Lista CVE - 2025 / Gennaio
Visualizzazione 3901 - 4000 di 4274 CVE per Gennaio 2025 (Pagina 40 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-54851 | 2025-01-29 | Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection. |
| CVE-2024-54852 | 2025-01-29 | When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user... |
| CVE-2024-57395 | 2025-01-29 | Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters. |
| CVE-2024-57436 | 2025-01-29 | RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via... |
| CVE-2024-57437 | 2025-01-29 | RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list. |
| CVE-2024-57438 | 2025-01-29 | Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles. |
| CVE-2024-57439 | 2025-01-29 | An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account. |
| CVE-2024-57509 | 2025-01-29 | Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions. |
| CVE-2024-57510 | 2025-01-29 | Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial. |
| CVE-2024-57513 | 2025-01-29 | A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4. |
| CVE-2024-57665 | 2025-01-29 | JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering. |
| CVE-2024-57965 | 2025-01-29 | In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change... |
| CVE-2025-24527 | 2025-01-29 | An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector. |
| CVE-2023-35017 | 2025-01-29 | IBM Security Verify Governance information |
| CVE-2025-0792 | 2025-01-29 | ESAFENET CDG sdTodoDetail.jsp sql injection |
| CVE-2025-0793 | 2025-01-29 | ESAFENET CDG todoDetail.jsp sql injection |
| CVE-2025-0794 | 2025-01-29 | ESAFENET CDG todoDetail.jsp cross site scripting |
| CVE-2025-0795 | 2025-01-29 | ESAFENET CDG todolistjump.jsp cross site scripting |
| CVE-2025-0797 | 2025-01-29 | MicroWorld eScan Antivirus Quarantine Microworld default permission |
| CVE-2023-33838 | 2025-01-29 | IBM Security Verify Governance information disclosure |
| CVE-2025-0798 | 2025-01-29 | MicroWorld eScan Antivirus Quarantine rtscanner os command injection |
| CVE-2025-0800 | 2025-01-29 | SourceCodester Online Courseware Edit Teacher saveeditt.php cross site scripting |
| CVE-2025-23362 | 2025-01-29 | The old versions of EXIF Viewer Classic contain a cross-site scripting vulnerability caused by improper handling of EXIF meta data. When an image is rendered and crafted EXIF meta data... |
| CVE-2025-0802 | 2025-01-29 | SourceCodester Best Employee Management System Administrative Endpoint View_user.php access control |
| CVE-2025-0803 | 2025-01-29 | Codezips Gym Management System submit_plan_new.php sql injection |
| CVE-2025-0806 | 2025-01-29 | code-projects Job Recruitment _call_job_search_ajax.php cross site scripting |
| CVE-2025-0804 | 2025-01-29 | ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12749 | 2025-01-29 | Competition Form <= 2.0 - Reflected XSS |
| CVE-2024-13696 | 2025-01-29 | Flexible Wishlist for WooCommerce <= 1.2.25 - Unauthenticated Stored Cross-Site Scripting via wishlist_name Parameter |
| CVE-2024-7695 | 2025-01-29 | Out-of-bounds Write Vulnerability |
| CVE-2021-3978 | 2025-01-29 | Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki |
| CVE-2025-0617 | 2025-01-29 | An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity... |
| CVE-2025-0762 | 2025-01-29 | Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) |
| CVE-2024-13561 | 2025-01-29 | Target Video Easy Publish <= 3.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via brid_override_yt Shortcode |
| CVE-2025-0353 | 2025-01-29 | Divi Torque Lite <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-41140 | 2025-01-29 | Improper Authorization |
| CVE-2024-54461 | 2025-01-29 | Unsanitized Filenames in Flutter package file_selector_android Allow File Overwrites |
| CVE-2024-54462 | 2025-01-29 | Unsanitized Filenames in Flutter package image_picker_android Allow File Overwrites |
| CVE-2025-24374 | 2025-01-29 | Twig fixes a security issue where escaping was missing when using null coalesce operator (??) |
| CVE-2025-24792 | 2025-01-29 | Snowflake PHP PDO Driver has a Signed-to-Unsigned Conversion Error |
| CVE-2023-37412 | 2025-01-29 | IBM Aspera Faspex improper access control |
| CVE-2023-37398 | 2025-01-29 | IBM Aspera Faspex information disclosure |
| CVE-2023-37413 | 2025-01-29 | IBM Aspera Faspex information disclosure |
| CVE-2023-35907 | 2025-01-29 | IBM Aspera Faspex information disclosure |
| CVE-2025-24791 | 2025-01-29 | snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions |
| CVE-2025-24882 | 2025-01-29 | regclient may ignore pinned manifest digests |
| CVE-2025-24789 | 2025-01-29 | Snowflake JDBC allows an untrusted search path on Windows |
| CVE-2025-24790 | 2025-01-29 | Snowflake JDBC uses insecure temporary credential cache file permissions |
| CVE-2024-48849 | 2025-01-29 | Authentication and Authorization Issues |
