Lista CVE - 2025 / Gennaio
Visualizzazione 3001 - 3100 di 4274 CVE per Gennaio 2025 (Pagina 31 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-49748 | 2025-01-21 | In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges... |
| CVE-2024-49749 | 2025-01-21 | In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed.... |
| CVE-2024-13091 | 2025-01-21 | WPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload |
| CVE-2023-36998 | 2025-01-22 | The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing... |
| CVE-2023-37002 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication`... |
| CVE-2023-37003 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Setup Response`... |
| CVE-2023-37004 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup... |
| CVE-2023-37005 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup... |
| CVE-2023-37006 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack`... |
| CVE-2023-37007 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message... |
| CVE-2023-37008 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid... |
| CVE-2023-37009 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message... |
| CVE-2023-37010 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer`... |
| CVE-2023-37011 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message... |
| CVE-2023-37012 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message`... |
| CVE-2023-37013 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an... |
| CVE-2023-37014 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release... |
| CVE-2023-37015 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request`... |
| CVE-2023-37016 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification... |
| CVE-2023-37017 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message... |
| CVE-2023-37018 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info... |
| CVE-2023-37019 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message... |
| CVE-2023-37020 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release... |
| CVE-2023-37021 | 2025-01-22 | Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification... |
| CVE-2023-37022 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker... |
| CVE-2023-37023 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly... |
| CVE-2023-37777 | 2025-01-22 | A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint parameter allowing... |
| CVE-2024-24429 | 2025-01-22 | A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. |
| CVE-2024-24430 | 2025-01-22 | A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. |
| CVE-2024-24432 | 2025-01-22 | A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. |
| CVE-2024-34235 | 2025-01-22 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message`... |
| CVE-2024-42012 | 2025-01-22 | GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows... |
| CVE-2024-42013 | 2025-01-22 | In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or... |
| CVE-2024-55488 | 2025-01-22 | A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the... |
| CVE-2024-55957 | 2025-01-22 | In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper... |
| CVE-2024-56914 | 2025-01-22 | D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp. |
| CVE-2024-56923 | 2025-01-22 | Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 <= 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is... |
| CVE-2024-56924 | 2025-01-22 | A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized... |
| CVE-2025-22980 | 2025-01-22 | A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php. |
| CVE-2025-0625 | 2025-01-22 | CampCodes School Management Software Attachment resource injection |
| CVE-2025-23083 | 2025-01-22 | With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal... |
| CVE-2024-13426 | 2025-01-22 | WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting |
| CVE-2024-13584 | 2025-01-22 | Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.19 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13590 | 2025-01-22 | Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11218 | 2025-01-22 | Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile |
| CVE-2024-12879 | 2025-01-22 | WPBot Pro Wordpress Chatbot <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation |
| CVE-2025-20617 | 2025-01-22 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs in to the affected product... |
| CVE-2025-22450 | 2025-01-22 | Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports. |
| CVE-2025-23237 | 2025-01-22 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If a user logs in to CLI of the... |
| CVE-2024-13406 | 2025-01-22 | XML for Google Merchant Center <= 3.0.11 - Reflected Cross-Site Scripting |
| CVE-2024-12857 | 2025-01-22 | AdForest <= 5.1.8 - Authentication Bypass |
| CVE-2024-12117 | 2025-01-22 | Stackable – Page Builder Gutenberg Blocks <= 3.13.11 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13361 | 2025-01-22 | AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2024-13360 | 2025-01-22 | AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery |
| CVE-2025-0428 | 2025-01-22 | AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts |
| CVE-2024-13319 | 2025-01-22 | Themify Builder <= 7.6.5 - Reflected Cross-Site Scripting |
| CVE-2025-0429 | 2025-01-22 | AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms |
| CVE-2022-23439 | 2025-01-22 | A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before... |
| CVE-2024-13495 | 2025-01-22 | GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function |
| CVE-2024-13499 | 2025-01-22 | GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function |
| CVE-2024-13447 | 2025-01-22 | WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval |
| CVE-2024-13496 | 2025-01-22 | GamiPress <= 7.3.1 - Unauthenticated SQL Injection via orderby Parameter |
| CVE-2025-0395 | 2025-01-22 | When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which... |
| CVE-2025-24027 | 2025-01-22 | ps_contactinfo has potential XSS due to usage of the nofilter tag in template |
| CVE-2025-23495 | 2025-01-22 | WordPress WooCommerce Order Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23498 | 2025-01-22 | WordPress Translation.Pro plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23500 | 2025-01-22 | WordPress Simple Custom post type custom field plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23503 | 2025-01-22 | WordPress Customizable Captcha and Contact us plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23507 | 2025-01-22 | WordPress Blrt WP Embed plugin <= 1.6.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23509 | 2025-01-22 | WordPress HyperComments plugin <= 0.9.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23512 | 2025-01-22 | WordPress Team 118GROUP Agent plugin <= 1.6.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-23535 | 2025-01-22 | WordPress REAL WordPress Sidebar plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23548 | 2025-01-22 | WordPress Responsivity plugin <= 0.0.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23562 | 2025-01-22 | WordPress XLSXviewer plugin <= 2.1.1 - Arbitrary File Deletion vulnerability |
| CVE-2025-23578 | 2025-01-22 | WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23583 | 2025-01-22 | WordPress Explara Membership plugin <= 0.0.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23589 | 2025-01-22 | WordPress ContentOptin Lite plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23592 | 2025-01-22 | WordPress dForms plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23597 | 2025-01-22 | WordPress Rio Photo Gallery plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23601 | 2025-01-22 | WordPress Tab My Content plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23602 | 2025-01-22 | WordPress EELV Newsletter plugin <= 4.8.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23603 | 2025-01-22 | WordPress Group category creator plugin <= 1.3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23604 | 2025-01-22 | WordPress Rezdy Reloaded plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23605 | 2025-01-22 | WordPress Call To Action Popup plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23606 | 2025-01-22 | WordPress Calendi plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23607 | 2025-01-22 | WordPress CAMOO SMS plugin <= 3.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23609 | 2025-01-22 | WordPress Tagesteller plugin <= v.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23610 | 2025-01-22 | WordPress Ultimate Events plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23611 | 2025-01-22 | WordPress WH Cache & Security plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23625 | 2025-01-22 | WordPress Unique UX plugin <= 0.9.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23630 | 2025-01-22 | WordPress Cyber Slider plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23631 | 2025-01-22 | WordPress Content Planner plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23672 | 2025-01-22 | WordPress Instant Appointment plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23674 | 2025-01-22 | WordPress Bit.ly linker plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23676 | 2025-01-22 | WordPress LH Email plugin <= 1.12 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23678 | 2025-01-22 | WordPress LocalGrid plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23679 | 2025-01-22 | WordPress FP RSS Category Excluder plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23681 | 2025-01-22 | WordPress REDIRECTION PLUS plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23682 | 2025-01-22 | WordPress Preloader Quotes plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23683 | 2025-01-22 | WordPress MACME plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability |