Lista CVE - 2025 / Gennaio
Visualizzazione 201 - 300 di 4274 CVE per Gennaio 2025 (Pagina 3 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-55538 | 2025-01-02 | Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736. |
| CVE-2024-49385 | 2025-01-02 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736. |
| CVE-2023-48739 | 2025-01-02 | WordPress Porto Theme Functionality plugin < 2.12.1 - Broken Access Control vulnerability |
| CVE-2023-47807 | 2025-01-02 | WordPress 10WebAnalytics plugin <= 1.2.12 - Broken Access Control vulnerability |
| CVE-2023-47778 | 2025-01-02 | WordPress LuckyWP Scripts Control plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2022-43476 | 2025-01-02 | WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to Broken Access Control |
| CVE-2024-56137 | 2025-01-02 | MaxKB RCE vulnerability in function library |
| CVE-2022-49035 | 2025-01-02 | media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE |
| CVE-2022-41995 | 2025-01-02 | WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Broken Access Control |
| CVE-2023-45633 | 2025-01-02 | WordPress IMPress Listings plugin <= 2.6.2 - Broken Access Control vulnerability |
| CVE-2023-45272 | 2025-01-02 | WordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal Vulnerability |
| CVE-2023-40327 | 2025-01-02 | WordPress Putler Connector for WooCommerce plugin <= 2.12.0 - Unauthenticated Broken Access Control vulnerability |
| CVE-2025-0171 | 2025-01-02 | code-projects Chat System deleteuser.php sql injection |
| CVE-2022-45830 | 2025-01-02 | WordPress Analytify - Google Analytics Dashboard plugin <= 4.2.3 - Privilege Escalation vulnerability |
| CVE-2023-39994 | 2025-01-02 | WordPress ARMember Premium plugin <= 5.9.2 - Broken Access Control |
| CVE-2023-32240 | 2025-01-02 | WordPress Woodmart theme <= 7.2.1 - Broken Access Control vulnerability |
| CVE-2023-23672 | 2025-01-02 | WordPress GiveWP plugin <= 2.25.1 - Arbitrary Content Deletion vulnerability |
| CVE-2022-47601 | 2025-01-02 | WordPress WP Table Manager plugin <= 3.5.2 - Broken Access Control |
| CVE-2022-45811 | 2025-01-02 | WordPress Post Teaser plugin <= 4.1.5 - Auth. Broken Access Control vulnerability |
| CVE-2024-55543 | 2025-01-02 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. |
| CVE-2024-55540 | 2025-01-02 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. |
| CVE-2024-56413 | 2025-01-02 | Missing session invalidation after user deletion. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. |
| CVE-2024-56414 | 2025-01-02 | Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. |
| CVE-2024-55542 | 2025-01-02 | Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect... |
| CVE-2024-55541 | 2025-01-02 | Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169. |
| CVE-2025-0172 | 2025-01-02 | code-projects Chat System deleteroom.php sql injection |
| CVE-2024-9950 | 2025-01-02 | Abuse of Unauthenticated Compliance Recheck in SecureConnector |
| CVE-2024-12907 | 2025-01-02 | XSS in Kentico 7 |
| CVE-2024-11716 | 2025-01-02 | While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset... |
| CVE-2024-11717 | 2025-01-02 | Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and... |
| CVE-2024-56199 | 2025-01-02 | phpMyFAQ Vulnerable to Stored HTML Injection at FAQ |
| CVE-2025-0173 | 2025-01-02 | SourceCodester Online Eyewear Shop view_order.php sql injection |
| CVE-2024-8447 | 2025-01-02 | Narayana: deadlock via multiple join requests sent to lra coordinator |
| CVE-2024-43077 | 2025-01-02 | In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-43097 | 2025-01-02 | In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-43762 | 2025-01-02 | In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. This could lead to local... |
| CVE-2024-43764 | 2025-01-02 | In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2024-43767 | 2025-01-02 | In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction... |
| CVE-2024-43768 | 2025-01-02 | In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-43769 | 2025-01-02 | In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local... |
| CVE-2024-35365 | 2025-01-03 | FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. |
| CVE-2024-36613 | 2025-01-03 | FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. |
| CVE-2024-48814 | 2025-01-03 | SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType parameter of the findbywhereclause function |
| CVE-2024-55078 | 2025-01-03 | An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-55507 | 2025-01-03 | An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component. |
| CVE-2025-22275 | 2025-01-03 | iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH... |
| CVE-2025-22376 | 2025-01-03 | In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong. |
| CVE-2025-0174 | 2025-01-03 | code-projects Point of Sales and Inventory Management System Parameter search_result2.php sql injection |
| CVE-2025-0175 | 2025-01-03 | code-projects Online Shop view.php cross site scripting |
