Latest CVE Feed
-
6.3
CVSS31CVE-2025-21393
Microsoft SharePoint Server Spoofing Vulnerability... Read more
Affected Products : sharepoint_server- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.3
CVSS31CVE-2025-0067
Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.2
CVSS31CVE-2025-21278
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.2
CVSS31CVE-2024-52898
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned.... Read more
Affected Products : mq- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.1
CVSS31CVE-2023-42246
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 14, 2025
-
6.1
CVSS31CVE-2023-42249
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 14, 2025
-
6.1
CVSS31CVE-2025-0393
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This ma... Read more
Affected Products : royal_elementor_addons- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.1
CVSS31CVE-2024-12423
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes i... Read more
Affected Products : contact_form_7_redirect_\&_thank_you_page- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.1
CVSS31CVE-2024-50861
The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 15, 2025
-
6.1
CVSS31CVE-2025-23026
jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with `script` tags or script attributes that include a Javascript template string (backticks) are subject to XSS. The `java... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
6.1
CVSS31CVE-2023-42230
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 14, 2025
-
6.1
CVSS31CVE-2023-42233
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 14, 2025
-
6.1
CVSS31CVE-2023-42250
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 14, 2025
-
6.1
CVSS31CVE-2023-42247
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 14, 2025
-
6.1
CVSS31CVE-2023-42245
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 14, 2025
-
6.1
CVSS31CVE-2025-21202
Windows Recovery Environment Agent Elevation of Privilege Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.1
CVSS31CVE-2024-13334
The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_condition' parameter in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unau... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.1
CVSS31CVE-2024-13348
The Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce validation on the smartagenda_options_page_html() functi... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.1
CVSS31CVE-2024-12403
The Image Gallery – Responsive Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'awsmgallery' parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This ... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
6.1
CVSS31CVE-2024-12086
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025