Security Vulnerabilities - CVEs Published In January 2025
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2025-01-07
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-01-07
An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-01-07
An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-01-07
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-01-07
Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute
CVSS Score
7.9
EPSS Score
0.002
Published
2025-01-07
A vulnerability, which was classified as problematic, has been found in code-projects Online Book Shop 1.0. Affected by this issue is some unknown functionality of the file /subcat.php. The manipulation of the argument catnm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-01-07
Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-01-07
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality
CVSS Score
9.8
EPSS Score
0.011
Published
2025-01-07
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file
CVSS Score
9.8
EPSS Score
0.026
Published
2025-01-07