| CVE-2024-10001 | 2025-01-29 | Code Injection Vulnerability in GitHub Enterprise Server Allows Arbitrary Code Execution via Message Handling |
| CVE-2024-48852 | 2025-01-29 | Information disclosures |
| CVE-2025-20014 | 2025-01-29 | mySCADA myPRO Manager OS Command Injection |
| CVE-2025-20061 | 2025-01-29 | mySCADA myPRO Manager OS Command Injection |
| CVE-2025-0840 | 2025-01-29 | GNU Binutils objdump.c disassemble_bytes stack-based overflow |
| CVE-2025-24884 | 2025-01-29 | kube-audit-rest's example logging configuration could disclose secret values in the audit log |
| CVE-2025-24788 | 2025-01-29 | Snowflake Connector for .NET has weak temporary files permissions |
| CVE-2025-24793 | 2025-01-29 | Snowflake Connector for Python has an SQL Injection in write_pandas |
| CVE-2025-24794 | 2025-01-29 | The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache |
| CVE-2025-24795 | 2025-01-29 | The Snowflake Connector for Python uses insecure cache files permissions |
| CVE-2025-0841 | 2025-01-29 | Aridius XYZ News loadMore deserialization |
| CVE-2025-0851 | 2025-01-29 | Path traversal issue in Deep Java Library |
| CVE-2025-0842 | 2025-01-29 | needyamin Library Card System Login admin.php sql injection |
| CVE-2024-11187 | 2025-01-29 | Many records in the additional section cause CPU exhaustion |
| CVE-2024-12705 | 2025-01-29 | DNS-over-HTTPS implementation suffers from multiple issues under heavy query load |
| CVE-2025-21415 | 2025-01-29 | Azure AI Face Service Elevation of Privilege Vulnerability |
| CVE-2025-0843 | 2025-01-29 | needyamin Library Card System Admin Panel admindashboard.php sql injection |
| CVE-2025-21396 | 2025-01-29 | Microsoft Account Elevation of Privilege Vulnerability |
| CVE-2025-0844 | 2025-01-29 | needyamin Library Card System Registration Page signup.php cross site scripting |
| CVE-2024-53615 | 2025-01-30 | A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file. |
| CVE-2024-55415 | 2025-01-30 | DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. |
| CVE-2024-55416 | 2025-01-30 | DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed. |
| CVE-2024-55417 | 2025-01-30 | DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell... |
| CVE-2025-0846 | 2025-01-30 | 1000 Projects Employee Task Management System AdminLogin.php sql injection |
| CVE-2025-0847 | 2025-01-30 | 1000 Projects Employee Task Management System Login index.php sql injection |
| CVE-2025-0848 | 2025-01-30 | Tenda A18 HTTP POST Request SetCmdlineRun stack-based overflow |
| CVE-2025-0849 | 2025-01-30 | CampCodes School Management Software Staff edit-staff improper authorization |
| CVE-2025-23374 | 2025-01-30 | Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access... |
| CVE-2025-0373 | 2025-01-30 | Buffer overflow in some filesystems via NFS |
| CVE-2025-0374 | 2025-01-30 | Unprivileged access to system files |
| CVE-2025-0662 | 2025-01-30 | Uninitialized kernel memory disclosure via ktrace(2) |
| CVE-2024-12921 | 2025-01-30 | EthereumICO <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ethereum-ico Shortcode |
| CVE-2024-10309 | 2025-01-30 | Tracking Code Manager < 2.4.0 - Contributor+ Stored XSS |
| CVE-2024-12163 | 2025-01-30 | GoodLayers Core < 2.1.3 - Subscriber+ Stored XSS via SVG Upload |
| CVE-2024-12400 | 2025-01-30 | Tourmaster < 5.3.5 - Reflected XSS |
| CVE-2024-12638 | 2025-01-30 | Bulk Me Now <= 2.0 - Reflected XSS |
| CVE-2024-12708 | 2025-01-30 | Bulk Me Now <= 2.0 - Stored XSS via Shortcode |
| CVE-2024-12709 | 2025-01-30 | Bulk Me Now <= 2.0 - Message Deletion via CSRF |
| CVE-2024-13457 | 2025-01-30 | Event Tickets <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure |
| CVE-2024-13642 | 2025-01-30 | Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget |
| CVE-2024-13470 | 2025-01-30 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-13732 | 2025-01-30 | Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via section_tag Parameter |
| CVE-2024-13758 | 2025-01-30 | CP Contact Form with PayPal <= 1.3.52 - Cross-Site Request Forgery |
| CVE-2024-13694 | 2025-01-30 | WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function |
| CVE-2025-0834 | 2025-01-30 | Wondershare Dr.Fone Privilege Scalation Vulnerability |
| CVE-2025-21107 | 2025-01-30 | Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially... |
| CVE-2025-0861 | 2025-01-30 | VR-Frases (collect & share quotes) <= 3.0.1 - Authenticated (Admin+) SQL Injection |
| CVE-2025-0860 | 2025-01-30 | VR-Frases (collect & share quotes) <= 3.0.1 - Reflected Cross-Site Scripting |
| CVE-2025-23007 | 2025-01-30 | A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. |
| CVE-2024-12524 | 2025-01-30 | Clinked Client Portal <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13453 | 2025-01-30 | Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution |