Total
10742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3968 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 7.8 HIGH |
| Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task. | |||||
| CVE-2024-4353 | 1 Concretecms | 1 Concrete Cms | 2025-01-17 | N/A | 4.8 MEDIUM |
| Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board instance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious JavaScript code. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 4.6 with a vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Concrete versions below 9 are not affected by this vulnerability.Thanks fhAnso for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC). | |||||
| CVE-2025-23202 | 2025-01-17 | N/A | N/A | ||
| Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to manipulate the API request URLs, potentially leading to unauthorized access or data tampering. This issue has been addressed in version 0.0.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-7512 | 1 Concretecms | 1 Concrete Cms | 2025-01-17 | N/A | 4.8 MEDIUM |
| Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation) | |||||
| CVE-2024-54101 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-17 | N/A | 6.2 MEDIUM |
| Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-1638 | 1 Zephyrproject | 1 Zephyr | 2025-01-17 | N/A | 8.2 HIGH |
| The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read. | |||||
| CVE-2022-24806 | 4 Debian, Fedoraproject, Net-snmp and 1 more | 15 Debian Linux, Fedora, Net-snmp and 12 more | 2025-01-17 | N/A | 6.5 MEDIUM |
| net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | |||||
| CVE-2025-21370 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 | 2025-01-17 | N/A | 7.8 HIGH |
| Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | |||||
| CVE-2024-43755 | 1 Adobe | 1 Experience Manager | 2025-01-15 | N/A | 3.5 LOW |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-52831 | 1 Adobe | 1 Experience Manager | 2025-01-15 | N/A | 3.5 LOW |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-21476 | 1 Qualcomm | 96 Aqt1000, Aqt1000 Firmware, Ar8035 and 93 more | 2025-01-15 | N/A | 7.8 HIGH |
| Memory corruption when the channel ID passed by user is not validated and further used. | |||||
| CVE-2024-54100 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-14 | N/A | 6.2 MEDIUM |
| Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2025-0465 | 2025-01-14 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in AquilaCMS 1.412.13. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v2/categories. The manipulation of the argument PostBody.populate leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-21473 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Ar9380 and 251 more | 2025-01-13 | N/A | 9.8 CRITICAL |
| Memory corruption while redirecting log file to any file location with any file name. | |||||
| CVE-2023-33100 | 1 Qualcomm | 100 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 97 more | 2025-01-13 | N/A | 7.5 HIGH |
| Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification. | |||||
| CVE-2024-21452 | 1 Qualcomm | 12 C-v2x 9150, C-v2x 9150 Firmware, Qca6584au and 9 more | 2025-01-13 | N/A | 7.3 HIGH |
| Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions. | |||||
| CVE-2024-54121 | 1 Huawei | 1 Harmonyos | 2025-01-13 | N/A | 6.2 MEDIUM |
| Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2024-56437 | 1 Huawei | 1 Harmonyos | 2025-01-13 | N/A | 5.7 MEDIUM |
| Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-51931 | 1 Alanclarke | 1 Urlite | 2025-01-13 | N/A | 7.5 HIGH |
| An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function. | |||||
| CVE-2022-34159 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2025-01-10 | N/A | 7.5 HIGH |
| Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-34159. | |||||