Latest CVE Feed
-
6.6
CVSS31CVE-2025-21327
Windows Digital Media Elevation of Privilege Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.6
CVSS31CVE-2025-21101
Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion.... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.6
CVSS31CVE-2025-21228
Windows Digital Media Elevation of Privilege Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2023-42786
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.... Read more
Affected Products : fortios- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-57488
Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
6.5
CVSS31CVE-2024-12087
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the ... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-12088
A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-57487
In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
6.5
CVSS31CVE-2024-53649
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80), S... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-33502
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-21272
Windows COM Server Information Disclosure Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-21288
Windows COM Server Information Disclosure Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-11734
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which caus... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-0058
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability ... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-21193
Active Directory Federation Server Spoofing Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-21301
Windows Geolocation Service Information Disclosure Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2023-42785
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.... Read more
Affected Products : fortios- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-21314
Windows SmartScreen Spoofing Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-0060
SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this inform... Read more
Affected Products : businessobjects_business_intelligence_platform- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-7344
Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025