Lista CVE - 2025 / Febbraio
Visualizzazione 1201 - 1300 di 3676 CVE per Febbraio 2025 (Pagina 13 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-26359 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted... |
| CVE-2025-26360 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP... |
| CVE-2025-26361 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via... |
| CVE-2025-26362 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile... |
| CVE-2025-26363 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server... |
| CVE-2025-26364 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server... |
| CVE-2025-26365 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via... |
| CVE-2025-26366 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via... |
| CVE-2025-26367 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests. |
| CVE-2025-26368 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups via crafted HTTP requests. |
| CVE-2025-26369 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to user groups via crafted HTTP... |
| CVE-2025-26370 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP... |
| CVE-2025-26371 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests. |
| CVE-2025-26372 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests. |
| CVE-2025-26373 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests. |
| CVE-2025-26374 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests. |
| CVE-2025-26375 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP... |
| CVE-2025-26376 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests. |
| CVE-2025-26377 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests. |
| CVE-2025-26378 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts,... |
| CVE-2025-1200 | 2025-02-12 | SourceCodester Best Church Management Software slider_crud.php sql injection |
| CVE-2024-23563 | 2025-02-12 | HCL Connections Docs is vulnerable to a sensitive information disclosure |
| CVE-2024-57952 | 2025-02-12 | Revert "libfs: fix infinite directory reads for offset dir" |
| CVE-2025-21699 | 2025-02-12 | gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag |
| CVE-2025-1201 | 2025-02-12 | SourceCodester Best Church Management Software profile_crud.php sql injection |
| CVE-2025-1244 | 2025-02-12 | Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme |
| CVE-2025-1202 | 2025-02-12 | SourceCodester Best Church Management Software edit_slider.php sql injection |
| CVE-2025-1206 | 2025-02-12 | Codezips Gym Management System viewdetailroutine.php sql injection |
| CVE-2025-1042 | 2025-02-12 | Files or Directories Accessible to External Parties in GitLab |
| CVE-2025-1212 | 2025-02-12 | Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab |
| CVE-2025-0376 | 2025-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-12379 | 2025-02-12 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2024-12251 | 2025-02-12 | Improper neutralization special element in hyperlinks |
| CVE-2025-0556 | 2025-02-12 | Telerik Report Server Clear Text Transmission of Agent Commands |
| CVE-2025-0332 | 2025-02-12 | Progress UI for WinForms decompression path traversal vulnerability |
| CVE-2025-0516 | 2025-02-12 | Incorrect Authorization in GitLab |
| CVE-2024-9870 | 2025-02-12 | Unintended Proxy or Intermediary ('Confused Deputy') in GitLab |
| CVE-2025-1207 | 2025-02-12 | phjounin TFTPD64 DNS denial of service |
| CVE-2024-12629 | 2025-02-12 | Prototype Pollution in Progress® Telerik® KendoReact |
| CVE-2024-11343 | 2025-02-12 | Telerik Document Processing Path Traversal |
| CVE-2025-1208 | 2025-02-12 | code-projects Wazifa System Profile.php cross site scripting |
| CVE-2025-25182 | 2025-02-12 | Stroom Authentication/Authorization Bypass when using AWS ALB |
| CVE-2024-11628 | 2025-02-12 | Prototype Pollution in Progress® Telerik® Kendo UI for Vue |
| CVE-2025-25184 | 2025-02-12 | Possible Log Injection in Rack::CommonLogger |
| CVE-2024-11629 | 2025-02-12 | Telerik Document Processing RTF Export of Arbitrary File Path |
| CVE-2025-1209 | 2025-02-12 | code-projects Wazifa System search_resualts.php searchuser cross site scripting |
| CVE-2025-1210 | 2025-02-12 | code-projects Wazifa System control.php sql injection |
| CVE-2025-1213 | 2025-02-12 | pihome-shc PiHome index.php cross site scripting |
| CVE-2024-6097 | 2025-02-12 | Absolute Path Traversal Vulnerability |
| CVE-2025-25198 | 2025-02-12 | mailcow: dockerized vulnerable to password reset poisoning |
| CVE-2025-25199 | 2025-02-12 | BCryptGenerateSymmetricKey memory leak |
| CVE-2025-25200 | 2025-02-12 | Koa has Inefficient Regular Expression Complexity |
| CVE-2025-1214 | 2025-02-12 | pihome-shc PiHome Role-Based Access Control user_accounts.php authorization |
| CVE-2025-25201 | 2025-02-12 | Improper Validation of Admin Key in PIV Smartcard |
| CVE-2025-25205 | 2025-02-12 | Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching |
| CVE-2025-25283 | 2025-02-12 | parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory |
| CVE-2025-1146 | 2025-02-12 | CrowdStrike Falcon Sensor for Linux TLS Issue |
| CVE-2025-1215 | 2025-02-12 | vim main.c memory corruption |
| CVE-2025-0937 | 2025-02-12 | Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace |
| CVE-2025-1216 | 2025-02-12 | ywoa OaNoticeMapper.xml selectNoticeList sql injection |
| CVE-2025-1224 | 2025-02-12 | ywoa UserMapper.xml listNameBySql sql injection |
| CVE-2025-1225 | 2025-02-12 | ywoa WXCallBack Interface XMLParse.java extract xml external entity reference |
| CVE-2025-1226 | 2025-02-12 | ywoa setup.jsp improper authorization |
| CVE-2024-12673 | 2025-02-12 | An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system.... |
| CVE-2025-0108 | 2025-02-12 | PAN-OS: Authentication Bypass in the Management Web Interface |
| CVE-2025-0109 | 2025-02-12 | PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface |
| CVE-2025-0111 | 2025-02-12 | PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface |
| CVE-2025-1227 | 2025-02-12 | ywoa AddressDao.xml selectList sql injection |
| CVE-2025-0110 | 2025-02-12 | PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin |
| CVE-2025-0113 | 2025-02-12 | Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers |
| CVE-2024-31858 | 2025-02-12 | Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-29223 | 2025-02-12 | Uncontrolled search path for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-32277 | 2025-02-12 | Untrusted Pointer Dereference in I/O subsystem for some Intel(R) QAT software before version 2.0.5 may allow authenticated user to potentially enable information disclosure via local operating system access. |
| CVE-2024-31153 | 2025-02-12 | Improper input validation for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-37355 | 2025-02-12 | Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-38310 | 2025-02-12 | Improper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-42410 | 2025-02-12 | Improper input validation in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-42419 | 2025-02-12 | Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-41934 | 2025-02-12 | Improper access control in some Intel(R) GPA software before version 2024.3 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-21830 | 2025-02-12 | Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-42492 | 2025-02-12 | Uncontrolled search path element in some BIOS and System Firmware Update Package for Intel(R) Server M50FCP family before version R01.02.0002 may allow a privileged user to potentially enable escalation of... |
| CVE-2024-39286 | 2025-02-12 | Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via... |
| CVE-2024-41917 | 2025-02-12 | Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-39813 | 2025-02-12 | Uncontrolled search path for some EPCT software before version 1.42.8.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-39284 | 2025-02-12 | Uncontrolled search path for some Intel(R) Advisor software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-32938 | 2025-02-12 | Uncontrolled search path for some Intel(R) MPI Library for Windows software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-36291 | 2025-02-12 | Uncontrolled search path for some Intel(R) Chipset Software Installation Utility before version 10.1.19867.8574 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-24852 | 2025-02-12 | Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Driver Pack install before versions 29.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-36274 | 2025-02-12 | Out-of-bounds write in the Intel(R) 800 Series Ethernet Driver for Intel(R) Ethernet Adapter Complete Driver Pack before versions 29.1 may allow an unauthenticated user to potentially enable denial of service... |
| CVE-2024-39797 | 2025-02-12 | Improper access control in some drivers for Intel(R) Ethernet Connection I219 Series before version 12.19.1.39 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-39779 | 2025-02-12 | Stack-based buffer overflow in some drivers for Intel(R) Ethernet Connection I219 Series before version 12.19.1.39 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-31155 | 2025-02-12 | Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-21859 | 2025-02-12 | Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2024-38307 | 2025-02-12 | Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow an authenticated user to potentially enable denial of service via network access. |
| CVE-2024-30211 | 2025-02-12 | Improper access control in some Intel(R) ME driver pack installer engines before version 2422.6.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-26021 | 2025-02-12 | Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2023-43758 | 2025-02-12 | Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-34440 | 2025-02-12 | Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-24582 | 2025-02-12 | Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-29214 | 2025-02-12 | Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |