Lista CVE - 2025 / Gennaio
Visualizzazione 3801 - 3900 di 4274 CVE per Gennaio 2025 (Pagina 39 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-57514 | 2025-01-28 | The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. When a specially crafted URL is... |
| CVE-2024-57519 | 2025-01-28 | An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file. |
| CVE-2025-22917 | 2025-01-28 | A reflected cross-site scripting (XSS) vulnerability in Audemium ERP <=0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious... |
| CVE-2024-27263 | 2025-01-28 | IBM Sterling B2B Integrator information disclosure |
| CVE-2022-3365 | 2025-01-28 | Emote Interactive Remote Mouse Server command injection due to weak encoding |
| CVE-2023-50316 | 2025-01-28 | IBM Sterling B2B Integrator information disclosure |
| CVE-2024-12647 | 2025-01-28 | Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being... |
| CVE-2024-12648 | 2025-01-28 | Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product... |
| CVE-2024-12649 | 2025-01-28 | Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being... |
| CVE-2024-45339 | 2025-01-28 | Vulnerability when creating log files in github.com/golang/glog |
| CVE-2024-45341 | 2025-01-28 | Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 |
| CVE-2024-45340 | 2025-01-28 | GOAUTH credential leak in cmd/go |
| CVE-2024-45336 | 2025-01-28 | Sensitive headers incorrectly sent after cross-domain redirect in net/http |
| CVE-2025-22865 | 2025-01-28 | ParsePKCS1PrivateKey panic with partial keys in crypto/x509 |
| CVE-2024-22315 | 2025-01-28 | IBM Fusion improper communication restriction |
| CVE-2024-0135 | 2025-01-28 | NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead... |
| CVE-2024-0136 | 2025-01-28 | NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is... |
| CVE-2024-0137 | 2025-01-28 | NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only... |
| CVE-2024-0140 | 2025-01-28 | NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exploit of this vulnerability might lead to code... |
| CVE-2024-0150 | 2025-01-28 | NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this... |
| CVE-2024-0147 | 2025-01-28 | NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. |
| CVE-2024-0149 | 2025-01-28 | NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure. |
| CVE-2024-53869 | 2025-01-28 | NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure. |
| CVE-2024-0146 | 2025-01-28 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution,... |
| CVE-2024-53881 | 2025-01-28 | NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of... |
| CVE-2024-11135 | 2025-01-28 | Eventer <= 3.9.8 - Unauthenticated SQL Injection |
| CVE-2025-23084 | 2025-01-28 | A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows.... |
| CVE-2025-24810 | 2025-01-28 | Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who... |
| CVE-2024-12723 | 2025-01-28 | Infility Global <= 2.9.8 - Reflected XSS |
| CVE-2024-12807 | 2025-01-28 | Social Share Buttons for WordPress <= 2.7 - Admin+ Stored XSS |
| CVE-2024-13448 | 2025-01-28 | ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data |
| CVE-2024-13509 | 2025-01-28 | WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-0321 | 2025-01-28 | ElementsKit Pro <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter |
| CVE-2024-13521 | 2025-01-28 | MailUp Auto Subscription <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13527 | 2025-01-28 | Philantro – Donations and Donor Management <= 5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via donate Shortcode |
| CVE-2025-0290 | 2025-01-28 | Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab |
| CVE-2024-23953 | 2025-01-28 | Apache Hive: Timing Attack Against Signature in LLAP util |
| CVE-2025-0736 | 2025-01-28 | Org.infinispan-infinispan-parent: exposure of sensitive information in application logs |
| CVE-2025-0750 | 2025-01-28 | Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting |
| CVE-2025-0752 | 2025-01-28 | Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access |
| CVE-2025-0754 | 2025-01-28 | Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing |
| CVE-2025-0065 | 2025-01-28 | Improper Neutralization of Argument Delimiters in TeamViewer Clients |
| CVE-2024-11954 | 2025-01-28 | Pimcore Search Document cross site scripting |
| CVE-2024-11956 | 2025-01-28 | Pimcore customer-data-framework list sql injection |
| CVE-2024-6351 | 2025-01-28 | Malformed packet leads to denial of service in NWK/APS layer |
| CVE-2024-7881 | 2025-01-28 | An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced. |
| CVE-2025-0659 | 2025-01-28 | Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix™ Private Cloud |
| CVE-2025-23045 | 2025-01-28 | CVAT allows remote code execution via tracker Nuclio functions |
| CVE-2025-23211 | 2025-01-28 | Tandoor Recipes - SSTI - Remote Code Execution |
| CVE-2025-23212 | 2025-01-28 | Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server |
| CVE-2025-23213 | 2025-01-28 | Tandoor Recipes - Stored XSS through Unrestricted File Upload |
| CVE-2025-24800 | 2025-01-28 | Critical vulnerability in `ismp-grandpa` <v15.0.1 |
| CVE-2025-0432 | 2025-01-28 | HMS Networks Ewon Flexy 202 Cleartext Transmission of Sensitive Information |
| CVE-2025-23385 | 2025-01-28 | In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the... |
| CVE-2025-0781 | 2025-01-28 | Incorrect Authorization in SimGear |
| CVE-2024-8401 | 2025-01-28 | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated attacker modifies folder names within the context of the product. |
| CVE-2017-13317 | 2025-01-28 | In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed.... |
| CVE-2017-13318 | 2025-01-28 | In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed.... |
| CVE-2018-9373 | 2025-01-28 | In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with... |
| CVE-2018-9378 | 2025-01-28 | In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2025-23055 | 2025-01-28 | Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface |
| CVE-2025-23056 | 2025-01-28 | Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface |
| CVE-2025-23057 | 2025-01-28 | Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface |
| CVE-2025-23054 | 2025-01-28 | Authenticated Response Manipulation allows Unauthorized Actions in Management Interface |
| CVE-2025-23053 | 2025-01-28 | Authenticated privilege escalation via broken access control |
| CVE-2024-13484 | 2025-01-28 | Openshift-gitops-operator-container: namespace isolation break |
| CVE-2025-0631 | 2025-01-28 | PowerFlex® 755 Credential Exposure Vulnerability |
| CVE-2025-0783 | 2025-01-28 | pankajindevops scale API Endpoint access control |
| CVE-2025-22217 | 2025-01-28 | Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user... |
| CVE-2025-24478 | 2025-01-28 | 5380/5580 Denial-of-Service Vulnerability |
| CVE-2025-24479 | 2025-01-28 | FactoryTalk® View Machine Edition - Local Code Injection |
| CVE-2025-24480 | 2025-01-28 | FactoryTalk® View Machine Editon - Remote Code Execution |
| CVE-2024-34732 | 2025-01-28 | In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional... |
| CVE-2024-34733 | 2025-01-28 | In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional... |
| CVE-2024-34748 | 2025-01-28 | In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed.... |
| CVE-2024-40649 | 2025-01-28 | In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no... |
| CVE-2024-40651 | 2025-01-28 | In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no... |
| CVE-2024-40669 | 2025-01-28 | In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2024-40670 | 2025-01-28 | In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2024-40672 | 2025-01-28 | In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no... |
| CVE-2024-40673 | 2025-01-28 | In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to... |
| CVE-2024-40674 | 2025-01-28 | In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of... |
| CVE-2024-40675 | 2025-01-28 | In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User... |
| CVE-2024-40676 | 2025-01-28 | In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation... |
| CVE-2024-40677 | 2025-01-28 | In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no... |
| CVE-2025-0784 | 2025-01-28 | Intelbras InControl Registered User usuario cleartext transmission |
| CVE-2025-24826 | 2025-01-28 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4625. |
| CVE-2025-24481 | 2025-01-28 | FactoryTalk® View Site Edition - Incorrect Permission Assignment |
| CVE-2025-24482 | 2025-01-28 | FactoryTalk® View Site Edition - Local Code Injection |
| CVE-2025-0785 | 2025-01-28 | ESAFENET CDG SysConfig.jsp cross site scripting |
| CVE-2024-29869 | 2025-01-28 | Apache Hive: Credentials file created with non restrictive permissions |
| CVE-2025-0786 | 2025-01-28 | ESAFENET CDG appDetail.jsp sql injection |
| CVE-2025-0787 | 2025-01-28 | ESAFENET CDG appDetail.jsp cross site scripting |
| CVE-2025-0788 | 2025-01-28 | ESAFENET CDG content_top.jsp sql injection |
| CVE-2025-0789 | 2025-01-28 | ESAFENET CDG doneDetail.jsp sql injection |
| CVE-2025-0790 | 2025-01-28 | ESAFENET CDG doneDetail.jsp cross site scripting |
| CVE-2025-0791 | 2025-01-28 | ESAFENET CDG sdDoneDetail.jsp sql injection |
| CVE-2024-23733 | 2025-01-29 | The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by... |
| CVE-2024-48761 | 2025-01-29 | Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter. |
| CVE-2024-51182 | 2025-01-29 | HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter. |