Security Vulnerabilities - CVEs Published In January 2025
OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-01-23
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-23
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-01-23
A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-23
gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-01-23
gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-01-23
KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-23
KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-23
Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
CVSS Score
8.8
EPSS Score
0.005
Published
2025-01-23
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-01-23