Latest CVE Feed
-
6.5
CVSS31CVE-2025-23366
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated a... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-21217
Windows NTLM Spoofing Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-36504
An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN ... Read more
Affected Products : fortios- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-54999
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
6.5
CVSS31CVE-2024-54021
An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header.... Read more
Affected Products : fortios- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-21308
Windows Themes Spoofing Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-46920
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadInputBuffers.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
6.4
CVSS31CVE-2024-12818
The WP Smart TV plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tv-video-player' shortcode in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attribut... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.4
CVSS31CVE-2024-13394
The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode in all versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.4
CVSS31CVE-2024-11870
The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.4
CVSS31CVE-2025-21403
On-Premises Data Gateway Information Disclosure Vulnerability... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.4
CVSS31CVE-2024-12240
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.4
CVSS31CVE-2024-12593
The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yeepdf_dotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output es... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.4
CVSS31CVE-2024-21758
A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protection... Read more
Affected Products : fortiweb- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.4
CVSS31CVE-2024-13156
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and outp... Read more
Affected Products : html5_video_player- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.4
CVSS31CVE-2024-13323
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attribu... Read more
Affected Products : wp_booking_calendar- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.3
CVSS31CVE-2025-0463
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0. It has been classified as critical. Affected is an unknown function of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minip... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.3
CVSS31CVE-2025-0067
Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.3
CVSS31CVE-2025-21393
Microsoft SharePoint Server Spoofing Vulnerability... Read more
Affected Products : sharepoint_server- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025