Lista CVE - 2025 / Febbraio
Visualizzazione 3301 - 3400 di 3676 CVE per Febbraio 2025 (Pagina 34 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-47051 | 2025-02-26 | Remote Code Execution & File Deletion in Asset Uploads |
| CVE-2025-26925 | 2025-02-26 | WordPress Admin Menu Manager plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-0719 | 2025-02-26 | IBM Cloud Pak for Data cross-site scripting |
| CVE-2025-1249 | 2025-02-26 | WordPress Events Manager plugin <= 6.6.4.1 - Broken Access Control vulnerability |
| CVE-2025-1716 | 2025-02-26 | picklescan - Security scanning bypass via 'pip main' |
| CVE-2022-49732 | 2025-02-26 | sock: redo the psock vs ULP protection check |
| CVE-2025-20111 | 2025-02-26 | Cisco Nexus 3000 and 9000 Series Switches Layer 2 Ethernet Denial of Service Vulnerability |
| CVE-2025-20116 | 2025-02-26 | Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability |
| CVE-2025-20117 | 2025-02-26 | Cisco Application Policy Infrastructure Controller Authenticated Command Injection Vulnerability |
| CVE-2025-20161 | 2025-02-26 | Cisco NX-OS Software Command Injection Vulnerability |
| CVE-2025-20118 | 2025-02-26 | Cisco Application Policy Infrastructure Controller Authenticated Command Injection Due to Sensitive Disclosure Vulnerability |
| CVE-2025-20119 | 2025-02-26 | Cisco Application Policy Infrastructure Controller Authenticated Local Denial of Service Vulnerability |
| CVE-2025-0941 | 2025-02-26 | MET ONE 3400+ Potential Credential Exposure |
| CVE-2025-1634 | 2025-02-26 | Io.quarkus:quarkus-resteasy: memory leak in quarkus resteasy classic when client requests timeout |
| CVE-2025-1726 | 2025-02-26 | [#BUG-000172669 ArcGIS Monitor has a security vulnerability] |
| CVE-2024-36046 | 2025-02-27 | Infoblox NIOS through 8.6.4 executes with more privileges than required. |
| CVE-2024-36047 | 2025-02-27 | Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation. |
| CVE-2024-37566 | 2025-02-27 | Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. |
| CVE-2024-37567 | 2025-02-27 | Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. |
| CVE-2024-38290 | 2025-02-27 | In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met. |
| CVE-2024-38291 | 2025-02-27 | In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation. |
| CVE-2024-38292 | 2025-02-27 | In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. |
| CVE-2024-41334 | 2025-02-27 | Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766... |
| CVE-2024-41335 | 2025-02-27 | Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766... |
| CVE-2024-41336 | 2025-02-27 | Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766... |
| CVE-2024-41338 | 2025-02-27 | A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832... |
| CVE-2024-41339 | 2025-02-27 | An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor... |
| CVE-2024-41340 | 2025-02-27 | An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to... |
| CVE-2024-51138 | 2025-02-27 | Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8... |
| CVE-2024-51139 | 2025-02-27 | Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766... |
| CVE-2024-53408 | 2025-02-27 | AVE System Web Client v2.1.131.13992 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2024-53944 | 2025-02-27 | An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability.... |
| CVE-2024-54957 | 2025-02-27 | Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link... |
| CVE-2024-55160 | 2025-02-27 | GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list. |
| CVE-2025-22952 | 2025-02-27 | elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. |
| CVE-2025-25323 | 2025-02-27 | An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2025-25324 | 2025-02-27 | An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2025-25325 | 2025-02-27 | An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2025-25326 | 2025-02-27 | An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2025-25329 | 2025-02-27 | An issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2025-25330 | 2025-02-27 | An issue in Boohee Technology Boohee Health iOS 13.0.13 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2025-25331 | 2025-02-27 | An issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2025-25333 | 2025-02-27 | An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2025-25334 | 2025-02-27 | An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2025-25477 | 2025-02-27 | A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser. |
| CVE-2025-25570 | 2025-02-27 | Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials. |
| CVE-2025-25727 | 2025-02-27 | Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were discovered to store passwords in cleartext. |
| CVE-2025-25728 | 2025-02-27 | Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were discovered to send communications to the update API in plaintext, allowing attackers to access sensitive information via... |
| CVE-2025-25729 | 2025-02-27 | An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 allows attackers to obtain hardcoded cleartext credentials via the update or boot process. |
| CVE-2025-25730 | 2025-02-27 | An issue in Motorola Mobility Droid Razr HD (Model XT926) System Version: 9.18.94.XT926.Verizon.en.US allows physically proximate unauthorized attackers to access USB debugging, leading to control of the host device itself. |
| CVE-2025-25759 | 2025-02-27 | An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request. |
| CVE-2025-25760 | 2025-02-27 | A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request. |
| CVE-2025-25761 | 2025-02-27 | HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php. |
| CVE-2025-26264 | 2025-02-27 | GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges... |
| CVE-2025-26325 | 2025-02-27 | ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php. |
| CVE-2024-57953 | 2025-02-27 | rtc: tps6594: Fix integer overflow on 32bit systems |
| CVE-2024-57973 | 2025-02-27 | rdma/cxgb4: Prevent potential integer overflow on 32bit |
| CVE-2024-57974 | 2025-02-27 | udp: Deal with race between UDP socket address change and rehash |
| CVE-2024-57975 | 2025-02-27 | btrfs: do proper folio cleanup when run_delalloc_nocow() failed |
| CVE-2024-57976 | 2025-02-27 | btrfs: do proper folio cleanup when cow_file_range() failed |
| CVE-2024-57977 | 2025-02-27 | memcg: fix soft lockup in the OOM process |
| CVE-2024-57978 | 2025-02-27 | media: imx-jpeg: Fix potential error pointer dereference in detach_pm() |
| CVE-2024-57979 | 2025-02-27 | pps: Fix a use-after-free |
| CVE-2024-57980 | 2025-02-27 | media: uvcvideo: Fix double free in error path |
| CVE-2024-57981 | 2025-02-27 | usb: xhci: Fix NULL pointer dereference on certain command aborts |
| CVE-2024-57982 | 2025-02-27 | xfrm: state: fix out-of-bounds read during lookup |
| CVE-2024-57983 | 2025-02-27 | mailbox: th1520: Fix memory corruption due to incorrect array size |
| CVE-2024-57984 | 2025-02-27 | i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition |
| CVE-2024-57985 | 2025-02-27 | firmware: qcom: scm: Cleanup global '__scm' on probe failures |
| CVE-2024-57986 | 2025-02-27 | HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections |
| CVE-2024-57987 | 2025-02-27 | Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() |
| CVE-2024-57988 | 2025-02-27 | Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() |
| CVE-2024-57989 | 2025-02-27 | wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links |
| CVE-2024-57990 | 2025-02-27 | wifi: mt76: mt7925: fix off by one in mt7925_load_clc() |
| CVE-2024-57991 | 2025-02-27 | wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles() |
| CVE-2024-57992 | 2025-02-27 | wifi: wilc1000: unregister wiphy only if it has been registered |
| CVE-2024-57993 | 2025-02-27 | HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check |
| CVE-2024-57994 | 2025-02-27 | ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() |
| CVE-2024-57995 | 2025-02-27 | wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() |
| CVE-2024-57996 | 2025-02-27 | net_sched: sch_sfq: don't allow 1 packet limit |
| CVE-2024-57997 | 2025-02-27 | wifi: wcn36xx: fix channel survey memory allocation size |
| CVE-2024-57998 | 2025-02-27 | OPP: add index check to assert to avoid buffer overflow in _read_freq() |
| CVE-2024-57999 | 2025-02-27 | powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW |
| CVE-2024-58000 | 2025-02-27 | io_uring: prevent reg-wait speculations |
| CVE-2025-21705 | 2025-02-27 | mptcp: handle fastopen disconnect correctly |
| CVE-2025-21706 | 2025-02-27 | mptcp: pm: only set fullmesh for subflow endp |
| CVE-2025-21707 | 2025-02-27 | mptcp: consolidate suboption status |
| CVE-2025-21708 | 2025-02-27 | net: usb: rtl8150: enable basic endpoint checking |
| CVE-2025-21709 | 2025-02-27 | kernel: be more careful about dup_mmap() failures and uprobe registering |
| CVE-2025-21710 | 2025-02-27 | tcp: correct handling of extreme memory squeeze |
| CVE-2025-21711 | 2025-02-27 | net/rose: prevent integer overflows in rose_setsockopt() |
| CVE-2025-21712 | 2025-02-27 | md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime |
| CVE-2025-21713 | 2025-02-27 | powerpc/pseries/iommu: Don't unset window if it was never set |
| CVE-2025-21714 | 2025-02-27 | RDMA/mlx5: Fix implicit ODP use after free |
| CVE-2025-21715 | 2025-02-27 | net: davicom: fix UAF in dm9000_drv_remove |
| CVE-2025-21716 | 2025-02-27 | vxlan: Fix uninit-value in vxlan_vnifilter_dump() |
| CVE-2025-21717 | 2025-02-27 | net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq |
| CVE-2025-21718 | 2025-02-27 | net: rose: fix timer races against user threads |
| CVE-2025-21719 | 2025-02-27 | ipmr: do not call mr_mfc_uses_dev() for unres entries |
| CVE-2025-21720 | 2025-02-27 | xfrm: delete intermediate secpath entry in packet offload mode |