| CVE-2025-0176 | 2025-01-03 | code-projects Point of Sales and Inventory Management System add_cart.php sql injection |
| CVE-2024-11624 | 2025-01-03 | there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-47032 | 2025-01-03 | In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-53833 | 2025-01-03 | In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-53834 | 2025-01-03 | In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2024-53835 | 2025-01-03 | there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not... |
| CVE-2024-53836 | 2025-01-03 | In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2024-53837 | 2025-01-03 | In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-53838 | 2025-01-03 | In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-53839 | 2025-01-03 | In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required.... |
| CVE-2024-53840 | 2025-01-03 | there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not... |
| CVE-2024-53841 | 2025-01-03 | In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... |
| CVE-2024-53842 | 2025-01-03 | In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2024-9138 | 2025-01-03 | Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances |
| CVE-2024-12132 | 2025-01-03 | WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference |
| CVE-2024-9140 | 2025-01-03 | Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers... |
| CVE-2024-5591 | 2025-01-03 | IBM Jazz Foundation information disclosure |
| CVE-2024-41780 | 2025-01-03 | IBM Jazz Foundation information disclosure |
| CVE-2024-56320 | 2025-01-03 | GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user |
| CVE-2024-56321 | 2025-01-03 | GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access |
| CVE-2024-56322 | 2025-01-03 | GoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionality |
| CVE-2024-56324 | 2025-01-03 | GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins |
| CVE-2024-56408 | 2025-01-03 | PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file |
| CVE-2024-56513 | 2025-01-03 | Karmada PULL Mode Cluster Privilege Escalation |
| CVE-2024-56514 | 2025-01-03 | Karmada Tar Slips in CRDs archive extraction |
| CVE-2025-21609 | 2025-01-03 | SiYuan has an arbitrary file deletion vulnerability |
| CVE-2025-21610 | 2025-01-03 | Trix allows Cross-site Scripting via `javascript:` url in a link |
| CVE-2024-56365 | 2025-01-03 | PhpSpreadsheet vulnerable to unauthorized reflected XSS in the constructor of the Downloader class |
| CVE-2024-56366 | 2025-01-03 | PhpSpreadsheet vulnerable to unauthorized reflected XSS in the Accounting.php file |
| CVE-2024-56409 | 2025-01-03 | PhpSpreadsheet vulnerable to unauthorized reflected XSS in Currency.php file |
| CVE-2024-56410 | 2025-01-03 | PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability in custom properties |
| CVE-2024-56411 | 2025-01-03 | PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header |
| CVE-2024-56412 | 2025-01-03 | PhpSpreadsheet vulnerable to bypass of the XSS sanitizer using the javascript protocol and special characters |
| CVE-2025-0195 | 2025-01-03 | code-projects Point of Sales and Inventory Management System del_product.php sql injection |
| CVE-2025-0196 | 2025-01-03 | code-projects Point of Sales and Inventory Management System plist.php sql injection |
| CVE-2025-0197 | 2025-01-03 | code-projects Point of Sales and Inventory Management System search.php sql injection |
| CVE-2024-56332 | 2025-01-03 | Next.js Vulnerable to Denial of Service (DoS) with Server Actions |
| CVE-2025-0198 | 2025-01-03 | code-projects Point of Sales and Inventory Management System search_result.php sql injection |
| CVE-2024-13129 | 2025-01-03 | Roxy-WI roxy.py action_service os command injection |
| CVE-2024-12237 | 2025-01-03 | Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.15 - Authenticated (Subscriber+) Limited Server-Side Request Forgery |
| CVE-2024-11733 | 2025-01-03 | WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-55896 | 2025-01-03 | IBM PowerHA SystemMirror for i clickjacking |
| CVE-2024-55897 | 2025-01-03 | IBM PowerHA SystemMirror for i information disclosure |
| CVE-2025-0199 | 2025-01-03 | code-projects Point of Sales and Inventory Management System minus_cart.php sql injection |
| CVE-2025-22383 | 2025-01-04 | An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to... |
| CVE-2025-22384 | 2025-01-04 | An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products... |
| CVE-2025-22385 | 2025-01-04 | An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation... |
| CVE-2025-22386 | 2025-01-04 | An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This... |
| CVE-2025-22387 | 2025-01-04 | An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes... |
| CVE-2025-22388 | 2025-01-04 | An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code,... |
| CVE-2025-22390 | 2025-01-04 | An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set... |