Latest CVE Feed
-
0.0
NONECVE-2025-23074
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
0.0
NONECVE-2025-23073
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data.This issue affects Mediawiki - GlobalBlocking Extension: from 1.39.X before 1.39.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
0.0
NONECVE-2025-23072
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - RefreshSpecial Extensio... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
0.0
NONECVE-2025-23042
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter ca... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
5.8
CVSS31CVE-2025-23041
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.3
CVSS31- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21134
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21133
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21132
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21131
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21130
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21129
Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21128
Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21127
Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious lib... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21122
Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interacti... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.7
CVSS31CVE-2025-0474
Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.5
CVSS31CVE-2024-57623
An issue in the HEAP_malloc component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
5.8
CVSS31CVE-2024-56374
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and ... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
0.0
NONECVE-2024-52006
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and G... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
0.0
NONECVE-2024-50349
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential h... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025