024-29171Medium5.92025-02-12Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability.

Feminer_wms_project · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25997High7.52025-02-14Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.
CVE-2025-25994High7.52025-02-14SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.
CVE-2025-25993Medium5.12025-02-14SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid."
CVE-2025-25992Medium5.12025-02-14SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component.

Ibm · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55904High7.22025-02-14IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute a…
CVE-2024-56477Medium6.52025-02-14IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system.
CVE-2024-52895Medium6.52025-02-14IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check.
CVE-2024-56463Medium4.82025-02-14IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting.

Mayurik · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1202Medium6.32025-02-12A vulnerability classified as critical has been found in SourceCodester Best Church Management Software 1.1.
CVE-2025-1201Medium6.32025-02-12A vulnerability was found in SourceCodester Best Church Management Software 1.1.
CVE-2025-1200Medium6.32025-02-12A vulnerability was found in SourceCodester Best Church Management Software 1.1.
CVE-2025-1199Medium6.32025-02-12A vulnerability was found in SourceCodester Best Church Management Software 1.1.

Mvpthemes · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13653High8.82025-02-12The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options'…
CVE-2024-13643High8.82025-02-11The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification.
CVE-2024-13656High8.12025-02-12The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() funct…
CVE-2024-13654High8.12025-02-12The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all version…

Myscada · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24865Critical10.02025-02-13The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password.
CVE-2025-25067Critical9.82025-02-13mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
CVE-2025-22896High8.62025-02-13mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
CVE-2025-23411Medium6.32025-02-13mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information.

Octokit · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25290Medium5.32025-02-14@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node.
CVE-2025-25289Medium5.32025-02-14@octokit/request-error is an error class for Octokit request errors.
CVE-2025-25288Medium5.32025-02-14@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses.
CVE-2025-25285Medium5.32025-02-14@octokit/endpoint turns REST API endpoints into generic request options.

Pihome · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1214Medium6.32025-02-12A vulnerability classified as critical has been found in pihome-shc PiHome 2.0.
CVE-2025-1185Medium6.32025-02-12A vulnerability was found in pihome-shc PiHome 2.0.
CVE-2025-1184Medium6.32025-02-12A vulnerability was found in pihome-shc PiHome 1.77 and classified as critical.
CVE-2025-1213Low3.52025-02-12A vulnerability was found in pihome-shc PiHome 1.77.

Wattsense · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26410Critical9.82025-02-11The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials.
CVE-2025-26411High8.82025-02-11An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device.
CVE-2025-26409Medium6.82025-02-11A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices.
CVE-2025-26408Medium6.12025-02-11The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB.

Apple · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27859High8.82025-02-10The issue was addressed with improved memory handling.
CVE-2024-54658Medium6.52025-02-10The issue was addressed with improved memory handling.
CVE-2025-24200Medium6.1KEV2025-02-10An authorization issue was addressed with improved state management.

Broadcom · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2240High7.22025-02-14Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing.
CVE-2024-10404Medium5.52025-02-14CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text.
CVE-2025-1053Medium4.92025-02-14Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave.

Codezips · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1206Medium6.32025-02-12A vulnerability was found in Codezips Gym Management System 1.0.
CVE-2025-1188Medium6.32025-02-12A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0.
CVE-2025-1183Medium6.32025-02-12A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical.

Devolutions · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11621High8.82025-02-10Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.
CVE-2025-1193High8.12025-02-10Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack …
CVE-2025-1231Medium5.42025-02-11Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality.

Hoosk · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25990Medium6.12025-02-14Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.
CVE-2025-25991Medium5.12025-02-14SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.
CVE-2025-25988Medium4.82025-02-14Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter.

Hp · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26508Critical9.82025-02-14Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVE-2025-26507Critical9.82025-02-14Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVE-2025-26506Critical9.82025-02-14Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Humansignal · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25297High8.62025-02-14Label Studio is an open source data labeling tool.
CVE-2025-25296Medium6.12025-02-14Label Studio is an open source data labeling tool.
CVE-2025-252952025-02-14Label Studio is an open source data labeling tool.

Learndash · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-56940High7.52025-02-12An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service (DoS) via excessive file uploads.
CVE-2024-56939Medium5.42025-02-12LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ld-comment-body class.
CVE-2024-56938Medium5.42025-02-12LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the materials-content class.

