CVE-2024-52333

CVE-2024-52333

Título es
CVE-2024-52333

Lun, 13/01/2025 – 15:15

Tipo
CWE-119

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-52333

Descripción en
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

13/01/2025
13/01/2025
Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
8.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://git.dcmtk.org/?p=dcmtk.git%3Ba%3Dcommit%3Bh%3D03e851b0586d05057c3268988e180ffb426b2e03

  • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121

  • https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2121

    • Enviar en el boletín
    Off

    CVE-2025-22963

    CVE-2025-22963

    Título es
    CVE-2025-22963

    Lun, 13/01/2025 – 16:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22963

    Descripción en
    Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.

    13/01/2025
    13/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://blog.teedy.io/

  • https://github.com/sismics/docs/releases/tag/v1.11

  • https://github.com/sota70/teedy-v1.11-csrf

    • Enviar en el boletín
    Off

    CVE-2025-22570

    CVE-2025-22570

    Título es
    CVE-2025-22570

    Lun, 13/01/2025 – 14:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22570

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Miloš Đekić Inline Tweets allows Stored XSS.This issue affects Inline Tweets: from n/a through 2.0.

    13/01/2025
    13/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/inline-tweets/vulnerability/wordpress-inline-tweets-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-22569

    CVE-2025-22569

    Título es
    CVE-2025-22569

    Lun, 13/01/2025 – 14:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22569

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grandslambert Featured Page Widget allows Reflected XSS.This issue affects Featured Page Widget: from n/a through 2.2.

    13/01/2025
    13/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/featured-page-widget/vulnerability/wordpress-featured-page-widget-plugin-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-22568

    CVE-2025-22568

    Título es
    CVE-2025-22568

    Lun, 13/01/2025 – 14:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22568

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paramveer Singh for Arete IT Private Limited Post And Page Reactions allows Reflected XSS.This issue affects Post And Page Reactions: from n/a through 1.0.5.

    13/01/2025
    13/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/post-and-page-reactions/vulnerability/wordpress-post-and-page-reactions-plugin-1-0-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-22567

    CVE-2025-22567

    Título es
    CVE-2025-22567

    Lun, 13/01/2025 – 14:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22567

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trustist TRUSTist REVIEWer allows Reflected XSS.This issue affects TRUSTist REVIEWer: from n/a through 2.0.

    13/01/2025
    13/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/trustist-reviewer/vulnerability/wordpress-trustist-reviewer-plugin-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-22777

    CVE-2025-22777

    Título es
    CVE-2025-22777

    Lun, 13/01/2025 – 14:15

    Tipo
    CWE-502

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22777

    Descripción en
    Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.19.3.

    13/01/2025
    13/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-givewp-plugin-3-19-3-php-object-injection-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-22588

    CVE-2025-22588

    Título es
    CVE-2025-22588

    Lun, 13/01/2025 – 14:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22588

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scanventory.net Scanventory allows Reflected XSS.This issue affects Scanventory: from n/a through 1.1.3.

    13/01/2025
    13/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/woocommerce-inventory-management/vulnerability/wordpress-scanventory-plugin-1-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-22586

    CVE-2025-22586

    Título es
    CVE-2025-22586

    Lun, 13/01/2025 – 14:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22586

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detlef Stöver WPEX Replace DB Urls allows Reflected XSS.This issue affects WPEX Replace DB Urls: from n/a through 0.4.0.

    13/01/2025
    13/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/wpex-replace/vulnerability/wordpress-wpex-replace-db-urls-plugin-0-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-22583

    CVE-2025-22583

    Título es
    CVE-2025-22583

    Lun, 13/01/2025 – 14:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22583

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshul Sojatia Scan External Links allows Reflected XSS.This issue affects Scan External Links: from n/a through 1.0.

    13/01/2025
    13/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/scan-external-links/vulnerability/wordpress-scan-external-links-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off