7.1
CVE-2024-47895 - GPU DDK - OOB read into fwlog due to unchecked block count
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.
7.1
CVE-2024-47894 - GPU DDK - Out of bounds read into fwlog due to unchecked loop bounds
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.
8.8
CVE-2024-47897 - GPU DDK - PVRSRVRGXGetEnabledHWPerfBlocksKM off-by-one OOB write
Software installed and run as a non-privileged user may conduct improper GPU system calls resulting in platform instability and reboots.
4.8
CVE-2024-12568 - Email Subscribers < 5.7.45 - Admin+ Stored XSS
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for examplβ¦
4.8
CVE-2024-12567 - Email Subscribers < 5.7.45 - Admin+ Stored XSS
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example inβ¦
4.8
CVE-2024-12566 - Email Subscribers < 5.7.45 - Admin+ Stored XSS
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mulβ¦
7.5
CVE-2024-12274 - BookingPress < 1.1.23 - Unauthenticated Export File Download
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist).
4.8
CVE-2024-11636 - Email Subscribers < 5.7.45 - Admin+ Stored XSS
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exampβ¦
7.8
CVE-2025-0412 - Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability
Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must vβ¦
5.3
CVE-2025-0410 - liujianview gymxmjpa MenberConntroller.java MenberDaoInpl sql injection
A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. This vulnerability affects the function MenberDaoInpl of the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the argument hyname leads to sql injection. The attack can be iniβ¦