| 2025-01-08 | CVE-2024-56435 | Unspecified vulnerability in Huawei Harmonyos 5.0.0
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
| 2025-01-08 | CVE-2024-56436 | Unspecified vulnerability in Huawei Harmonyos 5.0.0
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
| 2025-01-07 | CVE-2025-0218 | Use of Insufficiently Random Values vulnerability in Pgadmin Pgagent
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. | 7.1 |
| 2025-01-07 | CVE-2024-40702 | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation. | 8.2 |
| 2025-01-07 | CVE-2024-52367 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system. | 7.5 |
| 2025-01-07 | CVE-2025-22303 | Unspecified vulnerability in Wpmailster WP Mailster
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0. | 7.5 |
| 2025-01-07 | CVE-2024-12152 | The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. | 7.5 |
| 2025-01-07 | CVE-2024-12202 | The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6. | 8.8 |
| 2025-01-07 | CVE-2024-11725 | The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including, 3.7.6. | 8.8 |
| 2025-01-07 | CVE-2024-12471 | The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. | 8.8 |