Total
3082 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11868 | 1 Thimpress | 1 Learnpress | 2025-01-14 | N/A | 5.3 MEDIUM |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material. | |||||
| CVE-2025-0460 | 2025-01-14 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in Blog Botz for Journal Theme 1.0 on OpenCart. This affects an unknown part of the file /index.php?route=extension/module/blog_add. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13138 | 1 Wangl1989 | 1 Mysiteforme | 2025-01-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-48912 | 1 Glpi-project | 1 Glpi | 2025-01-10 | N/A | 8.1 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. | |||||
| CVE-2025-0213 | 1 Campcodes | 1 Project Management System | 2025-01-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Campcodes Project Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forms/update_forms.php?action=change_pic2&id=4. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-54096 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-10 | N/A | 5.3 MEDIUM |
| Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy. | |||||
| CVE-2024-23360 | 1 Qualcomm | 26 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 23 more | 2025-01-09 | N/A | 8.4 HIGH |
| Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers. | |||||
| CVE-2016-10408 | 1 Qualcomm | 10 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8037 and 7 more | 2025-01-09 | N/A | 8.4 HIGH |
| QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory. | |||||
| CVE-2024-29993 | 1 Microsoft | 1 Azure Cyclecloud | 2025-01-09 | N/A | 8.8 HIGH |
| Azure CycleCloud Elevation of Privilege Vulnerability | |||||
| CVE-2024-29990 | 1 Microsoft | 1 Azure Kubernetes Service Confidential Containers | 2025-01-09 | N/A | 9.0 CRITICAL |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | |||||
| CVE-2025-0346 | 2025-01-09 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/publishnews.php of the component Publish News Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0341 | 2025-01-09 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-38163 | 1 Microsoft | 4 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 1 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2024-30059 | 1 Microsoft | 1 Intune Mobile Application Management | 2025-01-08 | N/A | 6.1 MEDIUM |
| Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | |||||
| CVE-2024-21424 | 1 Microsoft | 1 Azure Compute Gallery | 2025-01-08 | N/A | 6.5 MEDIUM |
| Azure Compute Gallery Elevation of Privilege Vulnerability | |||||
| CVE-2024-26234 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 6.7 MEDIUM |
| Proxy Driver Spoofing Vulnerability | |||||
| CVE-2024-28922 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-08 | N/A | 4.1 MEDIUM |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-49068 | 1 Microsoft | 1 Sharepoint Server | 2025-01-08 | N/A | 8.2 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2024-43600 | 1 Microsoft | 1 Office | 2025-01-08 | N/A | 7.8 HIGH |
| Microsoft Office Elevation of Privilege Vulnerability | |||||
| CVE-2024-43594 | 1 Microsoft | 3 System Center 2019, System Center 2022, System Center 2025 | 2025-01-08 | N/A | 7.3 HIGH |
| Microsoft System Center Elevation of Privilege Vulnerability | |||||