VULNMAP - Vulnerabilità di Sicurezza

Lista CVE - 2025 / Gennaio

Visualizzazione 4201 - 4274 di 4274 CVE per Gennaio 2025 (Pagina 43 di 43)

ID CVE Data Titolo
CVE-2025-22757 2025-01-31 WordPress CodeBard Help Desk plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23976 2025-01-31 WordPress Issuu Panel plugin <= 2.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23977 2025-01-31 WordPress Post Carousel Slider plugin <= 2.0.1 - CSRF to Stored XSS vulnerability
CVE-2025-23978 2025-01-31 WordPress FlashCounter plugin <= 1.1.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23980 2025-01-31 WordPress Full Circle plugin <= 0.5.7.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23985 2025-01-31 WordPress Dynamic URL SEO plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-23987 2025-01-31 WordPress Designer plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23989 2025-01-31 WordPress Internal Link Builder plugin <= 1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23990 2025-01-31 WordPress Scroll Styler plugin <= 1.1 - CSRF to Stored XSS vulnerability
CVE-2025-23596 2025-01-31 WordPress Notifikácie.sk plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23671 2025-01-31 WordPress WP OpenSearch plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23759 2025-01-31 WordPress Affiliate Tools Việt Nam plugin <= 0.3.17 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24534 2025-01-31 WordPress DPortfolio plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24535 2025-01-31 WordPress SKT Donation plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24549 2025-01-31 WordPress Post Meta plugin <= 1.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24551 2025-01-31 WordPress Radio Buttons and Swatches for WooCommerce plugin <= 1.1.20 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24560 2025-01-31 WordPress Awesome Event Booking plugin <= 2.7.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24563 2025-01-31 WordPress Cleanup – Directory Listing & Classifieds plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24597 2025-01-31 WordPress Barcode Generator for WooCommerce plugin <= 2.0.2 - Sensitive Data Exposure vulnerability
CVE-2025-24608 2025-01-31 WordPress GD Mail Queue Plugin <= 4.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24609 2025-01-31 WordPress PORTONE 우커머스 결제 Plugin <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24632 2025-01-31 WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.9.0 -Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24635 2025-01-31 WordPress Paytm – Donation Plugin plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24686 2025-01-31 WordPress RegistrationMagic Plugin <= 6.0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24710 2025-01-31 WordPress Gwolle Guestbook plugin <= 4.7.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24718 2025-01-31 WordPress WP Sessions Time Monitoring Full Automatic Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-24749 2025-01-31 WordPress EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability
CVE-2024-13472 2025-01-31 WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting
CVE-2024-12267 2025-01-31 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion
CVE-2024-12415 2025-01-31 AI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-13662 2025-01-31 eHive Objects Image Grid <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12037 2025-01-31 Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-57948 2025-01-31 mac802154: check local interfaces before deleting sdata list
CVE-2025-21665 2025-01-31 filemap: avoid truncating 64-bit offset to 32 bits
CVE-2025-21666 2025-01-31 vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
CVE-2025-21667 2025-01-31 iomap: avoid avoid truncating 64-bit offset to 32 bits
CVE-2025-21668 2025-01-31 pmdomain: imx8mp-blk-ctrl: add missing loop break condition
CVE-2025-21669 2025-01-31 vsock/virtio: discard packets if the transport changes
CVE-2025-21670 2025-01-31 vsock/bpf: return early if transport is not assigned
CVE-2025-21671 2025-01-31 zram: fix potential UAF of zram table
CVE-2025-21672 2025-01-31 afs: Fix merge preference rule failure condition
CVE-2025-21673 2025-01-31 smb: client: fix double free of TCP_Server_Info::hostname
CVE-2025-21674 2025-01-31 net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel
CVE-2025-21675 2025-01-31 net/mlx5: Clear port select structure when fail to create
CVE-2025-21676 2025-01-31 net: fec: handle page_pool_dev_alloc_pages error
CVE-2025-21677 2025-01-31 pfcp: Destroy device along with udp socket's netns dismantle.