Lexmark · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1126Critical9.32025-02-11A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.
CVE-2025-1127Critical9.12025-02-13The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.
CVE-2024-11344High7.32025-02-13A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices.

Lexmark International · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11347High7.32025-02-13Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et.
CVE-2024-11346High7.32025-02-13: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et.
CVE-2024-11345High7.32025-02-13A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices.

Outback Power · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26473High7.52025-02-13The Mojave Inverter uses the GET method for sensitive information.
CVE-2025-25281High7.52025-02-13An attacker may modify the URL to discover sensitive information about the target network.
CVE-2025-24861High7.52025-02-13An attacker may inject commands via specially-crafted post requests.

Properfraction · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13120Medium4.82025-02-13The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as a…
CVE-2024-13119Medium4.82025-02-13The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as a…
CVE-2024-13121Low3.52025-02-13The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as a…

Qardio · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24836High7.12025-02-13With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device.
CVE-2025-23421Medium6.42025-02-13An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications.
CVE-2025-20615Medium6.22025-02-13The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file.

Rupeeseed Technology Ventures · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-265242025-02-14This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints.
CVE-2025-265232025-02-14This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations.
CVE-2025-265222025-02-14This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints.

Sick Ag · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0867Critical9.92025-02-14The standard user uses the run as function to start the MEAC applications with administrative privileges.
CVE-2025-0593High8.82025-02-14The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by using lower-level functions to interact with the device.
CVE-2025-0592High8.82025-02-14The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.

Synology · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47265Medium6.52025-02-13Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authen…
CVE-2024-47264Medium4.92025-02-13Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated u…
CVE-2024-47266Low2.72025-02-13Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated…

Themerex · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13770High8.12025-02-13The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action.
CVE-2025-0837Medium6.42025-02-13The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.6 due to insufficient input sanitization and output escaping on user supplied attributes.
CVE-2024-13769Medium6.42025-02-12The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'theme_options_ajax_post_action' AJAX action in all versions up t…

Watchguard · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0178Medium6.12025-02-14Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI.
CVE-2025-1071Medium4.82025-02-14Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module.
CVE-2025-12392025-02-14Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list.

Zettler · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12013High7.62025-02-13A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h.
CVE-2024-12011High7.62025-02-13A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h.
CVE-2024-12012Medium5.72025-02-13A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h.

Ahmadmj · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13600High7.52025-02-12The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'majesticsupportdata' directory.
CVE-2024-13601Medium4.32025-02-12The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to…

Amini7 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13543Medium6.12025-02-11The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad…
CVE-2024-13544Medium4.82025-02-11The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in…

Anapi · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1270Critical9.12025-02-13Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the “pkrelated” parameter in the “/h6web/ha_datos_herm…
CVE-2025-1271Medium6.12025-02-13Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web.

Apustheme · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10763Critical9.82025-02-13The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function.
CVE-2024-12296High8.82025-02-12The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including…

Avaya · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12755High7.92025-02-11A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information.
CVE-2024-12756High7.32025-02-11An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user.

Beian.miit · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-57408High7.22025-02-10An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-57409Medium4.82025-02-10A stored cross-site scripting (XSS) vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the internet pictures field.

Bitapps · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0821Medium6.52025-02-14Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on…
CVE-2024-13791Medium4.92025-02-14Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function.

Brandtoss · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24688High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.20.0.
CVE-2025-24567Medium6.52025-02-14Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0.

Brizy · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10960Critical9.92025-02-12The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4.
CVE-2024-10322Medium6.42025-02-12The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping.

Dayrui · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1186Medium6.32025-02-12A vulnerability was found in dayrui XunRuiCMS up to 4.6.4.
CVE-2025-1177Medium6.32025-02-11A vulnerability was found in dayrui XunRuiCMS 4.6.3.

Detheme · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13644Medium6.42025-02-13The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on use…
CVE-2025-0661Medium4.32025-02-13The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicate_post() function due to insufficient restrictions on which posts can be duplicated.

Easyappointments · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-57602Critical9.82025-02-12An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.
CVE-2024-57601Medium6.12025-02-12Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter.

Freedomofpress · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24888High8.12025-02-13The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation.
CVE-2025-24889Medium4.52025-02-13The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation.

