Lista CVE - 2025 / Gennaio
Visualizzazione 801 - 900 di 4277 CVE per Gennaio 2025 (Pagina 9 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-22354 | 2025-01-07 | WordPress Digi Store theme <= 1.1.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-12429 | 2025-01-07 | An attacker who successfully exploited these vulnerabilities could grant read... |
| CVE-2025-22334 | 2025-01-07 | WordPress Education LMS theme <= 0.0.7 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22319 | 2025-01-07 | WordPress MashShare plugin <= 4.0.47 - Broken Access Control vulnerability |
| CVE-2025-22296 | 2025-01-07 | WordPress Hash Elements plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22363 | 2025-01-07 | WordPress Allada T-shirt Designer for Woocommerce plugin <= 1.1 - Broken Access Control vulnerability |
| CVE-2025-22306 | 2025-01-07 | WordPress Link Whisper Free plugin <= 0.7.7 - Sensitive Data Exposure vulnerability |
| CVE-2025-0300 | 2025-01-07 | code-projects Online Book Shop subcat.php sql injection |
| CVE-2024-54006 | 2025-01-07 | Authenticated Remote Command Injection Vulnerability in the Web Interface of a 501 Wireless Client Bridge |
| CVE-2024-54007 | 2025-01-07 | Authenticated Remote Command Injection Vulnerability in the Web Interface of a 501 Wireless Client Bridge |
| CVE-2025-0301 | 2025-01-07 | code-projects Online Book Shop subcat.php cross site scripting |
| CVE-2025-0218 | 2025-01-07 | pgAgent scheduled batch job scripts are created in a predictable temporary directory potentially allowing a denial of service |
| CVE-2025-22132 | 2025-01-07 | WeGIA has a Cross-Site Scripting (XSS) in File Upload Field |
| CVE-2025-22133 | 2025-01-07 | WeGIA Allows Arbitrary File Upload with Remote Code Execution (RCE) |
| CVE-2018-4301 | 2025-01-07 | This issue is fixed in SCSSU-201801. A potential stack based... |
| CVE-2024-51442 | 2025-01-08 | Command Injection in Minidlna version v1.3.3 and before allows an... |
| CVE-2024-54731 | 2025-01-08 | cpdf through 2.8 allows stack consumption via a crafted PDF... |
| CVE-2024-54818 | 2025-01-08 | SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect... |
| CVE-2024-55459 | 2025-01-08 | An issue in keras 3.7.0 allows attackers to write arbitrary... |
| CVE-2024-55517 | 2025-01-08 | An issue was discovered in the Interllect Core Search in... |
| CVE-2024-50603 | 2025-01-08 | An issue was discovered in Aviatrix Controller before 7.1.4191 and... |
| CVE-2024-52869 | 2025-01-08 | Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise... |
| CVE-2024-53526 | 2025-01-08 | composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude,... |
| CVE-2024-40679 | 2025-01-08 | IBM Db2 information disclosure |
| CVE-2024-56434 | 2025-01-08 | UAF vulnerability in the device node access module Impact: Successful... |
| CVE-2024-56435 | 2025-01-08 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful... |
| CVE-2024-56436 | 2025-01-08 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful... |
| CVE-2023-52953 | 2025-01-08 | Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation... |
| CVE-2023-52954 | 2025-01-08 | Vulnerability of improper permission control in the Gallery module Impact:... |
| CVE-2024-47239 | 2025-01-08 | Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled... |
| CVE-2023-52955 | 2025-01-08 | Vulnerability of improper authentication in the ANS system service module... |
| CVE-2024-56437 | 2025-01-08 | Vulnerability of input parameters not being verified in the widget... |
| CVE-2024-56438 | 2025-01-08 | Vulnerability of improper memory address protection in the HUKS module... |
| CVE-2024-56439 | 2025-01-08 | Access control vulnerability in the identity authentication module Impact: Successful... |
| CVE-2024-56440 | 2025-01-08 | Permission control vulnerability in the Connectivity module Impact: Successful exploitation... |
| CVE-2024-56441 | 2025-01-08 | Race condition vulnerability in the Bastet module Impact: Successful exploitation... |
| CVE-2024-56442 | 2025-01-08 | Vulnerability of native APIs not being implemented in the NFC... |
| CVE-2024-54120 | 2025-01-08 | Race condition vulnerability in the distributed notification module Impact: Successful... |
| CVE-2024-56443 | 2025-01-08 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful... |
| CVE-2024-56444 | 2025-01-08 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful... |
| CVE-2024-47934 | 2025-01-08 | TXOne Networks Portable Inspector Management Program Improper Input Validation Vulnerability |
| CVE-2024-56445 | 2025-01-08 | Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful... |
| CVE-2024-56446 | 2025-01-08 | Vulnerability of variables not being initialized in the notification module... |
| CVE-2024-56447 | 2025-01-08 | Vulnerability of improper permission control in the window management module... |
| CVE-2024-56448 | 2025-01-08 | Vulnerability of improper access control in the home screen widget... |
| CVE-2024-56449 | 2025-01-08 | Privilege escalation vulnerability in the Account module Impact: Successful exploitation... |
| CVE-2024-56450 | 2025-01-08 | Buffer overflow vulnerability in the component driver module Impact: Successful... |
