Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-03 | CVE-2025-0195 | SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0 A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. | 6.5 |
| 2025-01-03 | CVE-2024-41780 | IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry. high complexity CWE-359 | 4.2 |
| 2025-01-03 | CVE-2024-5591 | IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2025-01-03 | CVE-2024-12132 | Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. | 4.3 |
| 2025-01-03 | CVE-2025-0174 | SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0 A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. | 6.5 |
| 2025-01-03 | CVE-2025-0175 | Cross-site Scripting vulnerability in Anisha Online Shop 1.0 A vulnerability was found in code-projects Online Shop 1.0. | 6.1 |
| 2025-01-02 | CVE-2023-23672 | Missing Authorization vulnerability in Givewp Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | 5.4 |
| 2025-01-02 | CVE-2024-55541 | Cross-site Scripting vulnerability in Acronis Cyber Protect 15/16 Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. | 6.1 |
| 2025-01-02 | CVE-2022-49035 | Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case. | 5.5 |
| 2025-01-02 | CVE-2023-45272 | Missing Authorization vulnerability in 10Web MAP Builder for Google Maps 1.0.74 Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73. | 4.3 |