Lista CVE - 2025 / Febbraio
Visualizzazione 201 - 300 di 3676 CVE per Febbraio 2025 (Pagina 3 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-24898 | 2025-02-03 | rust openssl ssl::select_next_proto use after free |
| CVE-2024-12510 | 2025-02-03 | LDAP Authentication Sever Pass-back attack |
| CVE-2024-11133 | 2025-02-03 | Eventer <= 3.9.9 - Missing Authorization to Unauthenticated Event Ticket Download |
| CVE-2024-11132 | 2025-02-03 | Eventer <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-11134 | 2025-02-03 | Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export |
| CVE-2024-12859 | 2025-02-03 | BoomBox Theme Extensions <= 1.8.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2024-12511 | 2025-02-03 | SMB/FTP Address Book Scan Pass-back attack |
| CVE-2025-24961 | 2025-02-03 | Insecure path traversal in filesystem and filesystem-nio2 storage backends in org.gaul S3Proxy |
| CVE-2025-24960 | 2025-02-03 | Missing Input validation for filename in backups endpoint in Jellystat |
| CVE-2025-24959 | 2025-02-03 | Environment Variable Injection for dotenv API in zx |
| CVE-2025-24962 | 2025-02-03 | Command Injection in reNgine |
| CVE-2025-24899 | 2025-02-03 | Disclosure of Sensitive User Information via API in reNgine |
| CVE-2025-24370 | 2025-02-03 | Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass |
| CVE-2025-23210 | 2025-02-03 | Bypass XSS sanitizer using the javascript protocol and special characters in phpoffice/phpspreadsheet |
| CVE-2025-24371 | 2025-02-03 | Malicious peer can make node stuck in blocksync in github.com/cometbft/cometbft |
| CVE-2025-24029 | 2025-02-03 | Artifact permissions are not verified in the Cross Tracker Search widget in Tuleap |
| CVE-2025-22129 | 2025-02-03 | Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap |
| CVE-2024-47770 | 2025-02-03 | Ability to view Agent list with no privilege access in wazuh-dashboard |
| CVE-2024-35177 | 2025-02-03 | Improper Access Control in wazuh-agent |
| CVE-2025-24958 | 2025-02-03 | SQL Injection endpoint 'salvar_tag.php' parameter 'id_tag' in WeGIA |
| CVE-2025-24957 | 2025-02-03 | SQL Injection endpoint 'get_detalhes_socio.php' parameter 'id_socio' in WeGIA |
| CVE-2025-24906 | 2025-02-03 | SQL Injection endpoint 'get_detalhes_cobranca.php' parameter 'codigo' in WeGIA |
| CVE-2025-24905 | 2025-02-03 | SQL Injection endpoint 'get_codigobarras_cobranca.php' parameter 'codigo' in WeGIA |
| CVE-2025-24902 | 2025-02-03 | SQL Injection endpoint 'salvar_cargo.php' parameter 'id_cargo' in WeGIA |
| CVE-2025-24901 | 2025-02-03 | SQL Injection endpoint 'deletar_permissao.php' parameter 'c', 'a', 'r' in WeGIA |
| CVE-2025-0148 | 2025-02-03 | Zoom Jenkins Marketplace plugin - Missing Password Field Masking |
| CVE-2025-1003 | 2025-02-03 | HP Anyware Agent for Linux – Potential Authentication Bypass |
| CVE-2024-48445 | 2025-02-04 | An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters. |
| CVE-2025-22475 | 2025-02-04 | Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this... |
| CVE-2025-24982 | 2025-02-04 | Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted. |
| CVE-2024-13114 | 2025-02-04 | WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected XSS |
| CVE-2024-13115 | 2025-02-04 | WP Projects Portfolio with Client Testimonials <= 3.0 - Stored XSS via CSRF |
| CVE-2024-13325 | 2025-02-04 | Glossy <= 2.3.5 - Reflected XSS |
| CVE-2024-13326 | 2025-02-04 | iBuildApp <= 0.2.0 - Reflected XSS |
| CVE-2024-13327 | 2025-02-04 | Musicbox <= 2.0.3 - Reflected XSS |
| CVE-2024-13328 | 2025-02-04 | Giga Messenger Bots <= 2.3.1 - Reflected XSS |
| CVE-2024-13329 | 2025-02-04 | Solidres <= 0.9.4 - Reflected XSS |
| CVE-2024-13330 | 2025-02-04 | Justrows Free <= 0.2 - Reflected XSS |
| CVE-2024-13331 | 2025-02-04 | WP Dream Carousel <= 1.0.1b - Reflected XSS |
| CVE-2024-13332 | 2025-02-04 | TransFinanz <= 1.0.0 - Reflected XSS |
| CVE-2025-0368 | 2025-02-04 | Banner Garden Plugin for WordPress <= 0.1.3 - Reflected XSS |
| CVE-2025-0466 | 2025-02-04 | Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure |
| CVE-2024-12597 | 2025-02-04 | HT Mega <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css |
| CVE-2024-13607 | 2025-02-04 | JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference |
| CVE-2025-20881 | 2025-02-04 | Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is... |
| CVE-2025-20882 | 2025-02-04 | Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for... |
| CVE-2025-20883 | 2025-02-04 | Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. |
| CVE-2025-20884 | 2025-02-04 | Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. |
| CVE-2025-20885 | 2025-02-04 | Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. |
| CVE-2025-20886 | 2025-02-04 | Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. |
| CVE-2025-20887 | 2025-02-04 | Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this... |
