Lista CVE - 2025 / Febbraio
Visualizzazione 3501 - 3600 di 3676 CVE per Febbraio 2025 (Pagina 36 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-21795 | 2025-02-27 | NFSD: fix hang in nfsd4_shutdown_callback |
| CVE-2025-21796 | 2025-02-27 | nfsd: clear acl_access/acl_default after releasing them |
| CVE-2025-21797 | 2025-02-27 | HID: corsair-void: Add missing delayed work cancel for headset status |
| CVE-2024-2321 | 2025-02-27 | Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token |
| CVE-2025-0469 | 2025-02-27 | Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13647 | 2025-02-27 | School Management System – SakolaWP <= 1.0.8 - Cross-Site Request Forgery to Exam Setting Manipulation |
| CVE-2024-13905 | 2025-02-27 | OneStore Sites <= 0.1.1 - Unauthenticated Blind Server-Side Request Forgery |
| CVE-2025-1686 | 2025-02-27 | All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by... |
| CVE-2025-1295 | 2025-02-27 | Templines Elementor Helper Core <= 2.7 - Authenticated (Subscriber+) Privilege Escalation |
| CVE-2024-6261 | 2025-02-27 | Image Photo Gallery Final Tiles Grid <= 3.6.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-2297 | 2025-02-27 | Bricksbuilder <= 1.9.6.1 - Authenticated (Contributor+) Privilege Escalation via create_autosave |
| CVE-2024-13907 | 2025-02-27 | Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.8 - Authenticated (Administrator+) Server-Side Request Forgery |
| CVE-2025-1689 | 2025-02-27 | ThemeMakers PayPal Express Checkout <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-0392 | 2025-02-27 | Cross-Site Request Forgery (CSRF) in WSO2 Enterprise Integrator 6.6.0 Management Console Due to Missing CSRF Token Validation |
| CVE-2024-5848 | 2025-02-27 | Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation |
| CVE-2025-1717 | 2025-02-27 | Login Me Now <= 1.7.2 - Authentication Bypass |
| CVE-2025-1690 | 2025-02-27 | ThemeMakers Stripe Checkout <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-1282 | 2025-02-27 | Car Dealer Automotive WordPress Theme – Responsive <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Deletion and Read |
| CVE-2024-13734 | 2025-02-27 | Card Elements for Elementor <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Profile Card Widget |
| CVE-2025-1450 | 2025-02-27 | Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty <= 3.3.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-13217 | 2025-02-27 | Jeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-Canvas |
| CVE-2024-10918 | 2025-02-27 | Stack-based Buffer Overflow in libmodbus library |
| CVE-2025-1751 | 2025-02-27 | SQL Injection CIGES |
| CVE-2025-1738 | 2025-02-27 | Multiple vulnerabilities in Trivision Camera NC227WF |
| CVE-2025-1691 | 2025-02-27 | MongoDB Shell may be susceptible to Control Character Injection via autocomplete |
| CVE-2025-1692 | 2025-02-27 | MongoDB Shell may be susceptible to control character injection via pasting |
| CVE-2025-1693 | 2025-02-27 | MongoDB Shell may be susceptible to control character Injection via shell output |
| CVE-2025-1739 | 2025-02-27 | Multiple vulnerabilities in Trivision Camera NC227WF |
| CVE-2024-13402 | 2025-02-27 | BuddyBoss Platform <= 2.7.70 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'link_title' |
| CVE-2025-27154 | 2025-02-27 | Spotipy's cache file, containing spotify auth token, is created with overly broad permissions |
| CVE-2024-9334 | 2025-02-27 | Information Disclosure in E-Kent's Pallium Vehicle Tracking |
| CVE-2025-22280 | 2025-02-27 | WordPress DefendWP Firewall Plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2024-13148 | 2025-02-27 | SQLi in Yukseloglu Filter's B2B Login Platform |
| CVE-2024-56812 | 2025-02-27 | IBM EntireX information disclosure |
| CVE-2024-56494 | 2025-02-27 | IBM EntireX information disclosure |
| CVE-2024-56493 | 2025-02-27 | IBM EntireX information disclosure |
| CVE-2024-56811 | 2025-02-27 | IBM EntireX information disclosure |
| CVE-2024-56495 | 2025-02-27 | IBM EntireX information disclosure |
| CVE-2024-56496 | 2025-02-27 | IBM EntireX information disclosure |
| CVE-2024-56810 | 2025-02-27 | IBM EntireX information disclosure |
| CVE-2025-0759 | 2025-02-27 | IBM EntireX race condition |
| CVE-2024-54169 | 2025-02-27 | IBM EntireX path traversal |
| CVE-2024-54170 | 2025-02-27 | IBM EntireX denial of service |
| CVE-2025-1755 | 2025-02-27 | MongoDB Compass may be susceptible to local privilege escalation in Windows |
| CVE-2025-1756 | 2025-02-27 | MongoDB Shell may be susceptible to local privilege escalation in Windows |
| CVE-2025-1741 | 2025-02-27 | b1gMail Admin Page users.php deserialization |
| CVE-2025-0914 | 2025-02-27 | Velociraptor Shell Plugin Prevent_execve Bypass |
| CVE-2025-23687 | 2025-02-27 | WordPress Woo Store Mode plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-9285 | 2025-02-27 | Tu Yafeng Via Browser Javascript Bridge cross site scripting |