Janobe · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1192Medium6.32025-02-12A vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0.
CVE-2025-1191Medium6.32025-02-12A vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0 and classified as critical.

Jetbrains · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26492High7.72025-02-11In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
CVE-2025-26493Medium4.62025-02-11In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab

Kunbus Gmbh · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8684High8.32025-02-10OS Command Injection vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH.
CVE-2024-8685Medium4.32025-02-10Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH.

Mayswind · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-57604Critical9.82025-02-12An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.
CVE-2024-57603Medium6.32025-02-12An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.

Misskey · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24897High8.22025-02-11Misskey is an open source, federated social media platform.
CVE-2025-24896High8.12025-02-11Misskey is an open source, federated social media platform.

Netapp · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26511High8.82025-02-13Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerabi…
CVE-2025-24970High7.52025-02-10Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final.

Nexryai · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24973Critical9.32025-02-11Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey.
CVE-2025-24900High8.62025-02-11Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey.

Olajowon · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1229Medium6.32025-02-12A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6.
CVE-2025-1228Medium4.32025-02-12A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6.

Opensc · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-240322025-02-10PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login.
CVE-2025-240312025-02-10PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login.

Rankmath · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13227Medium6.42025-02-13The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization…
CVE-2024-13229Medium4.32025-02-13The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235.

Rems · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1168Medium6.32025-02-11A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0.
CVE-2025-1169Low3.52025-02-11A vulnerability was found in SourceCodester Image Compressor Tool 1.0.

Remyandrade · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1160High7.32025-02-10A vulnerability was found in SourceCodester Employee Management System 1.0.
CVE-2025-1166Medium6.32025-02-11A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical.

Salesforce · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26494High7.72025-02-11Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 through 2023.3.5.
CVE-2025-26495High7.52025-02-11Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.1…

Sap · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0064High8.72025-02-11Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in…
CVE-2025-23193Medium5.32025-02-11SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information.

Theme-fusion · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13346High7.32025-02-13The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13.
CVE-2024-13345High7.32025-02-13The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13.

Unknown · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7052Medium4.82025-02-14The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab…
CVE-2024-13125Low3.52025-02-13The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil…

Whisperfish · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24904High8.52025-02-13libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers.
CVE-2025-24903High8.52025-02-13libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers.

Wpswings · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13641Medium5.92025-02-14The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via…
CVE-2024-13692Medium5.42025-02-14The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 vi…

Zoo-project · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-251902025-02-10The ZOO-Project is an open source processing platform.
CVE-2025-251892025-02-10The ZOO-Project is an open source processing platform.

Abb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10334High7.32025-02-10A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video…

Ability, Inc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22698Medium6.32025-02-14Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.18.

Acymailing Newsletter Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24617High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing SMTP Newsletter: from…

Adamskaat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23651High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamskaat Scroll Top scroll-to-top-builder allows Reflected XSS.This issue affects Scroll Top: from n/a through <= 1.3.3.

Adirectory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13541Medium4.32025-02-12The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3.

Advplyr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25205High8.22025-02-12Audiobookshelf is a self-hosted audiobook and podcast server.

Agile Logix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24614High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agile Logix Post Timeline post-timeline allows Reflected XSS.This issue affects Post Timeline: from n/a through <= 2.3.9.

Alembic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25202Medium6.52025-02-11Ash Authentication is an authentication framework for Elixir applications.

Allimages · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13714High8.82025-02-12The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_get_image_by_url' function in all versions up to, and including, 1.0.4.

Allims · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1157Medium6.32025-02-10A vulnerability was found in Allims lab.online up to 20250201 and classified as critical.

Alpium · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12586Medium6.12025-02-13The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such…

Ami · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33659High8.82025-02-11AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker.

Apusthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12213Critical9.82025-02-12The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to 2.3.16.

Arash Safari · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23428High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arash Safari QMean – WordPress Did You Mean qmean allows Reflected XSS.This issue affects QMean – WordPress Did You Mean: from n/a throug…

Ariagle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23647High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ariagle WP-Clap wp-clap allows Reflected XSS.This issue affects WP-Clap: from n/a through <= 1.5.

Ashamil · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23766Medium6.52025-02-14Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments woo-ups-pickup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OPSI Israel Domestic Shipments: from n/a through <= 2.8…

Atlassian · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-15002Medium4.32025-02-11An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0.

