Latest CVE Feed
-
5.9
CVSS31CVE-2024-45627
In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, th... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2024-13172
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2024-13171
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.5
CVSS31CVE-2024-13170
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2024-13169
An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.5
CVSS31CVE-2024-13168
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.5
CVSS31CVE-2024-13167
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.5
CVSS31CVE-2024-13166
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.5
CVSS31CVE-2024-13165
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2024-13164
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2024-13163
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.2
CVSS31CVE-2024-13162
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
9.8
CVSS31CVE-2024-13161
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
9.8
CVSS31CVE-2024-13160
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
9.8
CVSS31CVE-2024-13159
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.2
CVSS31CVE-2024-13158
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more
Affected Products : endpoint_manager- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
5.3
CVSS31CVE-2024-11863
Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
0.0
NONECVE-2025-23081
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
2.4
CVSS31CVE-2025-0464
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Maintenance Section. The manipulation of the argument System Name leads ... Read more
Affected Products : task_reminder_system- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
6.3
CVSS31CVE-2025-0463
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0. It has been classified as critical. Affected is an unknown function of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minip... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025