CVE ID : CVE-2025-24891 Published : Jan. 31, 2025, 11:15 p.m. | 4 hours, 48 minutes ago Description : Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is…

CVE ID : CVE-2024-52875 Published : Jan. 31, 2025, 8:15 a.m. | 19 hours, 48 minutes ago Description : An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in…

CVE ID : CVE-2025-0929 Published : Jan. 31, 2025, 2:15 p.m. | 13 hours, 48 minutes ago Description : SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’. Severity: 9.8 | CRITICAL Visit…

CVE ID : CVE-2024-47891 Published : Jan. 31, 2025, 4:15 a.m. | 23 hours, 48 minutes ago Description : Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more……

CVE ID : CVE-2025-0493 Published : Jan. 31, 2025, 5:15 a.m. | 22 hours, 48 minutes ago Description : The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter. This makes it possible for unauthenticated attackers…

CVE ID : CVE-2024-13767 Published : Jan. 31, 2025, 3:15 a.m. | 1 day ago Description : The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access…

CVE ID : CVE-2024-23929 Published : Jan. 31, 2025, 1:15 a.m. | 1 day, 2 hours ago Description : This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telematics…

CVE ID : CVE-2024-23920 Published : Jan. 31, 2025, 1:15 a.m. | 1 day, 2 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue results from…

CVE ID : CVE-2024-23921 Published : Jan. 31, 2025, 1:15 a.m. | 1 day, 2 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue results from…

CVE ID : CVE-2024-23971 Published : Jan. 31, 2025, 12:15 a.m. | 1 day, 3 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue…