CVE ID : CVE-2024-13394 Published : Jan. 15, 2025, 6:15 a.m. | 54 minutes ago Description : The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘viewmedica’ shortcode in all versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…

CVE ID : CVE-2025-23061 Published : Jan. 15, 2025, 5:15 a.m. | 1 hour, 53 minutes ago Description : Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900. Severity: 9.0 | CRITICAL Visit the link for more…

CVE ID : CVE-2024-54142 Published : Jan. 14, 2025, 11:15 p.m. | 7 hours, 53 minutes ago Description : Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited…

CVE ID : CVE-2024-55924 Published : Jan. 14, 2025, 8:15 p.m. | 10 hours, 53 minutes ago Description : TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in…

CVE ID : CVE-2024-49375 Published : Jan. 14, 2025, 7:15 p.m. | 11 hours, 53 minutes ago Description : Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites…

CVE ID : CVE-2024-48856 Published : Jan. 14, 2025, 7:15 p.m. | 11 hours, 53 minutes ago Description : Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.…

CVE ID : CVE-2025-23025 Published : Jan. 14, 2025, 6:16 p.m. | 12 hours, 53 minutes ago Description : XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was **experimental**, and thus **not recommended**, in the versions affected by this vulnerability. It has…

CVE ID : CVE-2025-21417 Published : Jan. 14, 2025, 6:16 p.m. | 12 hours, 53 minutes ago Description : Windows Telephony Service Remote Code Execution Vulnerability Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2025-21413 Published : Jan. 14, 2025, 6:16 p.m. | 12 hours, 53 minutes ago Description : Windows Telephony Service Remote Code Execution Vulnerability Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2025-21411 Published : Jan. 14, 2025, 6:16 p.m. | 12 hours, 53 minutes ago Description : Windows Telephony Service Remote Code Execution Vulnerability Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source