VULNMAP - Vulnerabilità di Sicurezza

Lista CVE - 2025 / Febbraio

Visualizzazione 3601 - 3678 di 3678 CVE per Febbraio 2025 (Pagina 37 di 37)

ID CVE Data Titolo
CVE-2025-25476 2025-02-28 A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows...
CVE-2025-25478 2025-02-28 The account file upload functionality in Syspass 3.2.x fails to...
CVE-2025-25609 2025-02-28 TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability...
CVE-2025-25610 2025-02-28 TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability...
CVE-2025-25635 2025-02-28 TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability...
CVE-2025-25723 2025-02-28 Buffer Overflow vulnerability in GPAC version 2.5 allows a local...
CVE-2025-25916 2025-02-28 wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in...
CVE-2025-26047 2025-02-28 Loggrove v1.0 is vulnerable to SQL Injection in the read.py...
CVE-2025-26263 2025-02-28 GeoVision ASManager Windows desktop application with the version 6.1.2.0 or...
CVE-2025-26326 2025-02-28 A vulnerability was identified in the NVDA Remote (version 2.6.4)...
CVE-2025-0975 2025-02-28 IBM MQ code execution
CVE-2024-54173 2025-02-28 IBM MQ information disclosure
CVE-2025-23225 2025-02-28 IBM MQ denial of service
CVE-2025-0823 2025-02-28 IBM MQ path traversal
CVE-2024-56340 2025-02-28 IBM Cognos Analytics path traversal
CVE-2025-1744 2025-02-28 Out-of-bounds Write in radare2
CVE-2024-13796 2025-02-28 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure
CVE-2025-1757 2025-02-28 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-1505 2025-02-28 Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting
CVE-2025-0801 2025-02-28 RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update
CVE-2025-1511 2025-02-28 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting
CVE-2025-1513 2025-02-28 Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting
CVE-2024-12820 2025-02-28 MK Google Directions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-1506 2025-02-28 Wp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings Update
CVE-2025-0764 2025-02-28 wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update
CVE-2025-1405 2025-02-28 Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_products Shortcode
CVE-2025-1571 2025-02-28 Exclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Image Comparison Widgets
CVE-2025-1572 2025-02-28 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.7 - Authenticated (Doctor+) SQL Injection via 'u_id' Parameter
CVE-2025-1560 2025-02-28 WOW Entrance Effects (WEE!) <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-13832 2025-02-28 Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure
CVE-2024-13716 2025-02-28 Forex Calculators <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVE-2024-13469 2025-02-28 Pricing Table by PickPlugins <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-9019 2025-02-28 SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode
CVE-2024-9193 2025-02-28 WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update
CVE-2024-8425 2025-02-28 WooCommerce Ultimate Gift Card <= 2.6.0 - Unauthenticated Arbitrary File Upload
CVE-2024-13831 2025-02-28 Tabs for WooCommerce <= 1.0.0 - Authentiated (Shop Manager+) PHP Object Injection in product_has_custom_tabs
CVE-2024-13638 2025-02-28 Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
CVE-2025-1570 2025-02-28 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP
CVE-2025-1662 2025-02-28 URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding
CVE-2024-9195 2025-02-28 WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update
CVE-2024-13851 2025-02-28 Modal Portfolio <= 1.7.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2024-8420 2025-02-28 DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation
CVE-2025-22491 2025-02-28 Improper Input Validation in Foreseer Reporting Software (FRS)
CVE-2025-1413 2025-02-28 Dylib Hijacking in DaVinci Resolve
CVE-2025-22492 2025-02-28 Insecure storage of connection strings in FRS
CVE-2024-10860 2025-02-28 NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission
CVE-2025-22270 2025-02-28 Stored XSS in CyberArk Endpoint Privilege Manager
CVE-2025-22271 2025-02-28 IP Spoofing in CyberArk Endpoint Privilege Manager
CVE-2025-22272 2025-02-28 Self Reflected XSS in CyberArk Endpoint Privilege Manager
CVE-2025-22273 2025-02-28 Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager
CVE-2025-22274 2025-02-28 HTML injection in CyberArk Endpoint Privilege Manager
CVE-2025-1319 2025-02-28 Site Mailer <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-1300 2025-02-28 Open redirect in CodeChecker web server
CVE-2025-1746 2025-02-28 Cross-Site Scripting vulnerability in OpenCart
CVE-2025-1747 2025-02-28 HTML injection vulnerability in OpenCart
CVE-2025-1748 2025-02-28 HTML injection vulnerability in OpenCart
CVE-2025-1749 2025-02-28 HTML injection vulnerability in OpenCart
CVE-2025-1776 2025-02-28 Cross-Site Scripting (XSS) vulnerability in Soteshop
CVE-2025-27400 2025-02-28 Magento vulnerable to stored XSS in theme config fields
CVE-2024-54175 2025-02-28 IBM MQ denial of service
CVE-2025-0985 2025-02-28 IBM MQ information disclosure
CVE-2025-20060 2025-02-28 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-23405 2025-02-28 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Improper Output Neutralization For Logs
CVE-2025-24843 2025-02-28 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Storage of Sensitive Data in a Mechanism without Access Control
CVE-2025-24849 2025-02-28 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Cleartext Transmission of Sensitive Information
CVE-2025-20049 2025-02-28 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Cross-site Scripting
CVE-2025-24318 2025-02-28 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Sensitive Cookie Without 'HttpOnly' Flag
CVE-2025-24316 2025-02-28 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Sensitive Information Due to Incompatible Policies
CVE-2025-27408 2025-02-28 Manifest Uses a One-Way Hash without a Salt
CVE-2025-1795 2025-02-28 Mishandling of comma during folding and unicode-encoding of email headers
CVE-2025-0159 2025-02-28 IBM FlashSystem authentication bypass
CVE-2025-0160 2025-02-28 IBM FlashSystem code execution
CVE-2025-0769 2025-02-28 PixelYourSite 10.1.1.1 - Insecure deserialization
CVE-2025-27410 2025-02-28 PwnDoc Arbitrary File Write to RCE using Path Traversal in backup restore as admin
CVE-2025-27413 2025-02-28 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json
CVE-2025-27414 2025-02-28 MinIO SFTP authentication bypass due to improperly trusted SSH key
CVE-2025-26466 2025-02-28 Openssh: denial-of-service in openssh
CVE-2024-1509 2025-02-28 Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100