CVE-2025-21678 2025-01-31 gtp: Destroy device along with udp socket's netns dismantle.
CVE-2025-21679 2025-01-31 btrfs: add the missing error handling inside get_canonical_dev_path
CVE-2025-21680 2025-01-31 pktgen: Avoid out-of-bounds access in get_imix_entries
CVE-2025-21681 2025-01-31 openvswitch: fix lockup on tx to unregistering netdev with carrier
CVE-2025-21682 2025-01-31 eth: bnxt: always recalculate features after XDP clearing, fix null-deref
CVE-2025-21683 2025-01-31 bpf: Fix bpf_sk_select_reuseport() memory leak
CVE-2025-24831 2025-01-31 Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
CVE-2025-24830 2025-01-31 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
CVE-2025-24829 2025-01-31 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
CVE-2025-24827 2025-01-31 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
CVE-2025-24828 2025-01-31 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
CVE-2025-0929 2025-01-31 SQL injection vulnerability in TeamCal Neo
CVE-2025-0930 2025-01-31 Reflected Cross-Site Scripting (XSS) vulnerability in TeamCal Neo
CVE-2024-45650 2025-01-31 IBM Security Verify Directory denial of service
CVE-2024-11741 2025-01-31 Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions...
CVE-2023-38739 2025-01-31 IBM Sterling B2B Integrator cross-site request forgery
CVE-2024-47103 2025-01-31 IBM Sterling B2B Integrator cross-site scripting
CVE-2024-40696 2025-01-31 IBM Sterling B2B Integrator cross-site scripting
CVE-2024-49807 2025-01-31 IBM Sterling B2B Integrator cross-site scripting
CVE-2025-23215 2025-01-31 PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext
CVE-2024-45089 2025-01-31 IBM Sterling B2B Integrator information disclosure
CVE-2024-47116 2025-01-31 IBM Sterling B2B Integrator cross-site scripting
CVE-2024-49339 2025-01-31 IBM Financial Transaction Manager cross-site scripting
CVE-2024-49349 2025-01-31 IBM Financial Transaction Manager cross-site scripting
CVE-2025-0938 2025-01-31 URL parser allowed square brackets in domain names
CVE-2025-0934 2025-01-31 code-projects Job Recruitment _call_job_search_ajax.php sql injection
CVE-2025-24891 2025-01-31 Dumb Drop has an arbitrary file overwrite and path traversal for root shell
CVE-2024-13343 2025-02-01 WooCommerce Customers Manager <= 31.3 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
CVE-2024-13547 2025-02-01 aThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11780 2025-02-01 Site Search 360 <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12184 2025-02-01 WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download
CVE-2024-12620 2025-02-01 AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update
CVE-2024-13651 2025-02-01 RapidLoad – Optimize Web Vitals Automatically <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Limited Setting Reset
CVE-2024-12171 2025-02-01 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
CVE-2024-53296 2025-02-01 Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability,...
CVE-2024-51534 2025-02-01 Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of...
CVE-2024-53295 2025-02-01 Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to...
CVE-2024-12041 2025-02-01 Directorist – AI-Powered WordPress Business Directory Plugin with Classified Ads Listings <= 8.0.12 - Unauthenticated User Information Exposure
CVE-2025-0366 2025-02-01 Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution)
CVE-2025-0365 2025-02-01 Jupiterx Core <= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read
CVE-2024-12768 2025-02-01 Responsive iframe <= 1.2.0 - Contributor+ Stored XSS
CVE-2024-13096 2025-02-01 WP Finance <= 1.3.6 - Stored XSS via CSRF
CVE-2024-13097 2025-02-01 WP Finance <= 1.3.6 - Reflected XSS
CVE-2024-13098 2025-02-01 WP Email Newsletter <= 1.1 - Reflected XSS
CVE-2024-13099 2025-02-01 Widget4call <= 1.0.7 - Reflected XSS
CVE-2024-13341 2025-02-01 MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.1.11 - Authenticated (Subscriber+) SQL Injection
CVE-2025-0939 2025-02-01 MagicForm - WordPress Form Builder <= 1.6.2 - Missing Authorization
CVE-2024-11829 2025-02-01 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-23091 2025-02-01 An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.
CVE-2024-12825 2025-02-01 Custom Related Posts <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation Updates
CVE-2024-13429 2025-02-01 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion
CVE-2024-13425 2025-02-01 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion
CVE-2024-13428 2025-02-01 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion
CVE-2024-13371 2025-02-01 WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending