Latest CVE Feed
-
5.8
CVSS31CVE-2025-23041
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.7
CVSS31CVE-2025-0474
Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.5
CVSS31CVE-2024-57623
An issue in the HEAP_malloc component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
5.8
CVSS31CVE-2024-56374
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and ... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.4
CVSS31CVE-2024-50338
Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
9.0
CVSS31CVE-2024-49375
Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.5
CVSS31CVE-2024-48857
NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
9.8
CVSS31CVE-2024-48856
Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
5.3
CVSS31CVE-2024-48855
Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
5.3
CVSS31CVE-2024-48854
Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-23366
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated a... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
5.3
CVSS31CVE-2025-23080
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - OpenBadges Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - OpenBadges Extension: from ... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.2
CVSS31CVE-2025-23052
Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operati... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.2
CVSS31CVE-2025-23051
An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary sys... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
9.0
CVSS31CVE-2025-23025
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was **experimental**, and thus **not recommended**, in the versions affected by this vulnerability. It has... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
8.8
CVSS31CVE-2025-21417
Windows Telephony Service Remote Code Execution Vulnerability... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
8.8
CVSS31CVE-2025-21413
Windows Telephony Service Remote Code Execution Vulnerability... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
8.8
CVSS31CVE-2025-21411
Windows Telephony Service Remote Code Execution Vulnerability... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
8.8
CVSS31CVE-2025-21409
Windows Telephony Service Remote Code Execution Vulnerability... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.4
CVSS31CVE-2025-21403
On-Premises Data Gateway Information Disclosure Vulnerability... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025