Lista CVE - 2025 / Gennaio
Visualizzazione 3601 - 3700 di 4277 CVE per Gennaio 2025 (Pagina 37 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-57590 | 2025-01-27 | TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability... |
| CVE-2024-57595 | 2025-01-27 | DLINK DIR-825 REVB 2.03 devices have an OS command injection... |
| CVE-2024-28771 | 2025-01-27 | IBM Security Directory Integrator information disclosure |
| CVE-2024-28770 | 2025-01-27 | IBM Security Directory Integrator information disclosure |
| CVE-2024-28766 | 2025-01-27 | IBM Security Directory Integrator information disclosure |
| CVE-2023-46187 | 2025-01-27 | IBM InfoSphere Master Data Management cross-site scripting |
| CVE-2024-43445 | 2025-01-27 | Missing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing |
| CVE-2024-43446 | 2025-01-27 | Improper check of permissions in Generic Interface |
| CVE-2025-24389 | 2025-01-27 | SMTP Password will be shown in cleartext on some SMTP errors |
| CVE-2025-24390 | 2025-01-27 | Missing Cookie Flags |
| CVE-2024-12280 | 2025-01-27 | WP Customer Area <= 8.2.4 - Event Log Deletion via CSRF |
| CVE-2024-12321 | 2025-01-27 | WC Affiliate <= 2.3.9 - Reflected XSS |
| CVE-2024-12436 | 2025-01-27 | WP Customer Area <= 8.2.4 - Bulk Delete via CSRF |
| CVE-2024-12773 | 2025-01-27 | Altra Side Menu <= 2.0 - Admin+ SQL Injection |
| CVE-2024-12774 | 2025-01-27 | Altra Side Menu <= 2.0 - Abitrary Menu Deletion via CSRF |
| CVE-2024-13052 | 2025-01-27 | Dental Optimizer Patient Generator App <= 1.0 - Reflected XSS |
| CVE-2024-13055 | 2025-01-27 | Dyn Business Panel <= 1.0.0 - Reflected XSS |
| CVE-2024-13056 | 2025-01-27 | Dyn Business Panel <= 1.0.0 - Reflected XSS |
| CVE-2024-13057 | 2025-01-27 | Dyn Business Panel <= 1.0.0 - Stored XSS via CSRF |
| CVE-2024-13094 | 2025-01-27 | WP Triggers Lite <= 2.5.3 - Reflected XSS |
| CVE-2024-13095 | 2025-01-27 | WP Triggers Lite <= 2.5.3 - Admin+ SQL Injection |
| CVE-2024-13116 | 2025-01-27 | Crelly Slider < 1.4.7 - Admin+ Stored XSS |
| CVE-2024-13117 | 2025-01-27 | Social Share Buttons for WordPress <= 2.7 - Unauthenticated Image Upload & Path Traversal |
| CVE-2024-52012 | 2025-01-27 | Apache Solr: Configset upload on Windows allows arbitrary path write-access |
| CVE-2025-24814 | 2025-01-27 | Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files |
| CVE-2024-12345 | 2025-01-27 | INW Krbyyyzo Daily Huddle Site gbo.aspx resource consumption |
| CVE-2025-0695 | 2025-01-27 | An Allocation of Resources Without Limits or Throttling vulnerability in... |
| CVE-2025-0696 | 2025-01-27 | A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less... |
| CVE-2024-55931 | 2025-01-27 | Token stored in session storage |
| CVE-2024-11348 | 2025-01-27 | Reflected XSS in Eura7 CMSmanager |
| CVE-2022-4975 | 2025-01-27 | Rhacs: cross-site scripting in portal |
| CVE-2025-23457 | 2025-01-27 | WordPress Shipdeo plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23792 | 2025-01-27 | WordPress Passwordless WP – Login with your glance or fingerprint Plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24533 | 2025-01-27 | WordPress MetaSlider plugin <= 3.92.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24584 | 2025-01-27 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerability |
| CVE-2025-24601 | 2025-01-27 | WordPress FundPress plugin <= 2.0.6 - PHP Object Injection vulnerability |
| CVE-2025-24612 | 2025-01-27 | WordPress Shipping for Nova Poshta plugin <= 1.19.6 - SQL Injection vulnerability |
| CVE-2025-24664 | 2025-01-27 | WordPress LTL Freight Quotes Plugin <= 5.0.20 - SQL Injection vulnerability |
| CVE-2025-24685 | 2025-01-27 | WordPress Morkva UA Shipping plugin <= 1.0.18 - Local File Inclusion vulnerability |
| CVE-2025-24754 | 2025-01-27 | WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2025-22513 | 2025-01-27 | WordPress Simple Locator Plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23529 | 2025-01-27 | WordPress Minterpress plugin <= 1.0.5 - Arbitrary Content Deletion vulnerability |
| CVE-2025-23531 | 2025-01-27 | WordPress RSVPMaker Volunteer Roles plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23574 | 2025-01-27 | WordPress CubePM plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23656 | 2025-01-27 | WordPress Donate visa plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23669 | 2025-01-27 | WordPress WP Smart Tooltip plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23752 | 2025-01-27 | WordPress CGD Arrange Terms plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23754 | 2025-01-27 | WordPress The Loops plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23756 | 2025-01-27 | WordPress LawPress plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23849 | 2025-01-27 | WordPress PAPERCITE plugin <= 0.5.18 - Broken Access Control vulnerability |
| CVE-2025-24537 | 2025-01-27 | WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24538 | 2025-01-27 | WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24540 | 2025-01-27 | WordPress Website Builder by SeedProd plugin <= 6.18.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24590 | 2025-01-27 | WordPress picu – Online Photo Proofing Gallery plugin <= 2.4.0 - Broken Access Control vulnerability |
| CVE-2025-24593 | 2025-01-27 | WordPress Edwiser Bridge plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24600 | 2025-01-27 | WordPress RSVPMaker plugin <= 11.4.5 - Broken Access Control vulnerability |
| CVE-2025-24603 | 2025-01-27 | WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.10 - Broken Access Control vulnerability |
| CVE-2025-24606 | 2025-01-27 | WordPress Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress plugin <=20.8.1 - Broken Access Control vulnerability |
| CVE-2025-24626 | 2025-01-27 | WordPress Music Store – WordPress eCommerce Plugin <= 1.1.19 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24628 | 2025-01-27 | WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability |
| CVE-2025-24653 | 2025-01-27 | WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.1.1 - Broken Access Control vulnerability |
| CVE-2025-24662 | 2025-01-27 | WordPress LearnDash LMS Plugin <= 4.20.0.1 - Broken Access Control vulnerability |
| CVE-2025-24665 | 2025-01-27 | WordPress Small Package Quotes Plugin <= 2.4.8 - SQL Injection vulnerability |
| CVE-2025-24667 | 2025-01-27 | WordPress Small Package Quotes Plugin <= 5.2.17 - SQL Injection vulnerability |
| CVE-2025-24671 | 2025-01-27 | WordPress Save as PDF Plugin by Pdfcrowd Plugin <= 4.4.0 - PHP Object Injection vulnerability |
| CVE-2025-24680 | 2025-01-27 | WordPress WP Multi Store Locator Plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24689 | 2025-01-27 | WordPress Import and export users and customers plugin 1.27.12 - Sensitive Data Exposure vulnerability |
| CVE-2025-24708 | 2025-01-27 | WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24734 | 2025-01-27 | WordPress Better Find and Replace plugin <= 1.6.7 - Privilege Escalation vulnerability |
| CVE-2025-24740 | 2025-01-27 | WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability |
| CVE-2025-24741 | 2025-01-27 | WordPress KB Support plugin <= 1.6.7 - Open Redirection vulnerability |
| CVE-2025-24742 | 2025-01-27 | WordPress WP Google Maps plugin <= 9.0.40 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24743 | 2025-01-27 | WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Broken Access Control vulnerability |
| CVE-2025-24744 | 2025-01-27 | WordPress Bridge Core plugin <= 3.3 - Broken Access Control vulnerability |
| CVE-2025-24747 | 2025-01-27 | WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2025-23982 | 2025-01-27 | WordPress Fare Calculator plugin <= 1.1 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-24782 | 2025-01-27 | WordPress Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Local File Inclusion vulnerability |
| CVE-2025-24783 | 2025-01-27 | Apache Cocoon: continuations may not be private |
| CVE-2024-38325 | 2025-01-27 | IBM Storage Defender information disclosure |
| CVE-2024-38320 | 2025-01-27 | IBM Storage Protect for Virtual Environments: Data Protection for VMware information disclosure |
| CVE-2024-45598 | 2025-01-27 | Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path |
| CVE-2024-37527 | 2025-01-27 | IBM OpenPages with Watson cross-site scripting |
| CVE-2024-22316 | 2025-01-27 | IBM Sterling File Gateway improper access control |
| CVE-2023-47159 | 2025-01-27 | IBM Sterling File Gateway information disclosure |
| CVE-2023-52292 | 2025-01-27 | IBM Sterling File Gateway cross-site scripting |
| CVE-2024-27256 | 2025-01-27 | IBM MQ Operator information disclosure |
| CVE-2025-0729 | 2025-01-27 | TP-Link TL-SG108E clickjacking |
| CVE-2025-0730 | 2025-01-27 | TP-Link TL-SG108E HTTP GET Request usr_account_set.cgi get request method with sensitive query strings |
| CVE-2024-54146 | 2025-01-27 | Cacti has a SQL Injection vulnerability when view host template |
| CVE-2024-54145 | 2025-01-27 | Cacti has a SQL Injection vulnerability when request automation devices |
| CVE-2025-22604 | 2025-01-27 | Cacti has Authenticated RCE via multi-line SNMP responses |
| CVE-2025-24367 | 2025-01-27 | Cacti allows Arbitrary File Creation leading to RCE |
| CVE-2025-24368 | 2025-01-27 | Cacti has a SQL Injection vulnerability when using tree rules through Automation API |
| CVE-2024-12740 | 2025-01-27 | Dependency on Vulnerable Third-Party Component exposes Vulnerabilities in NI Vision Software |
| CVE-2025-23197 | 2025-01-27 | matrix-hookshot has a Potential Denial of Service when Hookshot is configured with GitHub support |
| CVE-2025-24354 | 2025-01-27 | imgproxy is vulnerable to SSRF against 0.0.0.0 |
| CVE-2025-24356 | 2025-01-27 | UDP traffic amplification via fastd's fast reconnect feature |
| CVE-2025-24357 | 2025-01-27 | vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator |
| CVE-2025-24364 | 2025-01-27 | vaultwarden allows RCE in the admin panel |
| CVE-2025-24365 | 2025-01-27 | vaultwarden allows escalation of privilege via variable confusion in OrgHeaders trait |