| 2025-02-11 | CVE-2024-13830 | Cross-site Scripting vulnerability in Ivanti Connect Secure 22.7/7.1/7.4
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. | 6.1 |
| 2025-02-11 | CVE-2024-13842 | Use of Hard-coded Cryptographic Key vulnerability in Ivanti Connect Secure 22.7/7.1/7.4
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | 4.4 |
| 2025-02-11 | CVE-2024-13843 | Cleartext Storage of Sensitive Information vulnerability in Ivanti Connect Secure 22.7/7.1/7.4
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | 4.4 |
| 2025-02-11 | CVE-2024-47908 | OS Command Injection vulnerability in Ivanti Cloud Services Appliance
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2025-02-11 | CVE-2025-22467 | Stack-based Buffer Overflow vulnerability in Ivanti Connect Secure
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. | 8.8 |
| 2025-02-11 | CVE-2025-24807 | Insufficient Verification of Data Authenticity vulnerability in Eprosima Fast DDS
eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). | 7.1 |
| 2025-02-11 | CVE-2025-24896 | Insufficient Session Expiration vulnerability in Misskey
Misskey is an open source, federated social media platform. | 8.1 |
| 2025-02-11 | CVE-2023-37482 | The login functionality of the web server in affected devices does not normalize the response times of login attempts. | 5.3 |
| 2025-02-11 | CVE-2024-13506 | The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the display_name profile parameter in all versions up to, and including, 2.8.97 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-02-11 | CVE-2024-45386 | A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). | 8.8 |