THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 28, 2025

94 CVEs tracked today. 7 Critical, 40 High, 46 Medium, 1 Low.

CVE-2025-23211 CRITICAL CVSS 9.9
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Ssti Information Disclosure Recipes
CVE-2025-24800 CRITICAL CVSS 9.3
Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack
CVE-2025-24480 CRITICAL CVSS 9.3
A Remote Code Execution Vulnerability exists in the product and version listed above. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
CVE-2024-13448 CRITICAL CVSS 9.8
The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload WordPress Addons
CVE-2024-12649 CRITICAL CVSS 9.8
Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Buffer Overflow RCE Mf455dw Firmware
CVE-2024-12648 CRITICAL CVSS 9.8
Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Buffer Overflow RCE Mf455dw Firmware
CVE-2024-12647 CRITICAL CVSS 9.8
Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Buffer Overflow RCE Mf455dw Firmware
CVE-2025-24482 HIGH CVSS 7.0
A Local Code Injection Vulnerability exists in the product and version listed above. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
CVE-2025-24481 HIGH CVSS 7.0
An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-24479 HIGH CVSS 8.6
A Local Code Execution Vulnerability exists in the product and version listed above. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass RCE Windows
CVE-2025-24478 HIGH CVSS 7.1
A denial-of-service vulnerability exists in the affected products. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-23385 HIGH CVSS 7.8
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local. Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Dottrace Etw Host Service Resharper Rider
CVE-2025-23213 HIGH CVSS 8.7
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload XSS Recipes
CVE-2025-23212 HIGH CVSS 7.7
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Recipes
CVE-2025-23045 HIGH CVSS 8.7
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Computer Vision Annotation Tool
CVE-2025-22865 HIGH CVSS 7.5
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redhat Suse
CVE-2025-22217 HIGH CVSS 8.6
Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware SQLi
CVE-2025-0781 HIGH CVSS 8.6
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Simgear Debian Linux Suse
CVE-2025-0752 HIGH CVSS 7.1
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Request Smuggling Openshift Service Mesh Redhat
CVE-2025-0659 HIGH CVSS 7.0
A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell Information Disclosure
CVE-2025-0631 HIGH CVSS 8.7
A Credential Exposure Vulnerability exists in the above-mentioned product and version. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-0065 HIGH CVSS 7.8
Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Code Injection Windows
CVE-2024-57519 HIGH CVSS 7.5
An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Open5gs
CVE-2024-57376 HIGH CVSS 8.8
D-Link DSR series business routers (DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N) with firmware 3.13 through 3.17B901C contain a buffer overflow that allows unauthenticated remote code execution. The entire DSR business router product line is affected.

D-Link Buffer Overflow RCE Dsr 150 Firmware Dsr 150N Firmware
CVE-2024-56529 HIGH CVSS 7.1
Mailcow through 2024-11b has a session fixation vulnerability in the web panel. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation
CVE-2024-55968 HIGH CVSS 8.8
An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.5% and no vendor patch available.

Authentication Bypass Apple macOS
CVE-2024-48310 HIGH CVSS 7.5
AutoLib Software Systems OPAC v20.10 was discovered to have multiple API keys exposed within the source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2024-45340 HIGH CVSS 8.8
Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Redhat Suse
CVE-2024-45339 HIGH CVSS 7.1
When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Redhat Suse
CVE-2024-40677 HIGH CVSS 8.4
In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
CVE-2024-40676 HIGH CVSS 7.7
In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Android Google
CVE-2024-40675 HIGH CVSS 7.5
In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android Google
CVE-2024-40672 HIGH CVSS 8.4
In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
CVE-2024-40670 HIGH CVSS 8.4
In TBD of TBD, there is a possible use after free due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Privilege Escalation Android
CVE-2024-40669 HIGH CVSS 8.4
In TBD of TBD, there is a possible use after free due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Privilege Escalation Android
CVE-2024-40651 HIGH CVSS 8.4
In TBD of TBD, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Privilege Escalation Android Google
CVE-2024-40649 HIGH CVSS 8.4
In TBD of TBD, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Privilege Escalation Android Google
CVE-2024-34748 HIGH CVSS 8.4
In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Privilege Escalation Android Google
CVE-2024-34733 HIGH CVSS 8.4
In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Integer Overflow Android Google
CVE-2024-34732 HIGH CVSS 8.4
In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Race Condition Android Google
CVE-2024-13509 HIGH CVSS 7.2
The WS Form LITE - Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
CVE-2024-13484 HIGH CVSS 8.2
A flaw was found in openshift-gitops-operator-container. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Redhat Suse
CVE-2024-11135 HIGH CVSS 7.5
The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventer_get_attendees' function in all versions up to, and including, 3.9.8 due to insufficient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Eventer
CVE-2024-0150 HIGH CVSS 7.1
NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Nvidia Microsoft
CVE-2024-0146 HIGH CVSS 7.8
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure RCE Nvidia
CVE-2024-0136 HIGH CVSS 7.6
NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Information Disclosure Nvidia Denial Of Service Nvidia Container Toolkit
CVE-2024-0135 HIGH CVSS 7.6
NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Information Disclosure Nvidia Denial Of Service Nvidia Container Toolkit
CVE-2025-24826 MEDIUM CVSS 6.7
Local privilege escalation due to insecure folder permissions. Rated medium severity (CVSS 6.7). No vendor patch available.

