| 2025-01-15 | CVE-2024-13394 | The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode in all versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-15 | CVE-2025-21101 | Race Condition vulnerability in Dell Display Manager
Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion. | 6.3 |
| 2025-01-15 | CVE-2025-22394 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Dell Display Manager
Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. | 7.0 |
| 2025-01-15 | CVE-2024-13334 | The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_condition' parameter in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-14 | CVE-2024-10253 | A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | 4.7 |
| 2025-01-14 | CVE-2024-10254 | A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | 4.7 |
| 2025-01-14 | CVE-2024-45102 | A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances. | 6.8 |
| 2025-01-14 | CVE-2025-21135 | Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Animate
Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2025-01-14 | CVE-2025-21136 | Out-of-bounds Write vulnerability in Adobe Substance 3D Designer
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2025-01-14 | CVE-2025-21137 | Out-of-bounds Write vulnerability in Adobe Substance 3D Designer
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |