Lista CVE - 2025 / Gennaio
Visualizzazione 2601 - 2700 di 4277 CVE per Gennaio 2025 (Pagina 27 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-13432 | 2025-01-18 | Webcamconsult <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-0515 | 2025-01-18 | Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option Update |
| CVE-2024-13317 | 2025-01-18 | ShipWorks Connector for Woocommerce <= 5.2.5 - Cross-Site Request Forgery to Service Password/Username Update |
| CVE-2024-13519 | 2025-01-18 | MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 1.9.80 - Authenticated (Shop Manager+) Stored Cross-Site Scripting |
| CVE-2024-12385 | 2025-01-18 | WP Abstracts <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-13517 | 2025-01-18 | Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Title |
| CVE-2024-13385 | 2025-01-18 | JSM Screenshot Machine Shortcode <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12696 | 2025-01-18 | Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via videowhisper_picture_upload_guest Shortcode |
| CVE-2025-0369 | 2025-01-18 | Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter |
| CVE-2024-13393 | 2025-01-18 | Video Share VOD – Turnkey Video Site Builder Script <= 2.6.31 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13433 | 2025-01-18 | Utilities for MTG <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13392 | 2025-01-18 | Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13184 | 2025-01-18 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.12 - Unauthenticated SQL Injection via Login Attempts Module |
| CVE-2024-13375 | 2025-01-18 | Adifier System <= 3.1.7 - Unauthenticated Arbitrary Password Reset |
| CVE-2025-0557 | 2025-01-18 | Hyland Alfresco Community Edition URL s cross site scripting |
| CVE-2025-0558 | 2025-01-18 | TDuckCloud tduck-platform QueryProThemeRequest.java QueryProThemeRequest sql injection |
| CVE-2025-0559 | 2025-01-18 | Campcodes School Management Software Create Id Card Page create-id-card cross site scripting |
| CVE-2024-49338 | 2025-01-18 | IBM App Connect Enterprise information disclosure |
| CVE-2025-0560 | 2025-01-18 | CampCodes School Management Software Photo Gallery Page photo-gallery cross site scripting |
| CVE-2024-51448 | 2025-01-18 | IBM Robotic Process Automation privilege escalation |
| CVE-2024-49824 | 2025-01-18 | IBM Robotic Process Automation security bypass |
| CVE-2024-49354 | 2025-01-18 | IBM Concert information disclosure |
| CVE-2024-47113 | 2025-01-18 | IBM ICP - Voice Gateway XML injection |
| CVE-2024-47106 | 2025-01-18 | IBM Jazz for Service Management information disclosure |
| CVE-2024-45662 | 2025-01-18 | IBM Safer Payments denial of service |
| CVE-2025-0561 | 2025-01-18 | itsourcecode Farm Management System add-pig.php sql injection |
| CVE-2025-0562 | 2025-01-19 | Codezips Gym Management System health_status_entry.php sql injection |
| CVE-2025-0563 | 2025-01-19 | code-projects Fantasy-Cricket update.php sql injection |
| CVE-2024-45654 | 2025-01-19 | IBM Security ReaQta improper input validation |
| CVE-2024-45653 | 2025-01-19 | IBM Sterling Connect:Direct Web Services information disclosure |
| CVE-2024-45652 | 2025-01-19 | IBM Maximo Asset Management directory traversal |
| CVE-2025-0564 | 2025-01-19 | code-projects Fantasy-Cricket authenticate.php sql injection |
| CVE-2024-8722 | 2025-01-19 | WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2025-0565 | 2025-01-19 | ZZCMS index.php sql injection |
| CVE-2025-0566 | 2025-01-19 | Tenda AC15 SetDevNetName formSetDevNetName stack-based overflow |
| CVE-2025-0567 | 2025-01-19 | Epic Games Launcher Installer profapi.dll untrusted search path |
| CVE-2025-21631 | 2025-01-19 | block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() |
| CVE-2025-21632 | 2025-01-19 | x86/fpu: Ensure shadow stack is active before "getting" registers |
| CVE-2025-21634 | 2025-01-19 | cgroup/cpuset: remove kernfs active break |
| CVE-2025-21635 | 2025-01-19 | rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy |
| CVE-2025-21636 | 2025-01-19 | sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy |
| CVE-2025-21637 | 2025-01-19 | sctp: sysctl: udp_port: avoid using current->nsproxy |
| CVE-2025-21638 | 2025-01-19 | sctp: sysctl: auth_enable: avoid using current->nsproxy |
| CVE-2025-21639 | 2025-01-19 | sctp: sysctl: rto_min/max: avoid using current->nsproxy |
| CVE-2025-21640 | 2025-01-19 | sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy |
| CVE-2025-21641 | 2025-01-19 | mptcp: sysctl: blackhole timeout: avoid using current->nsproxy |
| CVE-2025-21642 | 2025-01-19 | mptcp: sysctl: sched: avoid using current->nsproxy |
| CVE-2025-21643 | 2025-01-19 | netfs: Fix kernel async DIO |
| CVE-2025-21644 | 2025-01-19 | drm/xe: Fix tlb invalidation when wedging |
| CVE-2025-21645 | 2025-01-19 | platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it |
| CVE-2025-21646 | 2025-01-19 | afs: Fix the maximum cell name length |
| CVE-2025-21647 | 2025-01-19 | sched: sch_cake: add bounds checks to host bulk flow fairness counts |
| CVE-2025-21648 | 2025-01-19 | netfilter: conntrack: clamp maximum hashtable size to INT_MAX |
| CVE-2025-21649 | 2025-01-19 | net: hns3: fix kernel crash when 1588 is sent on HIP08 devices |
| CVE-2025-21650 | 2025-01-19 | net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue |
| CVE-2025-21651 | 2025-01-19 | net: hns3: don't auto enable misc vector |
| CVE-2025-21652 | 2025-01-19 | ipvlan: Fix use-after-free in ipvlan_get_iflink(). |
| CVE-2025-21653 | 2025-01-19 | net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute |
| CVE-2025-21654 | 2025-01-19 | ovl: support encoding fid from inode with no alias |
| CVE-2024-57904 | 2025-01-19 | iio: adc: at91: call input_free_device() on allocated iio_dev |
| CVE-2024-57905 | 2025-01-19 | iio: adc: ti-ads1119: fix information leak in triggered buffer |
| CVE-2024-57906 | 2025-01-19 | iio: adc: ti-ads8688: fix information leak in triggered buffer |
| CVE-2024-57907 | 2025-01-19 | iio: adc: rockchip_saradc: fix information leak in triggered buffer |
| CVE-2024-57908 | 2025-01-19 | iio: imu: kmx61: fix information leak in triggered buffer |
| CVE-2024-57909 | 2025-01-19 | iio: light: bh1745: fix information leak in triggered buffer |
| CVE-2024-57910 | 2025-01-19 | iio: light: vcnl4035: fix information leak in triggered buffer |
| CVE-2024-57911 | 2025-01-19 | iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer |
| CVE-2024-57912 | 2025-01-19 | iio: pressure: zpa2326: fix information leak in triggered buffer |
| CVE-2024-57913 | 2025-01-19 | usb: gadget: f_fs: Remove WARN_ON in functionfs_bind |
| CVE-2024-57914 | 2025-01-19 | usb: typec: tcpci: fix NULL pointer issue on shared irq case |
| CVE-2024-57916 | 2025-01-19 | misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling |
| CVE-2024-57917 | 2025-01-19 | topology: Keep the cpumask unchanged when printing cpumap |
| CVE-2024-57918 | 2025-01-19 | drm/amd/display: fix page fault due to max surface definition mismatch |
| CVE-2024-57919 | 2025-01-19 | drm/amd/display: fix divide error in DM plane scale calcs |
| CVE-2024-57920 | 2025-01-19 | drm/amdkfd: wq_release signals dma_fence only when available |
| CVE-2024-57921 | 2025-01-19 | drm/amdgpu: Add a lock when accessing the buddy trim function |
| CVE-2024-57922 | 2025-01-19 | drm/amd/display: Add check for granularity in dml ceil/floor helpers |
| CVE-2024-57923 | 2025-01-19 | btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path |
| CVE-2024-57924 | 2025-01-19 | fs: relax assertions on failure to encode file handles |
| CVE-2024-57925 | 2025-01-19 | ksmbd: fix a missing return value check bug |
| CVE-2024-57926 | 2025-01-19 | drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err |
| CVE-2024-57927 | 2025-01-19 | nfs: Fix oops in nfs_netfs_init_request() when copying to cache |
| CVE-2024-57928 | 2025-01-19 | netfs: Fix enomem handling in buffered reads |
| CVE-2024-57929 | 2025-01-19 | dm array: fix releasing a faulty array block twice in dm_array_cursor_end |
| CVE-2024-38337 | 2025-01-19 | IBM Sterling Secure Proxy improper input validation |
| CVE-2024-41783 | 2025-01-19 | IBM Sterling Secure Proxy improper input validation |
| CVE-2024-41743 | 2025-01-19 | IBM TXSeries for Multiplatforms denial of service |
| CVE-2024-41742 | 2025-01-19 | IBM TXSeries for Multiplatforms denial of service |
| CVE-2025-0575 | 2025-01-19 | Union Bank of India Vyom Rooting Detection protection mechanism |
| CVE-2025-0576 | 2025-01-19 | Mobotix M15 player cross site scripting |
| CVE-2025-24337 | 2025-01-20 | WriteFreely through 0.15.1, when MySQL is used, allows local users... |
| CVE-2025-0578 | 2025-01-20 | Facile Sistemas Cloud Apps Password Reset forgotpassword cross site scripting |
| CVE-2025-0583 | 2025-01-20 | aEnrich Technology a+HRD - Reflected Cross-site Scripting(XSS) |
| CVE-2024-13524 | 2025-01-20 | obsproject OBS Studio untrusted search path |
| CVE-2025-0584 | 2025-01-20 | aEnrich Technology a+HRD - Server-Side Request Forgery (SSRF) |
| CVE-2025-0585 | 2025-01-20 | aEnrich Technology a+HRD - SQL Injection |
| CVE-2025-0586 | 2025-01-20 | aEnrich Technology a+HRD - Insecure Deserialization |
| CVE-2025-0579 | 2025-01-20 | Shiprocket Module REST API Module restapi sql injection |
| CVE-2025-0580 | 2025-01-20 | Shiprocket Module REST API Module rest_api authorization |
| CVE-2025-0581 | 2025-01-20 | CampCodes School Management Software Chat History send cross site scripting |