Total
32156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27180 | 1 Gdidees | 1 Gdidees Cms | 2025-02-12 | N/A | 7.5 HIGH |
| GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php. | |||||
| CVE-2022-32871 | 1 Apple | 1 Iphone Os | 2025-02-12 | N/A | 2.4 LOW |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information | |||||
| CVE-2024-1647 | 1 Kumaf | 1 Pyhtml2pdf | 2025-02-12 | N/A | 7.5 HIGH |
| Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. | |||||
| CVE-2024-1648 | 1 Fraserxu | 1 Electron-pdf | 2025-02-12 | N/A | 7.5 HIGH |
| electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. | |||||
| CVE-2023-6533 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | N/A | 6.5 MEDIUM |
| Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. | |||||
| CVE-2023-6640 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | N/A | 6.5 MEDIUM |
| Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. | |||||
| CVE-2024-2339 | 1 Dalibo | 1 Anonymizer | 2025-02-12 | N/A | 8.0 HIGH |
| PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3. | |||||
| CVE-2023-27729 | 1 F5 | 1 Njs | 2025-02-12 | N/A | 7.5 HIGH |
| Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. | |||||
| CVE-2023-20680 | 2 Google, Mediatek | 22 Android, Mt6779, Mt6781 and 19 more | 2025-02-12 | N/A | 6.7 MEDIUM |
| In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785. | |||||
| CVE-2023-0805 | 1 Gitlab | 1 Gitlab | 2025-02-12 | N/A | 4.9 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. | |||||
| CVE-2024-34370 | 1 Wpfactory | 1 Ean For Woocommerce | 2025-02-12 | N/A | 7.2 HIGH |
| Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. | |||||
| CVE-2024-29035 | 1 Umbraco | 1 Umbraco Cms | 2025-02-12 | N/A | 4.1 MEDIUM |
| Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1. | |||||
| CVE-2025-20907 | 1 Samsung | 1 Android | 2025-02-12 | N/A | 6.0 MEDIUM |
| Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find. | |||||
| CVE-2025-20892 | 1 Samsung | 1 Android | 2025-02-12 | N/A | 5.9 MEDIUM |
| Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability. | |||||
| CVE-2025-21253 | 1 Microsoft | 1 Edge | 2025-02-11 | N/A | 5.3 MEDIUM |
| Microsoft Edge for IOS and Android Spoofing Vulnerability | |||||
| CVE-2025-21267 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 4.4 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2025-21279 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2023-1426 | 1 Keetrax | 1 Wp Tiles | 2025-02-11 | N/A | 6.5 MEDIUM |
| The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post. | |||||
| CVE-2025-21283 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2025-21342 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||