| CVE-2025-20888 | 2025-02-04 | Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required... |
| CVE-2025-20889 | 2025-02-04 | Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this... |
| CVE-2025-20890 | 2025-02-04 | Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this... |
| CVE-2025-20891 | 2025-02-04 | Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering... |
| CVE-2025-20892 | 2025-02-04 | Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability. |
| CVE-2025-20893 | 2025-02-04 | Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications. |
| CVE-2025-20894 | 2025-02-04 | Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles. |
| CVE-2025-20895 | 2025-02-04 | Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard. |
| CVE-2025-20896 | 2025-02-04 | Use of implicit intent for sensitive communication in EasySetup prior to version 11.1.18 allows local attackers to access sensitive information. |
| CVE-2025-20897 | 2025-02-04 | Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure... |
| CVE-2025-20898 | 2025-02-04 | Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles. |
| CVE-2025-20899 | 2025-02-04 | Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information. |
| CVE-2025-20900 | 2025-02-04 | Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory. |
| CVE-2025-20901 | 2025-02-04 | Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory. |
| CVE-2025-20902 | 2025-02-04 | Improper access control in Media Controller prior to version 1.0.24.5282 allows local attacker to launch activities in MediaController's privilege. |
| CVE-2025-22204 | 2025-02-04 | Extension - regularlabs.com - Remote code execution vulnerability in the Sourcerer extensions < 12.0.0 for Joomla |
| CVE-2024-13514 | 2025-02-04 | B Slider- Gutenberg Slider Block for WP <= 1.1.23 - Authenticated (Contributor+) Private Post Disclosure via bsb-slider Shortcode |
| CVE-2024-12046 | 2025-02-04 | Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode |
| CVE-2025-22205 | 2025-02-04 | Extension - admiror-design-studio.com - Path traversal in the Admiror Gallery 4.x component for Joomla |
| CVE-2025-20904 | 2025-02-04 | Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption. |
| CVE-2025-20905 | 2025-02-04 | Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory. |
| CVE-2025-20906 | 2025-02-04 | Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB. |
| CVE-2025-20907 | 2025-02-04 | Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find. |
| CVE-2024-10237 | 2025-02-04 | SMC BMC Firmware Image Authentication Design Issue |
| CVE-2024-10238 | 2025-02-04 | fld->used_bytes without sanity check causes stack overflow |
| CVE-2024-10239 | 2025-02-04 | fld->used_bytes without sanity check causes stack overflow |
| CVE-2024-13403 | 2025-02-04 | WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter |
| CVE-2024-13356 | 2025-02-04 | DSGVO All in one for WP <= 4.6 - Cross-Site Request Forgery to Account Deletion |
| CVE-2024-13733 | 2025-02-04 | SKT Blocks – Gutenberg based Page Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13510 | 2025-02-04 | ShopSite <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13529 | 2025-02-04 | SocialV - Social Network and Community BuddyPress Theme <= 2.0.15 - Missing Authorization to Arbitrary File Download |
| CVE-2025-23015 | 2025-02-04 | Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions |
| CVE-2024-40890 | 2025-02-04 | **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating... |
| CVE-2024-40891 | 2025-02-04 | **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating... |
| CVE-2025-0890 | 2025-02-04 | **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management... |
| CVE-2025-24860 | 2025-02-04 | Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions |
| CVE-2024-27137 | 2025-02-04 | Apache Cassandra: unrestricted deserialization of JMX authentication credentials |
| CVE-2024-13699 | 2025-02-04 | Qi Addons For Elementor <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11623 | 2025-02-04 | Stored XSS in authentik |
| CVE-2025-1009 | 2025-02-04 | An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR <... |
| CVE-2025-1010 | 2025-02-04 | An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR... |
| CVE-2025-1018 | 2025-02-04 | The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox <... |
| CVE-2025-1011 | 2025-02-04 | A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects... |
| CVE-2025-1012 | 2025-02-04 | A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird... |
| CVE-2025-1019 | 2025-02-04 | The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135... |
| CVE-2025-1013 | 2025-02-04 | A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox <... |
| CVE-2025-1014 | 2025-02-04 | Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird... |
| CVE-2025-0510 | 2025-02-04 | Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7... |
| CVE-2025-1016 | 2025-02-04 | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and... |