Microsoft Privilege Escalation Windows
CVE-2025-24810 MEDIUM CVSS 4.8
Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
CVE-2025-23084 MEDIUM CVSS 5.5
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Node.js Path Traversal Node Js Windows
CVE-2025-23057 MEDIUM CVSS 5.5
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS Fabric Composer
CVE-2025-23056 MEDIUM CVSS 5.5
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS Fabric Composer
CVE-2025-23055 MEDIUM CVSS 5.5
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS Fabric Composer
CVE-2025-23054 MEDIUM CVSS 6.5
A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Fabric Composer
CVE-2025-23053 MEDIUM CVSS 6.5
A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Privilege Escalation Fabric Composer
CVE-2025-22917 MEDIUM CVSS 5.4
A reflected cross-site scripting (XSS) vulnerability in Audemium ERP <=0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
CVE-2025-0789 MEDIUM CVSS 5.3
A vulnerability classified as critical has been found in ESAFENET CDG V5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
CVE-2025-0788 MEDIUM CVSS 5.3
A vulnerability was found in ESAFENET CDG V5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cdg
CVE-2025-0787 MEDIUM CVSS 5.3
A vulnerability was found in ESAFENET CDG V5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cdg
CVE-2025-0786 MEDIUM CVSS 5.3
A vulnerability was found in ESAFENET CDG V5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cdg
CVE-2025-0785 MEDIUM CVSS 5.3
A vulnerability was found in ESAFENET CDG V5 and classified as problematic.jsp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cdg
CVE-2025-0784 MEDIUM CVSS 6.3
A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Incontrol Web
CVE-2025-0783 MEDIUM CVSS 5.3
A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-0754 MEDIUM CVSS 4.3
The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Redhat
CVE-2025-0750 MEDIUM CVSS 6.6
A vulnerability was found in CRI-O. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Redhat Suse
CVE-2025-0736 MEDIUM CVSS 5.5
A flaw was found in Infinispan, when using JGroups with JDBC_PING. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Redhat
CVE-2025-0432 MEDIUM CVSS 6.9
EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-0321 MEDIUM CVSS 6.4
The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elementskit PHP
CVE-2025-0290 MEDIUM CVSS 4.3
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
CVE-2024-57514 MEDIUM CVSS 4.8
The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

TP-Link XSS
CVE-2024-53881 MEDIUM CVSS 5.5
NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service
CVE-2024-53869 MEDIUM CVSS 5.5
NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Suse
CVE-2024-45341 MEDIUM CVSS 6.1
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redhat Suse
CVE-2024-45336 MEDIUM CVSS 6.1
The HTTP client drops sensitive headers after following a cross-domain redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redhat Suse
CVE-2024-40674 MEDIUM CVSS 5.3
In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Android Google
CVE-2024-40673 MEDIUM CVSS 6.5
In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Android Google
CVE-2024-29869 MEDIUM CVSS 5.5
Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Hive
CVE-2024-28786 MEDIUM CVSS 6.5
IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Security Information And Event Manager
CVE-2024-27263 MEDIUM CVSS 5.3
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
CVE-2024-23953 MEDIUM CVSS 6.5
Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Apache Hive
CVE-2024-22315 MEDIUM CVSS 4.0
IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Storage Fusion Storage Fusion Hci Storage Fusion Hci For Watsonx
CVE-2024-13527 MEDIUM CVSS 6.4
The Philantro - Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Philantro
CVE-2024-13521 MEDIUM CVSS 6.1
The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress Mailup Auto Subscription
CVE-2024-12807 MEDIUM CVSS 4.8
The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Share Buttons
CVE-2024-12723 MEDIUM CVSS 6.1
The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Infility Global
CVE-2024-11956 MEDIUM CVSS 5.1
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pimcore
CVE-2024-11954 MEDIUM CVSS 5.1
A vulnerability classified as problematic was found in Pimcore 11.4.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pimcore
CVE-2024-8401 MEDIUM CVSS 5.4
vulnerability exists when an authenticated attacker modifies folder names within the context of the product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
CVE-2024-7881 MEDIUM CVSS 5.1
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C1 Premium Firmware C1 Pro Firmware C1 Ultra Firmware Cortex X3 Firmware
CVE-2024-6351 MEDIUM CVSS 4.3
A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
CVE-2024-0147 MEDIUM CVSS 5.5
NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Nvidia Microsoft Memory Corruption
CVE-2024-0140 MEDIUM CVSS 6.8
NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure RCE Nvidia Deserialization
CVE-2024-0137 MEDIUM CVSS 5.5
NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Nvidia Denial Of Service Nvidia Container Toolkit Nvidia Gpu Operator Redhat
CVE-2024-0149 LOW CVSS 3.3
NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Buffer Overflow Nvidia Information Disclosure

Today's Vulnerabilities Vulnerabilities