Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-23 | CVE-2024-55193 | Unspecified vulnerability in Openimageio 3.1.0.0 OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h. | 9.8 |
| 2025-01-23 | CVE-2024-55194 | Out-of-bounds Write vulnerability in Openimageio 3.1.0.0 OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h. | 9.8 |
| 2025-01-23 | CVE-2024-57328 | SQL Injection vulnerability in Projectworlds Online Food Ordering System 1.0 A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. | 9.8 |
| 2025-01-23 | CVE-2024-57386 | Cross-site Scripting vulnerability in Wallosapp Wallos 2.41.0 Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function. | 6.1 |
| 2025-01-23 | CVE-2024-57556 | Cross-site Scripting vulnerability in Nbubna Store Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component | 6.1 |
| 2025-01-23 | CVE-2024-45672 | IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. | 6.0 |
| 2025-01-23 | CVE-2025-23227 | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. | 6.4 |
| 2025-01-23 | CVE-2024-10539 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS.This issue affects Uyumsoft ERP: before Erp4.2109.166p45. | 5.5 |
| 2025-01-23 | CVE-2024-12118 | Cross-site Scripting vulnerability in Theeventscalendar the Events Calendar The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-23 | CVE-2024-12504 | Cross-site Scripting vulnerability in Videowhisper Broadcast Live Video The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |