Latest CVE Feed
-
5.4
CVSS31CVE-2025-23019
IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
5.4
CVSS31CVE-2025-23018
IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21139
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21138
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21137
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21136
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.8
CVSS31CVE-2025-21135
Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2024-55945
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
8.0
CVSS31CVE-2024-55924
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2024-55923
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
5.4
CVSS31CVE-2024-55922
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.5
CVSS31CVE-2024-55921
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2024-55920
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2024-55894
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.3
CVSS31CVE-2024-55893
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
4.8
CVSS31CVE-2024-55892
TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSR... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
3.1
CVSS31CVE-2024-55891
TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYP... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
0.0
NONECVE-2024-53263
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and ... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
7.5
CVSS31CVE-2024-48858
Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025
-
0.0
NONECVE-2025-23074
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.... Read more
Affected Products :- Published: Jan. 14, 2025
- Modified: Jan. 14, 2025