Security Vulnerabilities - CVEs Published In January 2025
An issue in the merge_table_prune_and_unionize component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-01-14
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number.
CVSS Score
5.3
EPSS Score
0.466
Published
2025-01-14
An issue in the BATcalcbetween_intern component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-14
An issue in the vscanf component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-14
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-01-13
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-01-13
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php".
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-13
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-01-13
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-01-13
A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-01-13