Total
278056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31872 | 1 Ibm | 1 Security Verify Access | 2025-01-28 | N/A | 7.5 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | |||||
| CVE-2024-31871 | 1 Ibm | 1 Security Verify Access | 2025-01-28 | N/A | 7.5 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. | |||||
| CVE-2024-1042 | 1 Wpmilitary | 1 Wp Radio | 2025-01-28 | N/A | 6.4 MEDIUM |
| The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin's settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041. | |||||
| CVE-2024-3214 | 1 Relevanssi | 1 Relevanssi | 2025-01-28 | N/A | 5.8 MEDIUM |
| The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | |||||
| CVE-2024-30182 | 1 Hasthemes | 1 Ht Mega | 2025-01-28 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega allows Stored XSS.This issue affects HT Mega: from n/a through 2.4.3. | |||||
| CVE-2024-25962 | 1 Dell | 1 Insightiq | 2025-01-28 | N/A | 8.3 HIGH |
| Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data. | |||||
| CVE-2024-2120 | 1 Elementor | 1 Website Builder | 2025-01-28 | N/A | 5.4 MEDIUM |
| The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-29913 | 1 Themeum | 1 Tutor Lms Elementor Addons | 2025-01-28 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3. | |||||
| CVE-2024-29911 | 1 Master-addons | 1 Master Addons | 2025-01-28 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. | |||||
| CVE-2024-2210 | 1 Posimyth | 1 The Plus Addons For Elementor | 2025-01-28 | N/A | 6.4 MEDIUM |
| The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2025-24137 | 2025-01-28 | N/A | 8.0 HIGH | ||
| A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution. | |||||
| CVE-2025-0784 | 2025-01-28 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-57590 | 2025-01-28 | N/A | 9.8 CRITICAL | ||
| TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request. | |||||
| CVE-2024-57549 | 2025-01-28 | N/A | 7.5 HIGH | ||
| CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request. | |||||
| CVE-2024-57548 | 2025-01-28 | N/A | 9.1 CRITICAL | ||
| CMSimple 5.16 allows the user to edit log.php file via print page. | |||||
| CVE-2024-57547 | 2025-01-28 | N/A | 7.5 HIGH | ||
| Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files. | |||||
| CVE-2024-57546 | 2025-01-28 | N/A | 7.5 HIGH | ||
| An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function. | |||||
| CVE-2024-57373 | 2025-01-28 | N/A | 8.1 HIGH | ||
| Cross Site Request Forgery vulnerability in LifestyleStore v.1.0 allows a remote attacker to execute arbitrary cod and obtain sensitive information. | |||||
| CVE-2024-57272 | 2025-01-28 | N/A | 6.1 MEDIUM | ||
| SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2024-57052 | 2025-01-28 | N/A | 9.8 CRITICAL | ||
| An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file. | |||||