|
2151
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
io_uring/sqpoll: zero sqd->thread on tctx errors
Syzkeller reports:
BUG: KASAN: slab-use-after-free in thread_group_cputime+0x40…
|
-
|
CVE-2025-21633
|
2025-01-19 20:15 |
2025-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2152
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Ensure shadow stack is active before "getting" registers
The x86 shadow stack support has its own set of registers. Thos…
|
-
|
CVE-2025-21632
|
2025-01-19 20:15 |
2025-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2153
|
4.5 |
MEDIUM
Local
|
-
|
-
|
A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulatio…
|
CWE-426
Untrusted Search Path
|
CVE-2025-0567
|
2025-01-19 17:15 |
2025-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2154
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac le…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2025-0566
|
2025-01-19 16:15 |
2025-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2155
|
7.3 |
HIGH
Network
-
|
-
|
A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument id leads to sql i…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0565
|
2025-01-19 15:15 |
2025-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2156
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8722
|
2025-01-19 14:15 |
2025-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2157
|
7.3 |
HIGH
Network
-
|
-
|
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipul…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0564
|
2025-01-19 13:15 |
2025-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2158
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs.
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2024-45654
|
2025-01-19 12:15 |
2025-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2159
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the s…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2024-45653
|
2025-01-19 12:15 |
2025-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2160
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to …
|
CWE-22
Path Traversal
|
CVE-2024-45652
|
2025-01-19 12:15 |
2025-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
