|
1
|
- |
|
-
|
-
|
CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers …
New
|
CWE-436
Interpretation Conflict
|
CVE-2025-24013
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
- |
|
-
|
-
|
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation…
New
|
CWE-346
CWE-350
CWE-1385
Origin Validation Error
Reliance on Reverse DNS Resolution for a Security-Critical Action
Missing Origin Validation in WebSockets
|
CVE-2025-24010
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
- |
|
-
|
-
|
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adi…
New
|
CWE-89
SQL Injection
|
CVE-2025-23220
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
- |
|
-
|
-
|
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adi…
New
|
CWE-89
SQL Injection
|
CVE-2025-23219
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
- |
|
-
|
-
|
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adi…
New
|
CWE-89
SQL Injection
|
CVE-2025-23218
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
- |
|
-
|
-
|
PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the …
New
|
CWE-352
Origin Validation Error
|
CVE-2025-23044
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
- |
|
-
|
-
|
gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them ap…
New
|
CWE-281
CWE-687
Improper Preservation of Permissions
Function Call With Incorrectly Specified Argument Value
|
CVE-2025-22620
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
- |
|
-
|
-
|
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays …
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-22131
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
- |
|
-
|
-
|
Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack,…
New
|
CWE-476
CWE-305
CWE-841
NULL Pointer Dereference
Authentication Bypass by Primary Weakness
Improper Enforcement of Behavioral Workflow
|
CVE-2024-51738
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
5.6 |
MEDIUM
Network
|
-
|
-
|
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without pri…
New
|
CWE-620
Unverified Password Change
|
CVE-2024-45647
|
2025-01-21 00:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
