Security Vulnerabilities - CVEs Published In January 2025
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-01-16
An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function.
CVSS Score
4.6
EPSS Score
0.003
Published
2025-01-16
Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions.
CVSS Score
4.6
EPSS Score
0.001
Published
2025-01-16
An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests.
CVSS Score
9.1
EPSS Score
0.002
Published
2025-01-16
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.11.0 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.12.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-01-16
Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-01-16