Lista CVE - 2025 / Febbraio
Visualizzazione 201 - 300 di 3678 CVE per Febbraio 2025 (Pagina 3 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-56161 | 2025-02-03 | Improper signature verification in AMD CPU ROM microcode patch loader... |
| CVE-2025-24898 | 2025-02-03 | rust openssl ssl::select_next_proto use after free |
| CVE-2024-12510 | 2025-02-03 | LDAP Authentication Sever Pass-back attack |
| CVE-2024-11133 | 2025-02-03 | Eventer <= 3.9.9 - Missing Authorization to Unauthenticated Event Ticket Download |
| CVE-2024-11132 | 2025-02-03 | Eventer <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-11134 | 2025-02-03 | Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export |
| CVE-2024-12859 | 2025-02-03 | BoomBox Theme Extensions <= 1.8.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2024-12511 | 2025-02-03 | SMB/FTP Address Book Scan Pass-back attack |
| CVE-2025-24961 | 2025-02-03 | Insecure path traversal in filesystem and filesystem-nio2 storage backends in org.gaul S3Proxy |
| CVE-2025-24960 | 2025-02-03 | Missing Input validation for filename in backups endpoint in Jellystat |
| CVE-2025-24959 | 2025-02-03 | Environment Variable Injection for dotenv API in zx |
| CVE-2025-24962 | 2025-02-03 | Command Injection in reNgine |
| CVE-2025-24899 | 2025-02-03 | Disclosure of Sensitive User Information via API in reNgine |
| CVE-2025-24370 | 2025-02-03 | Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass |
| CVE-2025-23210 | 2025-02-03 | Bypass XSS sanitizer using the javascript protocol and special characters in phpoffice/phpspreadsheet |
| CVE-2025-24371 | 2025-02-03 | Malicious peer can make node stuck in blocksync in github.com/cometbft/cometbft |
| CVE-2025-24029 | 2025-02-03 | Artifact permissions are not verified in the Cross Tracker Search widget in Tuleap |
| CVE-2025-22129 | 2025-02-03 | Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap |
| CVE-2024-47770 | 2025-02-03 | Ability to view Agent list with no privilege access in wazuh-dashboard |
| CVE-2024-35177 | 2025-02-03 | Improper Access Control in wazuh-agent |
| CVE-2025-24958 | 2025-02-03 | SQL Injection endpoint 'salvar_tag.php' parameter 'id_tag' in WeGIA |
| CVE-2025-24957 | 2025-02-03 | SQL Injection endpoint 'get_detalhes_socio.php' parameter 'id_socio' in WeGIA |
| CVE-2025-24906 | 2025-02-03 | SQL Injection endpoint 'get_detalhes_cobranca.php' parameter 'codigo' in WeGIA |
| CVE-2025-24905 | 2025-02-03 | SQL Injection endpoint 'get_codigobarras_cobranca.php' parameter 'codigo' in WeGIA |
| CVE-2025-24902 | 2025-02-03 | SQL Injection endpoint 'salvar_cargo.php' parameter 'id_cargo' in WeGIA |
| CVE-2025-24901 | 2025-02-03 | SQL Injection endpoint 'deletar_permissao.php' parameter 'c', 'a', 'r' in WeGIA |
| CVE-2025-0148 | 2025-02-03 | Zoom Jenkins Marketplace plugin - Missing Password Field Masking |
| CVE-2025-1003 | 2025-02-03 | HP Anyware Agent for Linux – Potential Authentication Bypass |
| CVE-2024-48445 | 2025-02-04 | An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote... |
| CVE-2025-22475 | 2025-02-04 | Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and... |
| CVE-2025-24982 | 2025-02-04 | Cross-site request forgery vulnerability exists in Activity Log WinterLock versions... |
| CVE-2024-13114 | 2025-02-04 | WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected XSS |
| CVE-2024-13115 | 2025-02-04 | WP Projects Portfolio with Client Testimonials <= 3.0 - Stored XSS via CSRF |
| CVE-2024-13325 | 2025-02-04 | Glossy <= 2.3.5 - Reflected XSS |
| CVE-2024-13326 | 2025-02-04 | iBuildApp <= 0.2.0 - Reflected XSS |
| CVE-2024-13327 | 2025-02-04 | Musicbox <= 2.0.3 - Reflected XSS |
| CVE-2024-13328 | 2025-02-04 | Giga Messenger Bots <= 2.3.1 - Reflected XSS |
| CVE-2024-13329 | 2025-02-04 | Solidres <= 0.9.4 - Reflected XSS |
| CVE-2024-13330 | 2025-02-04 | Justrows Free <= 0.2 - Reflected XSS |
| CVE-2024-13331 | 2025-02-04 | WP Dream Carousel <= 1.0.1b - Reflected XSS |
| CVE-2024-13332 | 2025-02-04 | TransFinanz <= 1.0.0 - Reflected XSS |
| CVE-2025-0368 | 2025-02-04 | Banner Garden Plugin for WordPress <= 0.1.3 - Reflected XSS |
| CVE-2025-0466 | 2025-02-04 | Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure |
| CVE-2024-12597 | 2025-02-04 | HT Mega <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css |
| CVE-2024-13607 | 2025-02-04 | JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference |
| CVE-2025-20881 | 2025-02-04 | Out-of-bounds write in accessing buffer storing the decoded video frames... |
| CVE-2025-20882 | 2025-02-04 | Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so... |
| CVE-2025-20883 | 2025-02-04 | Improper access control in SoundPicker prior to SMR Jan-2025 Release... |
| CVE-2025-20884 | 2025-02-04 | Improper access control in Samsung Message prior to SMR Jan-2025... |
| CVE-2025-20885 | 2025-02-04 | Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release... |
| CVE-2025-20886 | 2025-02-04 | Inclusion of sensitive information in test code in softsim trustlet... |
| CVE-2025-20887 | 2025-02-04 | Out-of-bounds read in accessing table used for svp8t in libsthmbc.so... |
| CVE-2025-20888 | 2025-02-04 | Out-of-bounds write in handling the block size for smp4vtd in... |
| CVE-2025-20889 | 2025-02-04 | Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so... |
| CVE-2025-20890 | 2025-02-04 | Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to... |
| CVE-2025-20891 | 2025-02-04 | Out-of-bounds read in decoding malformed bitstream of video thumbnails in... |
| CVE-2025-20892 | 2025-02-04 | Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release... |
| CVE-2025-20893 | 2025-02-04 | Improper access control in NotificationManager prior to SMR Jan-2025 Release... |
| CVE-2025-20894 | 2025-02-04 | Improper access control in Samsung Email prior to version 6.1.97.1... |
| CVE-2025-20895 | 2025-02-04 | Authentication Bypass Using an Alternate Path in Galaxy Store prior... |
| CVE-2025-20896 | 2025-02-04 | Use of implicit intent for sensitive communication in EasySetup prior... |
| CVE-2025-20897 | 2025-02-04 | Improper access control in Secure Folder prior to version 1.9.20.50... |
| CVE-2025-20898 | 2025-02-04 | Improper input validation in Samsung Members prior to version 5.2.00.12... |
| CVE-2025-20899 | 2025-02-04 | Improper access control in PushNotification prior to version 13.0.00.15 in... |
| CVE-2025-20900 | 2025-02-04 | Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows... |
| CVE-2025-20901 | 2025-02-04 | Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows... |
| CVE-2025-20902 | 2025-02-04 | Improper access control in Media Controller prior to version 1.0.24.5282... |
| CVE-2025-22204 | 2025-02-04 | Extension - regularlabs.com - Remote code execution vulnerability in the Sourcerer extensions < 12.0.0 for Joomla |
| CVE-2024-13514 | 2025-02-04 | B Slider- Gutenberg Slider Block for WP <= 1.1.23 - Authenticated (Contributor+) Private Post Disclosure via bsb-slider Shortcode |
| CVE-2024-12046 | 2025-02-04 | Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode |
| CVE-2025-22205 | 2025-02-04 | Extension - admiror-design-studio.com - Path traversal in the Admiror Gallery 4.x component for Joomla |
| CVE-2025-20904 | 2025-02-04 | Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025... |
| CVE-2025-20905 | 2025-02-04 | Out-of-bounds read and write in mPOS TUI trustlet prior to... |
| CVE-2025-20906 | 2025-02-04 | Improper Export of Android Application Components in Settings prior to... |
| CVE-2025-20907 | 2025-02-04 | Improper privilege management in Samsung Find prior to SMR Feb-2025... |
| CVE-2024-10237 | 2025-02-04 | SMC BMC Firmware Image Authentication Design Issue |
| CVE-2024-10238 | 2025-02-04 | fld->used_bytes without sanity check causes stack overflow |
| CVE-2024-10239 | 2025-02-04 | fld->used_bytes without sanity check causes stack overflow |
| CVE-2024-13403 | 2025-02-04 | WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter |
| CVE-2024-13356 | 2025-02-04 | DSGVO All in one for WP <= 4.6 - Cross-Site Request Forgery to Account Deletion |
| CVE-2024-13733 | 2025-02-04 | SKT Blocks – Gutenberg based Page Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13510 | 2025-02-04 | ShopSite <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13529 | 2025-02-04 | SocialV - Social Network and Community BuddyPress Theme <= 2.0.15 - Missing Authorization to Arbitrary File Download |
| CVE-2025-23015 | 2025-02-04 | Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions |
| CVE-2024-40890 | 2025-02-04 | **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the... |
| CVE-2024-40891 | 2025-02-04 | **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the... |
| CVE-2025-0890 | 2025-02-04 | **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function... |
| CVE-2025-24860 | 2025-02-04 | Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions |
| CVE-2024-27137 | 2025-02-04 | Apache Cassandra: unrestricted deserialization of JMX authentication credentials |
| CVE-2024-13699 | 2025-02-04 | Qi Addons For Elementor <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11623 | 2025-02-04 | Stored XSS in authentik |
| CVE-2025-1009 | 2025-02-04 | An attacker could have caused a use-after-free via crafted XSLT... |
| CVE-2025-1010 | 2025-02-04 | An attacker could have caused a use-after-free via the Custom... |
| CVE-2025-1018 | 2025-02-04 | The fullscreen notification is prematurely hidden when fullscreen is re-requested... |
| CVE-2025-1011 | 2025-02-04 | A bug in WebAssembly code generation could have lead to... |
| CVE-2025-1012 | 2025-02-04 | A race during concurrent delazification could have led to a... |
| CVE-2025-1019 | 2025-02-04 | The z-order of the browser windows could be manipulated to... |
| CVE-2025-1013 | 2025-02-04 | A race condition could have led to private browsing tabs... |
| CVE-2025-1014 | 2025-02-04 | Certificate length was not properly checked when added to a... |
| CVE-2025-0510 | 2025-02-04 | Thunderbird displayed an incorrect sender address if the From field... |