Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-11 | CVE-2025-24867 | SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2025-02-10 | CVE-2025-1158 | A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. | 6.3 |
| 2025-02-10 | CVE-2025-1157 | A vulnerability was found in Allims lab.online up to 20250201 and classified as critical. | 6.3 |
| 2025-02-10 | CVE-2025-1154 | A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1. | 6.3 |
| 2025-02-10 | CVE-2024-13010 | The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on the 'search_type' parameter. | 6.1 |
| 2025-02-10 | CVE-2025-24200 | Incorrect Authorization vulnerability in Apple Ipados An authorization issue was addressed with improved state management. | 6.1 |
| 2025-02-10 | CVE-2024-48170 | Cross-site Scripting vulnerability in PHPgurukul Small CRM 3.0 PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php. | 5.4 |
| 2025-02-10 | CVE-2024-57950 | Divide By Zero vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 [WHAT & HOW] Variables, used as denominators and maybe not assigned to other values, should be initialized to non-zero to avoid DIVIDE_BY_ZERO, as reported by Coverity. (cherry picked from commit e2c4c6c10542ccfe4a0830bb6c9fd5b177b7bbb7) | 5.5 |
| 2025-02-10 | CVE-2025-21688 | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion"), we introduced a change to assign the job pointer to NULL after completing a job, indicating job completion. However, this approach created a race condition between the DRM scheduler workqueue and the IRQ execution thread. | 4.7 |
| 2025-02-10 | CVE-2025-21689 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due to an incorrect bounds check in the following: if (newport > serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i\n", __func__, newport); break; } The condition doesn't account for the valid range of the serial->port buffer, which is from 0 to serial->num_ports - 1. | 5.5 |