| CVE-2025-1742 | 2025-02-27 | pihome-shc PiHome home.php cross site scripting |
| CVE-2025-27157 | 2025-02-27 | Mastodon's rate-limits are missing on `/auth/setup` |
| CVE-2025-27399 | 2025-02-27 | Mastodon's domain blocks & rationales ignore user approval when visibility set as "users" |
| CVE-2025-1743 | 2025-02-27 | zyx0814 Pichome index.php path traversal |
| CVE-2025-1745 | 2025-02-27 | LinZhaoguan pb-cms Logout cross-site request forgery |
| CVE-2025-0767 | 2025-02-27 | WP Activity Log 5.3.2 - Insecure deserialization |
| CVE-2025-22624 | 2025-02-27 | FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 - Reflected cross-site scripting (XSS) |
| CVE-2024-58022 | 2025-02-27 | mailbox: th1520: Fix a NULL vs IS_ERR() bug |
| CVE-2024-58034 | 2025-02-27 | memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() |
| CVE-2024-58042 | 2025-02-27 | rhashtable: Fix potential deadlock by moving schedule_work outside lock |
| CVE-2025-21798 | 2025-02-27 | firewire: test: Fix potential null dereference in firewire kunit test |
| CVE-2025-21799 | 2025-02-27 | net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() |
| CVE-2025-21800 | 2025-02-27 | net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset |
| CVE-2025-21801 | 2025-02-27 | net: ravb: Fix missing rtnl lock in suspend/resume path |
| CVE-2025-21802 | 2025-02-27 | net: hns3: fix oops when unload drivers paralleling |
| CVE-2025-21803 | 2025-02-27 | LoongArch: Fix warnings during S3 suspend |
| CVE-2025-21804 | 2025-02-27 | PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() |
| CVE-2025-21805 | 2025-02-27 | RDMA/rtrs: Add missing deinit() call |
| CVE-2025-21806 | 2025-02-27 | net: let net.core.dev_weight always be non-zero |
| CVE-2025-21807 | 2025-02-27 | block: fix queue freeze vs limits lock order in sysfs store methods |
| CVE-2025-21808 | 2025-02-27 | net: xdp: Disallow attaching device-bound programs in generic mode |
| CVE-2025-21809 | 2025-02-27 | rxrpc, afs: Fix peer hash locking vs RCU callback |
| CVE-2025-21810 | 2025-02-27 | driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() |
| CVE-2025-21811 | 2025-02-27 | nilfs2: protect access to buffers with no active references |
| CVE-2025-21812 | 2025-02-27 | ax25: rcu protect dev->ax25_ptr |
| CVE-2025-21813 | 2025-02-27 | timers/migration: Fix off-by-one root mis-connection |
| CVE-2025-21814 | 2025-02-27 | ptp: Ensure info->enable callback is always set |
| CVE-2025-21815 | 2025-02-27 | mm/compaction: fix UBSAN shift-out-of-bounds warning |
| CVE-2025-21816 | 2025-02-27 | hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING |
| CVE-2025-21817 | 2025-02-27 | block: mark GFP_NOIO around sysfs ->store() |
| CVE-2025-21819 | 2025-02-27 | Revert "drm/amd/display: Use HW lock mgr for PSR1" |
| CVE-2025-21820 | 2025-02-27 | tty: xilinx_uartps: split sysrq handling |
| CVE-2025-21821 | 2025-02-27 | fbdev: omap: use threaded IRQ for LCD DMA |
| CVE-2025-21822 | 2025-02-27 | ptp: vmclock: Set driver data before its usage |
| CVE-2025-21823 | 2025-02-27 | batman-adv: Drop unmanaged ELP metric worker |
| CVE-2025-21824 | 2025-02-27 | gpu: host1x: Fix a use of uninitialized mutex |
| CVE-2025-24832 | 2025-02-27 | Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.4.866, Acronis... |
| CVE-2025-1681 | 2025-02-27 | Cardealer <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Change and Delete JS and CSS Files |
| CVE-2025-1682 | 2025-02-27 | Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-1687 | 2025-02-27 | Cardealer <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile |
| CVE-2024-12811 | 2025-02-27 | Traveler <= 3.1.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2024-44754 | 2025-02-28 | Cryptographic key extraction from internal flash in Minut M2 with firmware version #15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB. |
| CVE-2025-25379 | 2025-02-28 | Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component. |
| CVE-2025-25428 | 2025-02-28 | TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. |
| CVE-2025-25429 | 2025-02-28 | Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page. |
| CVE-2025-25430 | 2025-02-28 | Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page. |
| CVE-2025-25431 | 2025-02-28 | Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the The ssid key of wifi_data parameter on the /captive_portal.htm page. |
| CVE-2025-25461 | 2025-02-28 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can inject a malicious XSS payload into the category name... |
| CVE-2025-25476 | 2025-02-28 | A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification... |
| CVE-2025-25478 | 2025-02-28 | The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing... |
| CVE-2025-25609 | 2025-02-28 | TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa |