Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2024-57602 | Unspecified vulnerability in Easyappointments 1.5.0 An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file. | 9.8 |
| 2025-02-12 | CVE-2025-1228 | A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. | 4.3 |
| 2025-02-12 | CVE-2025-1229 | A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. | 6.3 |
| 2025-02-12 | CVE-2024-12673 | An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1) local low complexity | 7.8 |
| 2025-02-12 | CVE-2025-0108 | Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. | 9.1 |
| 2025-02-12 | CVE-2025-0111 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software. | 6.5 |
| 2025-02-12 | CVE-2025-1226 | A vulnerability was found in ywoa up to 2024.07.03. | 5.3 |
| 2025-02-12 | CVE-2025-1225 | A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. | 6.3 |
| 2025-02-12 | CVE-2025-25343 | Classic Buffer Overflow vulnerability in Tenda AC6 Firmware 15.03.05.16 Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function. | 9.8 |
| 2025-02-12 | CVE-2024-6097 | Path Traversal vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability. | 5.3 |