Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-30 CVE-2025-0844 A vulnerability was found in needyamin Library Card System 1.0.
network
low complexity
CWE-94
4.3
4.3
2025-01-29 CVE-2025-0843 A vulnerability was found in needyamin Library Card System 1.0.
network
low complexity
CWE-74
7.3
7.3
2025-01-29 CVE-2025-21396 Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.
network
low complexity
CWE-862
7.5
7.5
2025-01-29 CVE-2025-21415 Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.
network
low complexity
CWE-290
critical
 9.9
9.9
2025-01-29 CVE-2024-11187 It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section.
network
low complexity
 7.5
7.5
2025-01-29 CVE-2024-12705 Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.
network
low complexity
 7.5
7.5
2025-01-29 CVE-2025-0842 A vulnerability was found in needyamin Library Card System 1.0 and classified as critical.
network
low complexity
CWE-74
7.3
7.3
2025-01-29 CVE-2025-0841 A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical.
network
low complexity
CWE-502
7.3
7.3
2025-01-29 CVE-2025-0840 A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43.
network
high complexity
CWE-121
5.0
5.0
2025-01-29 CVE-2023-35907 IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
high complexity
CWE-521
5.9
5.9