Latest CVE Feed
-
6.5
CVSS31CVE-2025-21314
Windows SmartScreen Spoofing Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-22761
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer Ajax Contact Form allows Stored XSS.This issue affects Ajax Contact Form: from n/a through 1.2.5.1.... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.5
CVSS31CVE-2025-22798
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer Responsive jQuery Slider allows Stored XSS.This issue affects Responsive jQuery Slider: from n/a through 1.1.1.... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.5
CVSS31CVE-2025-22749
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwoThemes Social Media Engine allows Stored XSS.This issue affects Social Media Engine: from n/a through 1.0.2.... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.5
CVSS31CVE-2024-7344
Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-21288
Windows COM Server Information Disclosure Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-20036
Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.5
CVSS31CVE-2025-21193
Active Directory Federation Server Spoofing Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-23366
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated a... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-53649
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80), S... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2023-42786
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.... Read more
Affected Products : fortios- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2023-42785
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.... Read more
Affected Products : fortios- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-0435
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.5
CVSS31CVE-2024-46920
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadInputBuffers.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
6.5
CVSS31CVE-2024-57653
An issue in the qst_vec_set_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 15, 2025
-
6.5
CVSS31CVE-2024-12087
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the ... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-12088
A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-33502
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2024-36504
An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN ... Read more
Affected Products : fortios- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.5
CVSS31CVE-2025-21083
Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025