Lista CVE - 2025 / Febbraio
Visualizzazione 1101 - 1200 di 3676 CVE per Febbraio 2025 (Pagina 12 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-26520 | 2025-02-12 | Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146. |
| CVE-2024-21971 | 2025-02-12 | Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading... |
| CVE-2024-0142 | 2025-02-12 | NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might... |
| CVE-2025-1243 | 2025-02-12 | Field in api-go proxy not transformed before version 1.44.1 |
| CVE-2024-0143 | 2025-02-12 | NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might... |
| CVE-2024-0144 | 2025-02-12 | NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might... |
| CVE-2024-0145 | 2025-02-12 | NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability... |
| CVE-2024-53880 | 2025-02-12 | NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large... |
| CVE-2025-23359 | 2025-02-12 | NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A... |
| CVE-2024-29171 | 2025-02-12 | Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. A remote attacker could potentially exploit this vulnerability, leading to information disclosure. |
| CVE-2024-29172 | 2025-02-12 | Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service. |
| CVE-2024-13554 | 2025-02-12 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation |
| CVE-2024-13539 | 2025-02-12 | AForms Eats <= 1.3.1 - Unauthenticated Full Path Disclosure |
| CVE-2025-0808 | 2025-02-12 | Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion |
| CVE-2024-13749 | 2025-02-12 | StaffList <= 3.2.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-13701 | 2025-02-12 | Liveticker (by stklcode) <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13541 | 2025-02-12 | aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion |
| CVE-2024-13769 | 2025-02-12 | Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-11746 | 2025-02-12 | Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13800 | 2025-02-12 | Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2024-12164 | 2025-02-12 | WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset |
| CVE-2024-13421 | 2025-02-12 | Real Estate 7 WordPress <= 3.5.1 - Unauthenticated Privilege Escalation to Administrator |
| CVE-2024-13653 | 2025-02-12 | ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-13665 | 2025-02-12 | Admire Extra <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13658 | 2025-02-12 | NGG Smart Image Search <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13656 | 2025-02-12 | Click Mag - Viral WordPress News Magazine/Blog Theme <= 3.6.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Deletion |
| CVE-2024-13654 | 2025-02-12 | ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Deletion |
| CVE-2024-13374 | 2025-02-12 | WP Table Manager <= 4.1.3 - Missing Authorization to Authenticated (Subscriber+) Directory Traversal to Folder/File Name Disclosure |
| CVE-2024-13714 | 2025-02-12 | All-Images.ai – IA Image Bank and Custom Image creation <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-13600 | 2025-02-12 | Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2024-13601 | 2025-02-12 | Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object Reference |
| CVE-2025-1183 | 2025-02-12 | CodeZips Gym Management System more-userprofile.php sql injection |
| CVE-2025-1184 | 2025-02-12 | pihome-shc PiHome ajax.php sql injection |
| CVE-2025-1185 | 2025-02-12 | pihome-shc PiHome ajax.php sql injection |
| CVE-2024-13821 | 2025-02-12 | WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation |
| CVE-2024-13794 | 2025-02-12 | Hide My WP Ghost – Security & Firewall <= 5.3.02 - Unauthenticated Login Page Disclosure |
| CVE-2023-49780 | 2025-02-12 | Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the... |
| CVE-2025-1186 | 2025-02-12 | dayrui XunRuiCMS Api.php deserialization |
| CVE-2024-12315 | 2025-02-12 | Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory |
| CVE-2024-13814 | 2025-02-12 | Global Gallery - WordPress Responsive Gallery <= 9.1.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2025-1187 | 2025-02-12 | code-projects Police FIR Record Management System Delete Record stack-based overflow |
| CVE-2025-1188 | 2025-02-12 | Codezips Gym Management System updateroutine.php sql injection |
| CVE-2024-13528 | 2025-02-12 | Customer Email Verification for WooCommerce <= 2.9.5 - Authentication Bypass via Shortcode |
| CVE-2025-0506 | 2025-02-12 | Rise Blocks – A Complete Gutenberg Page Builder <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter |
| CVE-2024-13473 | 2025-02-12 | LTL Freight Quotes - Worldwide Express Edition <= 5.0.20 - Unauthenticated SQL Injection |
| CVE-2024-13435 | 2025-02-12 | Ebook Downloader <= 1.0 - Unauthenticated SQL Injection |
| CVE-2024-13456 | 2025-02-12 | Easy Quiz Maker <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12213 | 2025-02-12 | WP Job Board Pro <= 1.2.76 - Unauthenticated Privilege Escalation via process_register |
| CVE-2024-13490 | 2025-02-12 | LTL Freight Quotes – XPO Edition <= 4.3.7 - Unauthenticated SQL Injection |