Aviplugins.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24564High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcod…

Awcode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24554High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode AWcode Toolkit awcode-toolkit allows Reflected XSS.This issue affects AWcode Toolkit: from n/a through <= 1.0.14.

Badrhan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26552High7.12025-02-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in badrHan Naver Syndication V2 badr-naver-syndication allows Stored XSS.This issue affects Naver Syndication V2: from n/a through <= 0.8.3.

Billion Electric · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1143High8.42025-02-11Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system.

Blackbam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26582High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems tinymce-advanced-qtranslate-fix-editor-problems allows Stored XSS.This issue affects TinyMCE Advanced qTranslate fix editor problem…

Brainstorm Force · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13800High8.12025-02-12The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3…

Bss Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13152Critical10.02025-02-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.

Cacti · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26520High7.62025-02-12Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter.

Callmeforsox · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26569High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in Callmeforsox Post Thumbs allows Stored XSS.

Campcodes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1159Low3.52025-02-10A vulnerability was found in CampCodes School Management Software 1.0.

Cantonbolo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23492High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo WordPress 淘宝客插件 taobaoke allows Reflected XSS.This issue affects WordPress 淘宝客插件: from n/a through <= 1.1.2.

Chuhpl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13437Medium4.32025-02-12The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.

Cisco · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-3432Medium5.62025-02-12A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrec…

Cleantalk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13365Critical9.82025-02-12The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive() function in a…

Cli · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25204Medium6.32025-02-14`gh` is GitHub’s official command line tool.

Complete Seo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26580High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in Complete SEO Page/Post Specific Social Share Buttons pagepost-specific-social-share-buttons allows Stored XSS.This issue affects Page/Post Specific Social Share Buttons: from n/a through <…

Contempoinc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13421Critical9.82025-02-12The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1.

Craig.edmunds@gmail.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23598High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in craig.edmunds@gmail.com Recip.ly reciply allows Reflected XSS.This issue affects Recip.ly: from n/a through <= 1.1.8.

Creativewerkdesigns · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12164Medium4.32025-02-12The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwp_reset_settings() function in all versions up to…

Crm Perks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24558High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks support-x allows Reflected XSS.This issue affects CRM Perks: from n/a through <= 1.1.5.

Crowdstrike · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1146High8.12025-02-12CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud.

Crystalwebpro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23655High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crystalwebpro Contact Form 7 – Paystack Add-on cf7-paystack-add-on allows Reflected XSS.This issue affects Contact Form 7 – Paystack Add-…

Ctrlpanel-gg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25203High8.12025-02-11CtrlPanel is open-source billing software for hosting providers.

Cure53 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26791Medium4.52025-02-14DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

Dan Rossiter · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26538Medium6.52025-02-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Prezi Embedder prezi-embedder allows Stored XSS.This issue affects Prezi Embedder: from n/a through <= 2.1.

Darkseid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26157Medium5.92025-02-14A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST request parameter.

Daxiawp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26577High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish dx-auto-publish allows Stored XSS.This issue affects DX-auto-publish: from n/a through <= 1.2.

Dedecms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-57241Medium6.52025-02-11Dedecms 5.71sp1 and earlier is vulnerable to URL redirect.

Devbunchuk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23750High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devbunchuk Custom Widget Creator custom-widget-creator allows Reflected XSS.This issue affects Custom Widget Creator: from n/a through <=…

Devitemsllc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12599Medium6.42025-02-11The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output e…

Dingtian · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1283Critical9.82025-02-13The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page.

Distribution · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-249762025-02-11Distribution is a toolkit to pack, ship, store, and deliver container content.

Dmg Mori Digital Co., Ltd. And Nxtech Co., Ltd. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23406Medium5.32025-02-14Out-of-bounds read vulnerability caused by improper checking of TCP MSS option values exists in Cente middleware TCP/IP Network Series, which may lead to processing a specially crafted packet to cause the affected product crashed.

Duogeek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23786High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Email to Download email-to-download allows Reflected XSS.This issue affects Email to Download: from n/a through <= 3.1.0.

Eaglethemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0506Medium6.42025-02-12The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to insufficient input sanitization and output es…

Edmonparker · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13639Medium4.32025-02-13The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2.

Elabftw · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25206High8.32025-02-14eLabFTW is an open source electronic lab notebook for research labs.

Elfsight · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26561Medium5.92025-02-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elfsight Elfsight Yottie Lite yottie-lite allows Stored XSS.This issue affects Elfsight Yottie Lite: from n/a through <= 1.3.3.

Enituretechnology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13531High7.52025-02-12The ShipEngine Shipping Quotes plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient p…

Eprosima · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24807High7.12025-02-11eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group).

Era404 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13749Medium6.12025-02-12The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3.

Esafenet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1158Medium6.32025-02-10A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114.

Extra Innovation Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49780Medium6.12025-02-12Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier.

Fabio Zuanon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23652High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Zuanon Add custom content after post add-custom-content-after-post allows Reflected XSS.This issue affects Add custom content after…

Farjana55 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26567Medium6.52025-02-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farjana55 Font Awesome WP font-awesome-wp allows DOM-Based XSS.This issue affects Font Awesome WP: from n/a through <= 1.0.

Fatcatapps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24615High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat analytics-cat allows Reflected XSS.This issue affects Analytics Cat: from n/a through <= 1.1.2.

Foxskav · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23787High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foxskav Easy Bet easy-bet allows Reflected XSS.This issue affects Easy Bet: from n/a through <= 1.0.7.

Fredsted · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23568High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fredsted WP Login Attempt Log wp-login-attempt-log allows Reflected XSS.This issue affects WP Login Attempt Log: from n/a through <= 1.3.

Gchq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25182Critical9.42025-02-12Stroom is a data processing, storage and analysis platform.

Geonetwork · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32037Unrated2025-02-11GeoNetwork is a catalog application to manage spatially referenced resources.

Godthor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22705High7.12025-02-14Cross-Site Request Forgery (CSRF) vulnerability in godthor Disqus Popular Posts disqus-popular-posts allows Reflected XSS.This issue affects Disqus Popular Posts: from n/a through <= 2.1.1.

Goodwe Technologies Co., Ltd. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8893High7.32025-02-14Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd.

Gsplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11746Medium6.42025-02-12The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_brand' shortcode in all versions up to, and inclu…

Hashicorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0937High7.12025-02-12Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.

Hcl Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23563Low3.92025-02-12HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.

Hickory-dns · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-251882025-02-10Hickory DNS is a Rust based DNS client, server, and resolver.

Hoststreamsell · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23523High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoststreamsell HSS Embed Streaming Video hss-embed-streaming-video allows Reflected XSS.This issue affects HSS Embed Streaming Video: fro…

Hurrytimer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13735Medium6.42025-02-14The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and…

Infoway · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13435High7.52025-02-12The Ebook Downloader plugin for WordPress is vulnerable to SQL Injection via the 'download' parameter in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation…

Islandora · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25286Critical9.82025-02-13Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice.

Jack Hopman · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-3180Critical9.82025-02-11The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5.

Jensmueller · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26568High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Amazon Product Information easy-amazon-product-information allows Stored XSS.This issue affects Easy Amazon Product Information: from n/a through <= 4.0.1.

Jeremyshapiro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13459Medium6.42025-02-12The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesk_newcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input sanitization and output escaping on user sup…

Jesseheap · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26572High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in jesseheap WP PHPList phplist-form-integration allows Cross Site Request Forgery.This issue affects WP PHPList: from n/a through <= 1.7.

Jkroso · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25283High7.52025-02-12parse-duraton is software that allows users to convert a human readable duration to milliseconds.

Johannes Van Poelgeest · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23905High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johannes van Poelgeest Admin Options Pages admin-options-pages allows Reflected XSS.This issue affects Admin Options Pages: from n/a thro…

Johndarrel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13794Medium5.32025-02-12The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02.

Joomunited · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13374Medium4.32025-02-12The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3.

Kashipara · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26158Medium5.62025-02-14A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0.

Kelio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1175Medium6.12025-02-10Reflected Cross-Site Scripting (XSS) vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4, in versions between 3.2C and 5.1K.

Kevonadonis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12386High8.12025-02-12The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3.

Khaninejad · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23431High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khaninejad Envato Affiliater envato-affiliater allows Reflected XSS.This issue affects Envato Affiliater: from n/a through <= 1.2.4.

Khushwant Singh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23851High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khushwant Singh Coronavirus (COVID-19) Outbreak Data Widgets coronavirus-data-widgets allows Reflected XSS.This issue affects Coronavirus…

Koajs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25200High7.52025-02-12Koa is expressive middleware for Node.js using ES2017 async functions.

Kubernetes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0426Medium6.22025-02-13A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.

Kunal Shivale · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26550High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Global Meta Keyword & Description global-meta-keyword-and-description allows Stored XSS.This issue affects Global Meta Keyword & Description: from n/a through <= 2.3.

Kvvaradha · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23525High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboar…

Lakejason0 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25287Medium4.72025-02-13Lakeus is a simple skin made for MediaWiki.

Lanproxy_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-57777Medium5.12025-02-11Directory Traversal vulnerability in Ianproxy v.0.1 and before allows a remote attacker to obtain sensitive information

Lcweb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13814Medium5.42025-02-12The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5.

Lemmynet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25194Medium4.02025-02-10Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust.

Lenovo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12673High7.82025-02-12An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system.

Lf Projects · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54160Medium6.42025-02-12dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.

Linksys · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25522High7.32025-02-11Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation.

Logpoint · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-267892025-02-14An issue was discovered in Logpoint AgentX before 1.5.0.

Logsign · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1044Critical9.82025-02-11Logsign Unified SecOps Platform Authentication Bypass Vulnerability.

Lumsoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1165High7.32025-02-11A vulnerability, which was classified as critical, was found in Lumsoft ERP 8.

M.code · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24692High7.12025-02-14Missing Authorization vulnerability in M.Code Bulk Menu Edit bulk-menu-edit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Menu Edit: from n/a through <= 1.3.

Mailcow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25198High7.12025-02-12mailcow: dockerized is an open source groupware/email suite based on docker.

Makong · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23571High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in makong Internal Links Generator internal-links-generator allows Reflected XSS.This issue affects Internal Links Generator: from n/a throu…

Mark Winiarski · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23534Medium6.52025-02-14Missing Authorization vulnerability in Mark Winiarski WPLingo wplingo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLingo: from n/a through <= 1.1.2.

Marketing Fire · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22630Critical9.92025-02-14Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Marketing Fire Widget Options widget-options allows OS Command Injection.This issue affects Widget Options: from n/a through <= 4.1.0.

Mathieuhays · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26578High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple Documentation client-documentation allows Stored XSS.This issue affects Simple Documentation: from n/a through <= 1.2.8.

Matt Brooks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23646High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Brooks Library Instruction Recorder library-instruction-recorder allows Reflected XSS.This issue affects Library Instruction Recorde…

Mattermost · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0503Low3.12025-02-14Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database.

Maximize · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0692Low3.52025-02-13The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter…

Mayuri K · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1167Medium6.32025-02-11A vulnerability was found in Mayuri K Employee Management System up to 192.168.70.3 and classified as critical.

Michelem · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23853High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in michelem NoFollow Free nofollow-free allows Reflected XSS.This issue affects NoFollow Free: from n/a through <= 1.6.3.

Microdicom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1002Medium5.72025-02-10MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle…

Mike Martel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23474High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard live-dashboard allows Reflected XSS.This issue affects Live Dashboard: from n/a through <= 0.3.3.

Mikrotik · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54772Medium5.42025-02-11An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2.

Mintplex-labs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13059High7.22025-02-10A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library.

Mintty · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1052High8.82025-02-11Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability.

Misp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-57969Medium4.32025-02-14app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.

Mkkmail · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26558Medium6.52025-02-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mkkmail Aparat Responsive aparat-responsive allows DOM-Based XSS.This issue affects Aparat Responsive: from n/a through <= 1.3.

Moch Amir · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26574Medium6.52025-02-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moch Amir Google Drive WP Media google-drive-wp-media allows Stored XSS.This issue affects Google Drive WP Media: from n/a through <= 2.4…

Modelscope · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8550High7.52025-02-10A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4.

Monetagwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52500High7.22025-02-14Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.

Monicahq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54951Medium5.42025-02-13Monica 4.1.2 is vulnerable to Cross Site Scripting (XSS).

Murali · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23771Medium6.52025-02-14Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification…

Musl-libc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26519High8.12025-02-14musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.

