Security Vulnerabilities - CVEs Published In January 2025
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component gray_record_cell.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-01-23
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component blend_transformed_tiled_argb.isra.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-23
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_blend.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-01-23
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-01-23
The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.002
Published
2025-01-22
Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 <= 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription.
CVSS Score
5.4
EPSS Score
0.002
Published
2025-01-22
A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-01-22
D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp.
CVSS Score
5.7
EPSS Score
0.001
Published
2025-01-22
Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.2
EPSS Score
0.006
Published
2025-01-22
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
7.5
EPSS Score
0.009
Published
2025-01-22