|
111
|
5.3 |
MEDIUM
Network
-
|
-
|
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensiti…
New
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2024-22348
|
2025-01-21 03:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
112
|
5.9 |
MEDIUM
Network
|
-
|
-
|
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-22347
|
2025-01-21 03:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
- |
|
-
|
-
|
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET req…
New
|
CWE-918
CWE-835
Server-Side Request Forgery (SSRF)
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2025-23221
|
2025-01-21 02:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
- |
|
-
|
-
|
CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers …
New
|
CWE-436
Interpretation Conflict
|
CVE-2025-24013
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
- |
|
-
|
-
|
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation…
New
|
CWE-346
CWE-350
CWE-1385
Origin Validation Error
Reliance on Reverse DNS Resolution for a Security-Critical Action
Missing Origin Validation in WebSockets
|
CVE-2025-24010
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
- |
|
-
|
-
|
PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the …
New
|
CWE-352
Origin Validation Error
|
CVE-2025-23044
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
- |
|
-
|
-
|
gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them ap…
New
|
CWE-281
CWE-687
Improper Preservation of Permissions
Function Call With Incorrectly Specified Argument Value
|
CVE-2025-22620
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
- |
|
-
|
-
|
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays …
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-22131
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
- |
|
-
|
-
|
Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack,…
New
|
CWE-476
CWE-305
CWE-841
NULL Pointer Dereference
Authentication Bypass by Primary Weakness
Improper Enforcement of Behavioral Workflow
|
CVE-2024-51738
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
5.6 |
MEDIUM
Network
|
-
|
-
|
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without pri…
New
|
CWE-620
Unverified Password Change
|
CVE-2024-45647
|
2025-01-21 00:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
