Latest CVE Feed
-
4.8
CVSS31CVE-2024-55892
TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSR... Read more
Affected Products : typo3- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.8
CVSS31CVE-2025-0057
SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read an... Read more
Affected Products : netweaver_application_server_java- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.8
CVSS31CVE-2025-22997
A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
4.7
CVSS31CVE-2024-10253
A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.7
CVSS31CVE-2024-45385
A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). Affected components are vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking use... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.7
CVSS31CVE-2024-10254
A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.6
CVSS31CVE-2025-21213
Secure Boot Security Feature Bypass Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.6
CVSS31CVE-2025-21215
Secure Boot Security Feature Bypass Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2024-13215
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authentica... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
4.3
CVSS31CVE-2025-21269
Windows HTML Platforms Security Feature Bypass Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2025-21189
MapUrlToZone Security Feature Bypass Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2025-0480
A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It i... Read more
Affected Products :- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
4.3
CVSS31CVE-2025-21268
MapUrlToZone Security Feature Bypass Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2025-21219
MapUrlToZone Security Feature Bypass Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2025-21329
MapUrlToZone Security Feature Bypass Vulnerability... Read more
- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2024-55923
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more
Affected Products : typo3- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2024-55894
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more
Affected Products : typo3- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2024-55945
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more
Affected Products : typo3- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2024-10775
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possi... Read more
Affected Products : piotnet_addons- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025
-
4.3
CVSS31CVE-2025-0446
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)... Read more
Affected Products : chrome- Published: Jan. 15, 2025
- Modified: Jan. 15, 2025