Security Vulnerabilities - CVEs Published In January 2025
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.
CVSS Score
8.8
EPSS Score
0.025
Published
2025-01-15
An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-01-15
An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions
CVSS Score
9.8
EPSS Score
0.421
Published
2025-01-15
Path Traversal: '.../...//' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.2.6.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-01-15
Missing Authorization vulnerability in bPlugins Button Block button-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through <= 1.1.5.
CVSS Score
4.3
EPSS Score
0.002
Published
2025-01-15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Stored XSS.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.5.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard Help Desk codebard-help-desk allows Reflected XSS.This issue affects CodeBard Help Desk: from n/a through <= 1.1.2.
CVSS Score
7.1
EPSS Score
0.002
Published
2025-01-15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WesternDeal GSheetConnector for Forminator Forms gsheetconnector-forminator allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through <= 1.0.12.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-01-15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alimir WP ULike wp-ulike allows Stored XSS.This issue affects WP ULike: from n/a through <= 4.7.6.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-01-15
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-01-15