Total
2430 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48912 | 1 Glpi-project | 1 Glpi | 2025-01-10 | N/A | 8.1 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. | |||||
| CVE-2025-0213 | 1 Campcodes | 1 Project Management System | 2025-01-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Campcodes Project Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forms/update_forms.php?action=change_pic2&id=4. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-54096 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-10 | N/A | 5.3 MEDIUM |
| Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy. | |||||
| CVE-2024-13240 | 2025-01-10 | N/A | 7.5 HIGH | ||
| Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05. | |||||
| CVE-2024-23360 | 1 Qualcomm | 26 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 23 more | 2025-01-09 | N/A | 8.4 HIGH |
| Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers. | |||||
| CVE-2016-10408 | 1 Qualcomm | 10 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8037 and 7 more | 2025-01-09 | N/A | 8.4 HIGH |
| QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory. | |||||
| CVE-2024-13191 | 2025-01-09 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-29993 | 1 Microsoft | 1 Azure Cyclecloud | 2025-01-09 | N/A | 8.8 HIGH |
| Azure CycleCloud Elevation of Privilege Vulnerability | |||||
| CVE-2024-29990 | 1 Microsoft | 1 Azure Kubernetes Service Confidential Containers | 2025-01-09 | N/A | 9.0 CRITICAL |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | |||||
| CVE-2025-0346 | 2025-01-09 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/publishnews.php of the component Publish News Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0341 | 2025-01-09 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13212 | 2025-01-09 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13211 | 2025-01-09 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13210 | 2025-01-09 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in donglight bookstore电商书城系统说明 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The manipulation of the argument pictureFile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13201 | 2025-01-09 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13200 | 2025-01-09 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-38163 | 1 Microsoft | 4 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 1 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2024-30059 | 1 Microsoft | 1 Intune Mobile Application Management | 2025-01-08 | N/A | 6.1 MEDIUM |
| Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | |||||
| CVE-2024-21424 | 1 Microsoft | 1 Azure Compute Gallery | 2025-01-08 | N/A | 6.5 MEDIUM |
| Azure Compute Gallery Elevation of Privilege Vulnerability | |||||
| CVE-2024-26234 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 6.7 MEDIUM |
| Proxy Driver Spoofing Vulnerability | |||||