Total
32192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28949 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2025-02-07 | 6.8 MEDIUM | 7.8 HIGH |
| Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. | |||||
| CVE-2024-32100 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2025-02-07 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. | |||||
| CVE-2023-6922 | 1 Acurax | 1 Under Construction \/ Maintenance Mode | 2025-02-07 | N/A | 4.3 MEDIUM |
| The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors. | |||||
| CVE-2024-0680 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2025-02-07 | N/A | 5.3 MEDIUM |
| The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts. | |||||
| CVE-2024-0682 | 1 Theandystratton | 1 Pagerestrict | 2025-02-07 | N/A | 5.3 MEDIUM |
| The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts. | |||||
| CVE-2024-0975 | 1 Brandonwamboldt | 1 Wordpress Access Control | 2025-02-07 | N/A | 5.3 MEDIUM |
| The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Make Website Members Only" feature (when unset) and view restricted page and post content. | |||||
| CVE-2023-29569 | 1 Cesanta | 1 Mjs | 2025-02-06 | N/A | 5.5 MEDIUM |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2025-0510 | 1 Mozilla | 1 Thunderbird | 2025-02-06 | N/A | 6.5 MEDIUM |
| Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135. | |||||
| CVE-2023-30459 | 1 Smartptt | 1 Smartptt Scada | 2025-02-06 | N/A | 7.2 HIGH |
| SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default). | |||||
| CVE-2023-29850 | 1 Slims | 1 Senayan Library Management System | 2025-02-06 | N/A | 7.5 HIGH |
| SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information. | |||||
| CVE-2018-17453 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception. | |||||
| CVE-2023-28091 | 1 Hp | 1 Oneview | 2025-02-06 | N/A | 5.5 MEDIUM |
| HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump | |||||
| CVE-2023-28085 | 1 Hpe | 1 Oneview Global Dashboard | 2025-02-06 | N/A | 5.5 MEDIUM |
| An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials | |||||
| CVE-2025-1011 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 8.8 HIGH |
| A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | |||||
| CVE-2024-27947 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-06 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client. | |||||
| CVE-2024-3046 | 1 Eclipse | 1 Kura | 2025-02-06 | N/A | 7.5 HIGH |
| In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1] | |||||
| CVE-2023-38096 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-06 | N/A | 9.8 CRITICAL |
| NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19718. | |||||
| CVE-2024-4173 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | N/A | 7.6 HIGH |
| A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. | |||||
| CVE-2024-4159 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | N/A | 4.3 MEDIUM |
| Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information. | |||||
| CVE-2022-48314 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-06 | N/A | 6.5 MEDIUM |
| The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality. | |||||