Total
32218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7072 | 1 Pickplugins | 1 Post Grid Combo | 2025-01-22 | N/A | 7.5 HIGH |
| The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts. | |||||
| CVE-2024-2107 | 1 Blossomthemes | 1 Blossom Spa | 2025-01-22 | N/A | 5.8 MEDIUM |
| The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts. | |||||
| CVE-2023-6999 | 1 Podsfoundation | 1 Pods | 2025-01-22 | N/A | 8.8 HIGH |
| The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server. | |||||
| CVE-2023-31902 | 1 Mobilemouse | 1 Mobile Mouse | 2025-01-22 | N/A | 9.8 CRITICAL |
| RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE). | |||||
| CVE-2023-31847 | 1 Davinci Project | 1 Davinci | 2025-01-22 | N/A | 6.5 MEDIUM |
| In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side. | |||||
| CVE-2023-31724 | 1 Yasm Project | 1 Yasm | 2025-01-22 | N/A | 7.8 HIGH |
| yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c. | |||||
| CVE-2023-31723 | 1 Yasm Project | 1 Yasm | 2025-01-22 | N/A | 5.5 MEDIUM |
| yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c. | |||||
| CVE-2022-42443 | 1 Ibm | 2 Trusteer Android Sdk For Mobile, Trusteer Ios Sdk For Mobile | 2025-01-22 | N/A | 2.2 LOW |
| An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535. | |||||
| CVE-2023-22084 | 4 Fedoraproject, Mariadb, Netapp and 1 more | 4 Fedora, Mariadb, Oncommand Insight and 1 more | 2025-01-22 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2025-0206 | 1 Code-projects | 1 Online Shoe Store | 2025-01-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-31871 | 1 Opentext | 1 Documentum Content Server | 2025-01-22 | N/A | 7.8 HIGH |
| OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root. | |||||
| CVE-2025-21329 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-22 | N/A | 4.3 MEDIUM |
| MapUrlToZone Security Feature Bypass Vulnerability | |||||
| CVE-2025-21327 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-22 | N/A | 6.6 MEDIUM |
| Windows Digital Media Elevation of Privilege Vulnerability | |||||
| CVE-2025-21328 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-22 | N/A | 4.3 MEDIUM |
| MapUrlToZone Security Feature Bypass Vulnerability | |||||
| CVE-2025-21326 | 1 Microsoft | 2 Windows Server 2022 23h2, Windows Server 2025 | 2025-01-22 | N/A | 7.8 HIGH |
| Internet Explorer Remote Code Execution Vulnerability | |||||
| CVE-2025-21323 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-22 | N/A | 5.5 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability | |||||
| CVE-2025-21324 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-22 | N/A | 6.6 MEDIUM |
| Windows Digital Media Elevation of Privilege Vulnerability | |||||
| CVE-2025-21321 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-22 | N/A | 5.5 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability | |||||
| CVE-2025-21320 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-22 | N/A | 5.5 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability | |||||
| CVE-2025-21319 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-22 | N/A | 5.5 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability | |||||