2651
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Ea…
|
-
|
CVE-2025-21529
|
2025-01-23 03:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2652
|
- |
|
-
|
-
|
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-23028
|
2025-01-23 02:15 |
2025-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2653
|
7.5 |
HIGH
Network
-
|
-
|
A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (…
|
CWE-789 CWE-476
Memory Allocation with Excessive Size Value NULL Pointer Dereference
|
CVE-2025-20165
|
2025-01-23 02:15 |
2025-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2654
|
5.3 |
MEDIUM
Network
-
|
-
|
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected d…
|
CWE-122 CWE-120
Heap-based Buffer Overflow Classic Buffer Overflow
|
CVE-2025-20128
|
2025-01-23 02:15 |
2025-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2655
|
4.4 |
MEDIUM
Network
|
-
|
-
|
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2024-51457
|
2025-01-23 02:15 |
2025-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2656
|
- |
|
-
|
-
|
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. Th…
|
-
|
CVE-2024-49734
|
2025-01-23 02:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2657
|
4.3 |
MEDIUM
Network
|
07fly
|
07flycms
|
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html
|
CWE-352
Origin Validation Error
|
CVE-2024-57161
|
2025-01-23 02:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2658
|
4.3 |
MEDIUM
Network
|
07fly
|
07flycms
|
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.
|
CWE-352
Origin Validation Error
|
CVE-2024-57160
|
2025-01-23 02:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2659
|
8.8 |
HIGH
Network
|
jfinaloa_project
|
jfinaloa
|
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
|
CWE-89
SQL Injection
|
CVE-2024-57775
|
2025-01-23 02:07 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2660
|
9.8 |
CRITICAL
Network
tenda
|
ac18_firmware
|
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.
|
CWE-77
Command Injection
|
CVE-2024-57583
|
2025-01-23 01:53 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|