| CVE-2024-13365 | 2025-02-12 | Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload |
| CVE-2024-13459 | 2025-02-12 | FuseDesk <= 6.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13437 | 2025-02-12 | Book a Room <= 2.9 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-13475 | 2025-02-12 | Small Package Quotes – UPS Edition <= 4.5.16 - Unauthenticated SQL Injection |
| CVE-2024-13531 | 2025-02-12 | ShipEngine Shipping Quotes <= 1.0.7 - Unauthenticated SQL Injection |
| CVE-2024-12296 | 2025-02-12 | Apus Framework <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options |
| CVE-2025-1189 | 2025-02-12 | 1000 Projects Attendance Tracking Management System chart1.php sql injection |
| CVE-2024-32838 | 2025-02-12 | Apache Fineract: SQL injection vulnerabilities in offices API endpoint |
| CVE-2025-1190 | 2025-02-12 | code-projects Job Recruitment load_user-profile.php cross site scripting |
| CVE-2025-1191 | 2025-02-12 | SourceCodester Multi Restaurant Table Reservation System approve-reject.php sql injection |
| CVE-2025-1230 | 2025-02-12 | Cross-Site Scripting (XSS) vulnerability in Prestashop |
| CVE-2025-1192 | 2025-02-12 | SourceCodester Multi Restaurant Table Reservation System select-menu.php sql injection |
| CVE-2024-10960 | 2025-02-12 | Brizy – Page Builder <= 2.6.4 - Authenticated (Contributor+) Arbitrary File Upload via storeUploads |
| CVE-2025-0511 | 2025-02-12 | Welcart e-Commerce <= 2.11.9 - Unauthenticated Stored Cross-Site Scripting via name Parameter |
| CVE-2024-13477 | 2025-02-12 | LTL Freight Quotes – Unishippers Edition <= 2.5.8 - Unauthenticated SQL Injection |
| CVE-2024-13532 | 2025-02-12 | Small Package Quotes – Purolator Edition <= 3.6.4 - Unauthenticated SQL Injection |
| CVE-2024-13480 | 2025-02-12 | LTL Freight Quotes – For Customers of FedEx Freight <= 3.4.1 - Unauthenticated SQL Injection |
| CVE-2024-12386 | 2025-02-12 | WP Abstracts <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion |
| CVE-2025-1195 | 2025-02-12 | code-projects Real Estate Property Management System EditCategory cross site scripting |
| CVE-2025-1196 | 2025-02-12 | code-projects Real Estate Property Management System search.php cross site scripting |
| CVE-2024-10322 | 2025-02-12 | Brizy – Page Builder <= 2.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2025-1197 | 2025-02-12 | code-projects Real Estate Property Management System load_user-profile.php sql injection |
| CVE-2025-1199 | 2025-02-12 | SourceCodester Best Church Management Software role_crud.php sql injection |
| CVE-2025-1100 | 2025-02-12 | A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to execute arbitrary code with... |
| CVE-2025-1101 | 2025-02-12 | A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted... |
| CVE-2025-1102 | 2025-02-12 | A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity,... |
| CVE-2025-26339 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity,... |
| CVE-2025-26340 | 2025-02-12 | A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the authentication... |
| CVE-2025-26341 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via... |
| CVE-2025-26342 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators,... |
| CVE-2025-26343 | 2025-02-12 | A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to brute-force user PINs via multiple... |
| CVE-2025-26344 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via... |
| CVE-2025-26345 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via... |
| CVE-2025-26346 | 2025-02-12 | A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserGroupMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an... |
| CVE-2025-26347 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted... |
| CVE-2024-57951 | 2025-02-12 | hrtimers: Handle CPU state correctly on hotplug |
| CVE-2025-21694 | 2025-02-12 | fs/proc: fix softlockup in __read_vmcore (part 2) |
| CVE-2025-26348 | 2025-02-12 | A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an... |
| CVE-2025-21695 | 2025-02-12 | platform/x86: dell-uart-backlight: fix serdev race |
| CVE-2025-21696 | 2025-02-12 | mm: clear uffd-wp PTE/PMD state on mremap() |
| CVE-2025-21697 | 2025-02-12 | drm/v3d: Ensure job pointer is set to NULL after job completion |
| CVE-2025-26349 | 2025-02-12 | A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via... |
| CVE-2025-26350 | 2025-02-12 | A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to... |
| CVE-2025-26351 | 2025-02-12 | A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted... |
| CVE-2025-26352 | 2025-02-12 | A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted... |
| CVE-2025-26353 | 2025-02-12 | A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. |
| CVE-2025-26354 | 2025-02-12 | A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP... |
| CVE-2025-26355 | 2025-02-12 | A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests. |
| CVE-2025-26356 | 2025-02-12 | A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP... |
| CVE-2025-26357 | 2025-02-12 | A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. |
| CVE-2025-26358 | 2025-02-12 | A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration... |