| CVE-2024-56451 | 2025-01-08 | Integer overflow vulnerability during glTF model loading in the 3D... |
| CVE-2024-56452 | 2025-01-08 | Vulnerability of input parameters not being verified during glTF model... |
| CVE-2024-12521 | 2025-01-08 | Slotti Ajanvaraus <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12713 | 2025-01-08 | SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure |
| CVE-2024-11916 | 2025-01-08 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-12112 | 2025-01-08 | Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-11816 | 2025-01-08 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution |
| CVE-2024-56453 | 2025-01-08 | Vulnerability of input parameters not being verified during glTF model... |
| CVE-2024-56454 | 2025-01-08 | Vulnerability of input parameters not being verified during glTF model... |
| CVE-2024-56455 | 2025-01-08 | Vulnerability of input parameters not being verified during glTF model... |
| CVE-2024-56456 | 2025-01-08 | Vulnerability of input parameters not being verified during glTF model... |
| CVE-2024-54121 | 2025-01-08 | Startup control vulnerability in the ability module Impact: Successful exploitation... |
| CVE-2025-21603 | 2025-01-08 | Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and... |
| CVE-2024-12205 | 2025-01-08 | Themesflat Addons For Elementor <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11271 | 2025-01-08 | WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates |
| CVE-2024-12030 | 2025-01-08 | MDTF – Meta Data and Taxonomies Filter <= 1.3.3.5 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-11270 | 2025-01-08 | WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation |
| CVE-2024-10585 | 2025-01-08 | InfiniteWP Client <= 1.13.0 - Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading |
| CVE-2024-10151 | 2025-01-08 | Auto iFrame < 2.0 - Contributor+ XSS via Shortcode |
| CVE-2024-12585 | 2025-01-08 | PropertyHive < 2.1.1 - Reflected XSS |
| CVE-2024-11613 | 2025-01-08 | WordPress File Upload <= 4.24.15 - Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion |
| CVE-2024-12851 | 2025-01-08 | Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12852 | 2025-01-08 | Happy Addons for Elementor <= 3.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12584 | 2025-01-08 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post Duplication |
| CVE-2025-22215 | 2025-01-08 | VMSA-2025-0001: VMware Aria automation update addresses a server side request forgery vulnerability (CVE-2025-22215) |
| CVE-2024-8002 | 2025-01-08 | VIWIS LMS File Upload cross site scripting |
| CVE-2024-12045 | 2025-01-08 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-11635 | 2025-01-08 | WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution |
| CVE-2024-13173 | 2025-01-08 | Health information leakage vulnerability |
| CVE-2024-13185 | 2025-01-08 | MinigameCenter module information leakage vulnerability |
| CVE-2024-12328 | 2025-01-08 | MAS Elementor <= 1.1.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG |
| CVE-2024-11350 | 2025-01-08 | AdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover |
| CVE-2024-9939 | 2025-01-08 | WordPress File Upload <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php |
| CVE-2024-11939 | 2025-01-08 | Cost Calculator Builder PRO <= 3.2.15 - Unauthenticated SQL Injection via data |
| CVE-2024-12855 | 2025-01-08 | AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Attachment Deletion |
| CVE-2024-13186 | 2025-01-08 | MinigameCenter information leakage vulnerability |
| CVE-2024-54676 | 2025-01-08 | Apache OpenMeetings: Deserialisation of untrusted data in cluster mode |
| CVE-2024-45033 | 2025-01-08 | Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli |
| CVE-2024-12712 | 2025-01-08 | Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates |
| CVE-2024-12854 | 2025-01-08 | Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload |
| CVE-2024-12853 | 2025-01-08 | Modula Image Gallery <= 2.11.10 - Authenticated (Author+) Arbitrary File Upload |
| CVE-2024-11423 | 2025-01-08 | Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch |
| CVE-2024-11830 | 2025-01-08 | Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12337 | 2025-01-08 | Shipping via Planzer for WooCommerce <= 1.0.25 - Reflected Cross-Site Scripting via processed-ids |
| CVE-2025-21102 | 2025-01-08 | Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage... |
| CVE-2024-51480 | 2025-01-08 | RedisTimeSeries Integer Overflow Remote Code Execution Vulnerability |
| CVE-2024-51737 | 2025-01-08 | RediSearch Integer Overflow with LIMIT or KNN arguments can lead to RCE |
| CVE-2024-55656 | 2025-01-08 | RedisBloom Integer Overflow Remote Code Execution Vulnerability |
| CVE-2025-22130 | 2025-01-08 | Soft Serve allows path traversal attacks |
| CVE-2025-22136 | 2025-01-08 | Tabby has a TCC Bypass via Misconfigured Node Fuses |
| CVE-2025-22137 | 2025-01-08 | Arbitrary File Overwrite via HTTP POST in Pingvin Share |
| CVE-2025-20123 | 2025-01-08 | Cisco Crosswork Network Controller Stored Cross-Site Scripting Vulnerability |
| CVE-2025-20126 | 2025-01-08 | Cisco ThousandEyes Endpoint Agent Certificate Validation Vulnerability |