Security Vulnerabilities - CVEs Published In January 2025
RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-01-16
RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.
CVSS Score
9.8
EPSS Score
0.056
Published
2025-01-16
RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.
CVSS Score
9.8
EPSS Score
0.04
Published
2025-01-16
RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-01-16
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.
CVSS Score
9.8
EPSS Score
0.04
Published
2025-01-16
RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-01-16
RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-01-16
The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
CVSS Score
5.4
EPSS Score
0.003
Published
2025-01-16
Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment
CVSS Score
4.3
EPSS Score
0.003
Published
2025-01-16
DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application.
CVSS Score
8.1
EPSS Score
0.139
Published
2025-01-15