Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2025-20634
|
N/A |
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.
|
03 Feb 2025
|
|
|
CVE-2025-20631
|
N/A |
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187.
|
03 Feb 2025
|
|
|
CVE-2025-20632
|
N/A |
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397139; Issue ID: MSV-2188.
|
03 Feb 2025
|
|
|
CVE-2025-20633
|
N/A |
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00400889; Issue ID: MSV-2491.
|
03 Feb 2025
|
|
|
CVE-2024-56898
|
N/A |
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.
|
03 Feb 2025
|
|
|
CVE-2024-56921
|
N/A |
An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response.
|
03 Feb 2025
|
|
|
CVE-2024-50656
|
N/A |
itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.
|
03 Feb 2025
|
|
|
CVE-2024-44449
|
N/A |
Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page.
|
03 Feb 2025
|
|
|
CVE-2024-57451
|
N/A |
ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory.
|
03 Feb 2025
|
|
|
CVE-2024-55456
|
N/A |
lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell
|
03 Feb 2025
|
|
|
CVE-2024-34897
|
N/A |
Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.
|
03 Feb 2025
|
|
|
CVE-2025-22918
|
N/A |
Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information.
|
03 Feb 2025
|
|
|
CVE-2024-57098
|
N/A |
Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.
|
03 Feb 2025
|
|
|
CVE-2024-53942
|
N/A |
An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device (with root-level permissions) via crafted input.
|
03 Feb 2025
|
|
|
CVE-2024-57669
|
N/A |
Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file.
|
03 Feb 2025
|
|
|
CVE-2024-57450
|
N/A |
ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.
|
03 Feb 2025
|
|
|
CVE-2025-25064
|
N/A |
SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata.
|
03 Feb 2025
|
|
|
CVE-2024-34896
|
N/A |
An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users who are disconnected from a previous peer-to-peer connection with the device to still have access to live video feed.
|
03 Feb 2025
|
|
|
CVE-2024-57099
|
N/A |
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.
|
03 Feb 2025
|
|
|
CVE-2025-25065
|
N/A |
SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.
|
03 Feb 2025
|
|
|
CVE-2024-56946
|
N/A |
Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads.
|
03 Feb 2025
|
|
|
CVE-2025-22978
|
N/A |
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.
|
03 Feb 2025
|
|
|
CVE-2025-25181
|
N/A |
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
|
03 Feb 2025
|
|
|
CVE-2024-57968
|
N/A |
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
|
03 Feb 2025
|
|
|
CVE-2025-23091
|
MEDIUM |
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.
|
01 Feb 2025
|
CVE-2025-20634
N/A
03 Feb 2025
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.
CVE-2025-20631
N/A
03 Feb 2025
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187.
CVE-2025-20632
N/A
03 Feb 2025
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397139; Issue ID: MSV-2188.
CVE-2025-20633
N/A
03 Feb 2025
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00400889; Issue ID: MSV-2491.
CVE-2024-56898
N/A
03 Feb 2025
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.
CVE-2024-56921
N/A
03 Feb 2025
An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response.
CVE-2024-50656
N/A
03 Feb 2025
itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.
CVE-2024-44449
N/A
03 Feb 2025
Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page.
CVE-2024-57451
N/A
03 Feb 2025
ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory.
CVE-2024-55456
N/A
03 Feb 2025
lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell
CVE-2024-34897
N/A
03 Feb 2025
Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.
CVE-2025-22918
N/A
03 Feb 2025
Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information.
CVE-2024-57098
N/A
03 Feb 2025
Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.
CVE-2024-53942
N/A
03 Feb 2025
An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device (with root-level permissions) via crafted input.
CVE-2024-57669
N/A
03 Feb 2025
Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file.
CVE-2024-57450
N/A
03 Feb 2025
ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.
CVE-2025-25064
N/A
03 Feb 2025
SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata.
CVE-2024-34896
N/A
03 Feb 2025
An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users who are disconnected from a previous peer-to-peer connection with the device to still have access to live video feed.
CVE-2024-57099
N/A
03 Feb 2025
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.
CVE-2025-25065
N/A
03 Feb 2025
SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.
CVE-2024-56946
N/A
03 Feb 2025
Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads.
CVE-2025-22978
N/A
03 Feb 2025
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.
CVE-2025-25181
N/A
03 Feb 2025
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
CVE-2024-57968
N/A
03 Feb 2025
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
CVE-2025-23091
MEDIUM
01 Feb 2025
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.
Page 449 of 681
Page 449 of 681