Lista CVE - 2025 / Gennaio
Visualizzazione 4101 - 4200 di 4274 CVE per Gennaio 2025 (Pagina 42 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-0572 | 2025-01-30 | Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability |
| CVE-2025-0574 | 2025-01-30 | Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability |
| CVE-2024-11609 | 2025-01-30 | AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-11610 | 2025-01-30 | AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2024-11611 | 2025-01-30 | AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-0880 | 2025-01-30 | Codezips Gym Management System updateplan.php sql injection |
| CVE-2025-0881 | 2025-01-30 | Codezips Gym Management System saveroutine.php sql injection |
| CVE-2025-0882 | 2025-01-30 | code-projects Chat System addnewmember.php sql injection |
| CVE-2025-24886 | 2025-01-30 | pwn.college has Symlink LFI in Dojo repos |
| CVE-2025-24885 | 2025-01-30 | pwn.college has a XSS on dojo pages |
| CVE-2024-24731 | 2025-01-30 | Silicon Labs Gecko OS http_download Stack-based Buffer Overflow |
| CVE-2024-23973 | 2025-01-30 | Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow |
| CVE-2024-23968 | 2025-01-30 | ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow |
| CVE-2024-23969 | 2025-01-30 | ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write |
| CVE-2024-23970 | 2025-01-30 | ChargePoint Home Flex Improper Certificate Validation |
| CVE-2024-23971 | 2025-01-30 | ChargePoint Home Flex OCPP bswitch Command Injection |
| CVE-2024-1211 | 2025-01-30 | Cross-Site Request Forgery (CSRF) in GitLab |
| CVE-2023-6195 | 2025-01-30 | Server-Side Request Forgery (SSRF) in GitLab |
| CVE-2024-23962 | 2025-01-30 | Alpine Halo9 Missing Authentication |
| CVE-2024-23963 | 2025-01-30 | Alpine Halo9 Stack-based Buffer Overflow |
| CVE-2024-42671 | 2025-01-31 | A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote attacker to redirect users to a malicious website, leading to potential credential theft, malware distribution,... |
| CVE-2024-47857 | 2025-01-31 | SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A"... |
| CVE-2024-52875 | 2025-01-31 | An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being... |
| CVE-2024-53007 | 2025-01-31 | Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call. |
| CVE-2024-53319 | 2025-01-31 | A heap buffer overflow in the XML Text Escaping component of Qualisys C++ SDK commit a32a21a allows attackers to cause Denial of Service (DoS) via escaping special XML characters. |
| CVE-2024-53320 | 2025-01-31 | Qualisys C++ SDK commit a32a21a was discovered to contain multiple stack buffer overflows via the GetCurrentFrame, SaveCapture, and LoadProject functions. |
| CVE-2024-53354 | 2025-01-31 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) user parameter to /api/management/findfilterlist; the... |
| CVE-2024-53355 | 2025-01-31 | Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias... |
| CVE-2024-53356 | 2025-01-31 | Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is... |
| CVE-2024-53357 | 2025-01-31 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route;... |
| CVE-2024-53537 | 2025-01-31 | An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager. |
| CVE-2024-53582 | 2025-01-31 | An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request. |
| CVE-2024-53584 | 2025-01-31 | OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter. |
| CVE-2024-55062 | 2025-01-31 | Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/. |
| CVE-2024-57432 | 2025-01-31 | macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent... |
| CVE-2024-57433 | 2025-01-31 | macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state. |
| CVE-2024-57434 | 2025-01-31 | macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator. |
| CVE-2024-57435 | 2025-01-31 | In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which... |
| CVE-2024-57587 | 2025-01-31 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter... |
| CVE-2025-22957 | 2025-01-31 | A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability could potentially allow attackers to gain... |
| CVE-2025-22994 | 2025-01-31 | O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings. |
| CVE-2025-23001 | 2025-01-31 | A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in... |
| CVE-2024-23930 | 2025-01-31 | Pioneer DMH-WT7600NEX Media Service Improper Handling of Exceptional Conditions |
| CVE-2025-24336 | 2025-01-31 | SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed. |
| CVE-2024-23937 | 2025-01-31 | Silicon Labs Gecko OS Debug Interface Format String |
| CVE-2024-23928 | 2025-01-31 | Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation |
| CVE-2024-23929 | 2025-01-31 | Pioneer DMH-WT7600NEX Telematics Directory Traversal |
| CVE-2024-23920 | 2025-01-31 | ChargePoint Home Flex Improper Access Control |
| CVE-2024-23921 | 2025-01-31 | ChargePoint Home Flex Command Injection |
| CVE-2022-28653 | 2025-01-31 | Users can consume unlimited disk space in /var/crash |
| CVE-2020-11936 | 2025-01-31 | gdbus setgid privilege escalation |
| CVE-2022-1736 | 2025-01-31 | Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default. |
| CVE-2023-0092 | 2025-01-31 | An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. |
| CVE-2024-13399 | 2025-01-31 | Gosign – Posts Slider Block <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13767 | 2025-01-31 | Live2DWebCanvas <= 1.9.11 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2024-13396 | 2025-01-31 | Frictionless <= 0.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13397 | 2025-01-31 | WPRadio – WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-46974 | 2025-01-31 | GPU DDK - Arbitrary write of read-only dmabuf |
| CVE-2024-47891 | 2025-01-31 | GPU DDK - Exploitable double free on PTL_STREAM_DESC object in the kernel function TLServerCloseStreamKM due to a race condition |
| CVE-2024-47898 | 2025-01-31 | GPU DDK - PVRSRVDeviceSyncOpen use-after-free condition |
| CVE-2024-47899 | 2025-01-31 | GPU DDK - PVRSRVDeviceServicesOpen use-after-free condition |
| CVE-2024-47900 | 2025-01-31 | GPU DDK - Multiple integer overflow in DmaTransfer PMR_DevPhysAddr functions leading to OOB writes |
| CVE-2024-13463 | 2025-01-31 | SeatReg <= 1.56.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-0470 | 2025-01-31 | Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter |
| CVE-2025-0507 | 2025-01-31 | Ticketmeo – Sell Tickets – Event Ticketing <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-0493 | 2025-01-31 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion |
| CVE-2024-10867 | 2025-01-31 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload |
| CVE-2024-13216 | 2025-01-31 | HT Event – WordPress Event Manager Plugin for Elementor <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor |
| CVE-2025-0809 | 2025-01-31 | Link Fixer <= 3.4 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-11886 | 2025-01-31 | Contact Form and Calls To Action by vcita <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13717 | 2025-01-31 | Contact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Toggle |
| CVE-2024-13504 | 2025-01-31 | Shared Files – Frontend File Upload Form & Secure File Sharing <= 1.7.42 - Limited Unauthenticated Stored Cross-Site Scripting via File Upload |
| CVE-2024-13415 | 2025-01-31 | Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-13424 | 2025-01-31 | Ni Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission Update |
| CVE-2025-22216 | 2025-01-31 | CVE-2025-22216 UAA Missing Zone Validation |
| CVE-2024-12275 | 2025-01-31 | CanvasFlow <= 1.5.5 - Reflected XSS |
| CVE-2024-12772 | 2025-01-31 | Ninja Tables < 5.0.17 - Admin+ Stored XSS |
| CVE-2024-12872 | 2025-01-31 | Zalomení <= 1.5 - Admin+ Stored XSS |
| CVE-2024-13100 | 2025-01-31 | Woo UPS Pickup <= 2.6.3 - Reflected XSS |
| CVE-2024-13101 | 2025-01-31 | WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS |
| CVE-2024-13112 | 2025-01-31 | WP MediaTagger <= 4.1.1 - Reflected XSS |
| CVE-2024-13218 | 2025-01-31 | Fast Tube <= 2.3.1 - Reflected XSS |
| CVE-2024-13219 | 2025-01-31 | Policy Genius <= 2.0.4 - Reflected XSS |
| CVE-2024-13220 | 2025-01-31 | Google Map Professional <= 1.0 - Reflected XSS |
| CVE-2024-13221 | 2025-01-31 | Fantastic Elasticsearch <= 4.1.0 - Reflected XSS |
| CVE-2024-13222 | 2025-01-31 | User Messages <= 1.2.4 - Reflected XSS |
| CVE-2024-13223 | 2025-01-31 | Tabulate <= 2.10.3 - Reflected XSS |
| CVE-2024-13224 | 2025-01-31 | SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS |
| CVE-2024-13225 | 2025-01-31 | ECT Home Page Products <= 1.9 - Reflected XSS |
| CVE-2024-13226 | 2025-01-31 | A5 Custom Login Page <= 2.8.1 - Reflected XSS |
| CVE-2024-13623 | 2025-01-31 | Order Export for WooCommerce <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2024-13530 | 2025-01-31 | Custom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session Termination |
| CVE-2024-13157 | 2025-01-31 | MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Podcast RSS Feed |
| CVE-2024-13566 | 2025-01-31 | WP DataTable <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-44055 | 2025-01-31 | WordPress Oshine Modules plugin < 3.3.6 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-22265 | 2025-01-31 | WordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerability |
| CVE-2025-22332 | 2025-01-31 | WordPress CloudFlare(R) Cache Purge plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22341 | 2025-01-31 | WordPress Hide Login+ plugin <= 3.5.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22564 | 2025-01-31 | WordPress Pretty Url Plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22720 | 2025-01-31 | WordPress WpRently | WordPress plugin plugin <= 2.2.1 - Broken Access Control vulnerability |