CVE-2025-21604
LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0.
CVE-2024-51112
Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script
CVE-2024-51111
Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.
CVE-2024-31914
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th…
CVE-2024-31913
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th…
CVE-2024-45559
Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend.
CVE-2024-43063
information disclosure while invoking the mailbox read API.
CVE-2024-33067
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.
CVE-2024-33061
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.
CVE-2024-33059
Memory corruption while processing frame command IOCTL calls.
CVE-2024-33055
Memory corruption while invoking IOCTL calls to unmap the DMA buffers.
CVE-2024-33041
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,
CVE-2024-23366
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.
CVE-2024-12311
The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2024-12302
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks
CVE-2024-11849
The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis…
CVE-2024-11356
The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
CVE-2024-20152
In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for ex…
CVE-2024-20151
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploita…
CVE-2024-20145
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User intera…