Nabeel Tahir · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23653High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabeel Tahir Form To Online Booking cf7-calendly-integration allows Reflected XSS.This issue affects Form To Online Booking: from n/a thr…

Nagarjunsonti · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26547High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Login Logout Plugin my-loginlogout allows Stored XSS.This issue affects My Login Logout Plugin: from n/a through <= 2.4.

Najeebmedia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13456Medium6.42025-02-12The Easy Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wqt-question' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user su…

Netvision Information · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1145Medium6.12025-02-11NetVision Information ISOinsight has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques.

Nitrokey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25201Medium4.02025-02-12Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys.

Northern Beaches Websites · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24607Medium5.82025-02-14Missing Authorization vulnerability in Northern Beaches Websites IdeaPush ideapush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through <= 8.71.

Openproject · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24892Low3.52025-02-10OpenProject is open-source, web-based project management software.

Openssl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12797Medium6.32025-02-11Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set.

Orthanc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0896Critical9.82025-02-13Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled.

Pa1 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26549High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Sitemap wp-html-page-sitemap allows Stored XSS.This issue affects WP Html Page Sitemap: from n/a through <= 2.2.

Paessler · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12833Medium6.12025-02-11Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability.

Paoltaia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13506Medium6.42025-02-11The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the display_name profile parameter in all versions up to, and including, 2.8.97 due to…

Petkivim · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26539Medium6.52025-02-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petkivim Embed Google Map embed-google-map allows Stored XSS.This issue affects Embed Google Map: from n/a through <= 3.2.

Phjounin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1207Low3.12025-02-12A vulnerability was found in phjounin TFTPD64 4.64.

Php · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-31631Critical9.12025-02-12In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which…

Pix Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1156High7.32025-02-10A vulnerability has been found in Pix Software Vivaz 6.0.10 and classified as critical.

Podamibe Nepal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23742High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podamibe Nepal Podamibe Twilio Private Call podamibe-twilio-private-call allows Reflected XSS.This issue affects Podamibe Twilio Private…

Prestashop · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1230Medium4.82025-02-12Stored Cross-Site Scripting (XSS) vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘/<admin_directory>/index.php’, affecting the ‘link’ parameter.

Propertyhive · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0808Medium4.32025-02-12The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21.

Ptt Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12651High8.52025-02-14Exposed Dangerous Method or Function vulnerability in PTT Inc.

Pukhraj Suthar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26543High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu simple-responsive-menu allows Stored XSS.This issue affects Simple Responsive Menu: from n/a through <= 2.1.

Python Software Foundation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32202025-02-14There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime st…

Quanxun · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1144Critical9.82025-02-11School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials.

Rabilal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13606High7.52025-02-13The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory.

Rack · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25184Medium6.52025-02-12Rack provides an interface for developing web applications in Ruby.

Razvypp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23650High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in razvypp Tidy.ro tidyro allows Reflected XSS.This issue affects Tidy.ro: from n/a through <= 1.3.

Rickonline_nl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24641High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API better-wlm-api allows Stored XSS.This issue affects Better WishList API: from n/a through <= 1.1.3.

Roni Saha · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23788High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roni Saha Easy Filter easy-filter allows Reflected XSS.This issue affects Easy Filter: from n/a through <= 1.10.

Ruby · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25186Medium6.52025-02-10Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby.

Rusalex · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23657High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RusAlex WordPress-to-candidate for Salesforce CRM salesforce-wordpress-to-candidate allows Reflected XSS.This issue affects WordPress-to-…

Saleswonder Team: Tobias · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24565High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.3.3.

Shambhu Patnaik · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26562High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik RSS Filter rss-filter allows Stored XSS.This issue affects RSS Filter: from n/a through <= 1.2.

Shisuh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26545High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard related-posts-line-up-exactry-by-milliard allows Stored XSS.This issue affects Related Posts Line-up-Exactly by Milliard: from n/a through…

Sinaptik Ai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12366Critical9.82025-02-11PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LL…

Singsys · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23748High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Singsys Singsys -Awesome Gallery awesome-gallery-singsys allows Reflected XSS.This issue affects Singsys -Awesome Gallery: from n/a throu…

Sktthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13665Medium6.42025-02-12The Admire Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'space' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied att…

Smackcoders · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12315High7.52025-02-12The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory.

Smartdatasoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23857High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartDataSoft Essential WP Real Estate essential-wp-real-estate allows Reflected XSS.This issue affects Essential WP Real Estate: from n/…

Stklcode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13701Medium6.42025-02-12The Liveticker (by stklcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'liveticker' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping o…

Strongkey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26788High8.42025-02-14StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.

Supersaas · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0862Medium4.92025-02-11The SuperSaaS – online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escapi…

Sureshdsk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26551High7.12025-02-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Bootstrap collapse bootstrap-collapse allows Stored XSS.This issue affects Bootstrap collapse: from n/a through <= 1.0.4.

Sysbasics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24592High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SysBasics Customize My Account for WooCommerce customize-my-account-for-woocommerce allows Reflected XSS.This issue affects Customize My…

Tahminajannat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23789High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tahminajannat URL Shortener | Conversion Tracking | AB Testing | WooCommerce easy-broken-link-checker allows Reflected XSS.This issue a…

Tangiblewp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13867Medium6.12025-02-13The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping.

Tauhidul Alam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23658High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form advanced-angular-contact-form allows Reflected XSS.This issue affects Advanced Angular Contac…

Tecno · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1298Critical9.82025-02-14Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.

Temporal Technologies, Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-12432025-02-12The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission.

Themegoods · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22702Medium6.32025-02-14Missing Authorization vulnerability in ThemeGoods Photography photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photography: from n/a through <= 7.7.2.

Themeum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9601Medium6.52025-02-14The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ and 'UniqueID' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and outp…

Think201 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23751High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash data-dash allows Reflected XSS.This issue affects Data Dash: from n/a through <= 1.2.3.

Tommietott · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13493Medium4.82025-02-14The Sensly Online Presence WordPress plugin through 0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ca…

Tomáš Groulík · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24566High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomáš Groulík Intro Tour Tutorial DeepPresentation dp-intro-tours allows Reflected XSS.This issue affects Intro Tour Tutorial DeepPresent…
CVESeverityCVSSKEVPublishedSummary
CVE-2025-10992025-02-10This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware.

Uamv · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26570High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance That allows Cross Site Request Forgery.

Uiux Lab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24616High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder uix-page-builder allows Reflected XSS.This issue affects Uix Page Builder: from n/a through <= 1.7.3.

Unalignedcode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13570Medium6.12025-02-11The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adm…

Uscnanbu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0511High7.22025-02-12The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping.

Vega · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-253042025-02-14Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.

Vividcolorsjp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13539Medium5.32025-02-12The AForms Eats plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.3.1.

Wandb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10649Medium6.12025-02-10wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket.

Wassereimer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23790High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wassereimer Easy Code Placement allows Reflected XSS.

Wazuh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24016Critical9.9KEV2025-02-10Wazuh is a free and open source platform used for threat prevention, detection, and response.

Webkul · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1155Medium4.32025-02-10A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1.

Wibiya · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26571High7.12025-02-13Cross-Site Request Forgery (CSRF) vulnerability in wibiya Wibiya Toolbar wibiya allows Cross Site Request Forgery.This issue affects Wibiya Toolbar: from n/a through <= 2.0.

Winzip · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1240High8.82025-02-11WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability.

Wjharil · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23648High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wjharil AdsMiddle adsmiddle allows Reflected XSS.This issue affects AdsMiddle: from n/a through <= 1.0.

Wow-company · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24699High7.12025-02-14Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder wp-coder allows Cross-Site Scripting (XSS).This issue affects WP Coder: from n/a through <= 3.6.

Wpbookingcalendar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13821Medium5.32025-02-12The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10.

Wpcodefactory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13528High7.52025-02-12The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5.

Wpextended · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13554Medium5.32025-02-12The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13.

Wpo-hr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13658Medium6.42025-02-12The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hr_SIS_nextgen_searchbox' shortcode in all versions up to, and including, 3.2.1 due to insufficient input sanitization and outpu…

Xen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31144Low3.82025-02-14For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories (SRs).

Xxyopen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1154Medium6.32025-02-10A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1.

Xylus Themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24700High7.12025-02-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator wp-event-aggregator allows Reflected XSS.This issue affects WP Event Aggregator: from n/a through <= 1.8…

Zf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12054Medium5.42025-02-13ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely (proximal/adjacent with RF equipment…

Zulip · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25195Medium4.32025-02-13Zulip is an open source team chat application.