Latest CVE Feed
-
7.2
HIGHCVE-2024-13059
A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in rem... Read more
Affected Products : anythingllm- Published: Feb. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2024-13011
The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7. This makes it possible for unauthenticated atta... Read more
Affected Products : foodbakery- Published: Feb. 10, 2025
- Modified: Feb. 10, 2025
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2024-13010
The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on the 'search_type' parameter. This makes it possible for unauthentica... Read more
Affected Products : foodbakery- Published: Feb. 10, 2025
- Modified: Feb. 10, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2024-10649
wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to multiple security issues including denial of service, sto... Read more
Affected Products :- Published: Feb. 10, 2025
- Modified: Feb. 11, 2025
- Vuln Type: Misconfiguration
-
5.7
MEDIUMCVE-2025-25188
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, ... Read more
Affected Products :- Published: Feb. 10, 2025
- Modified: Feb. 10, 2025
- Vuln Type: Cryptography
-
3.7
LOWCVE-2025-1152
A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity ... Read more
Affected Products : binutils- Published: Feb. 10, 2025
- Modified: Feb. 10, 2025
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2024-57409
A stored cross-site scripting (XSS) vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the internet pictures field.... Read more
Affected Products :- Published: Feb. 10, 2025
- Modified: Feb. 11, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2024-57408
An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file.... Read more
Affected Products :- Published: Feb. 10, 2025
- Modified: Feb. 11, 2025
- Vuln Type: Authentication
-
7.3
HIGHCVE-2024-57407
An arbitrary file upload vulnerability in the component /userPicture of Timo v2.0.3 allows attackers to execute arbitrary code via uploading a crafted file.... Read more
Affected Products :- Published: Feb. 10, 2025
- Modified: Feb. 19, 2025
- Vuln Type: Authentication
-
8.0
HIGHCVE-2024-54954
OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.... Read more
Affected Products : oneblog- Published: Feb. 10, 2025
- Modified: Mar. 28, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2024-48170
PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php.... Read more
Affected Products : small_crm- Published: Feb. 10, 2025
- Modified: Feb. 18, 2025
- Vuln Type: Cross-Site Scripting
-
3.1
LOWCVE-2025-1151
A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexit... Read more
Affected Products : binutils- Published: Feb. 10, 2025
- Modified: Feb. 10, 2025
- Vuln Type: Memory Corruption
-
3.1
LOWCVE-2025-1150
A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. ... Read more
Affected Products : binutils- Published: Feb. 10, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-25186
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response... Read more
Affected Products :- Published: Feb. 10, 2025
- Modified: Feb. 10, 2025
- Vuln Type: Denial of Service
-
5.4
MEDIUMCVE-2025-24892
OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not proper... Read more
Affected Products : openproject- Published: Feb. 10, 2025
- Modified: Aug. 27, 2025
- Vuln Type: Cross-Site Scripting
-
9.2
CRITICALCVE-2025-24032
PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of logging into the token. An atta... Read more
Affected Products :- Published: Feb. 10, 2025
- Modified: May. 21, 2025
- Vuln Type: Authentication
-
5.1
MEDIUMCVE-2025-24031
PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam... Read more
Affected Products :- Published: Feb. 10, 2025
- Modified: Feb. 10, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-21693
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the current CPU at the beginning of the opera... Read more
Affected Products : linux_kernel- Published: Feb. 10, 2025
- Modified: Apr. 16, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21692
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <[email protected]> found that ets_class_from_arg() can index an Out-Of-Bound class in ets_class_from_arg() when passed clid of 0. ... Read more
Affected Products : linux_kernel- Published: Feb. 10, 2025
- Modified: Feb. 21, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-21691
In the Linux kernel, the following vulnerability has been resolved: cachestat: fix page cache statistics permission checking When the 'cachestat()' system call was added in commit cf264e1329fb ("cachestat: implement cachestat syscall"), it was meant to ... Read more
Affected Products : linux_kernel- Published: Feb. 10, 2025
- Modified: Feb. 10, 2025
- Vuln Type: Authorization