Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2025-21315 Unspecified vulnerability in Microsoft products
Microsoft Brokering File System Elevation of Privilege Vulnerability
local
high complexity
microsoft
7.8
7.8
2025-01-14 CVE-2025-21326 Unspecified vulnerability in Microsoft Windows Server 2022 23H2 and Windows Server 2025
Internet Explorer Remote Code Execution Vulnerability
local
low complexity
microsoft
7.8
7.8
2025-01-14 CVE-2025-21332 Unspecified vulnerability in Microsoft products
MapUrlToZone Security Feature Bypass Vulnerability
network
low complexity
microsoft
8.8
8.8
2025-01-14 CVE-2024-13179 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
 9.8
9.8
2025-01-14 CVE-2024-13180 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti CWE-22
7.5
7.5
2025-01-14 CVE-2024-13181 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
 9.8
9.8
2025-01-14 CVE-2024-52898 IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned.
local
low complexity
CWE-209
6.2
6.2
2025-01-14 CVE-2024-39759 Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-77
critical
 10.0
10
2025-01-14 CVE-2024-39760 Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-77
critical
 10.0
10
2025-01-14 CVE-2024-39761 Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-77
critical
 10.0
10