Lista CVE - 2025 / Febbraio
Visualizzazione 3601 - 3676 di 3676 CVE per Febbraio 2025 (Pagina 37 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-25610 | 2025-02-28 | TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa. |
| CVE-2025-25635 | 2025-02-28 | TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa. |
| CVE-2025-25723 | 2025-02-28 | Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code. |
| CVE-2025-25916 | 2025-02-28 | wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php. |
| CVE-2025-26047 | 2025-02-28 | Loggrove v1.0 is vulnerable to SQL Injection in the read.py file. |
| CVE-2025-26263 | 2025-02-28 | GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process. |
| CVE-2025-26326 | 2025-02-28 | A vulnerability was identified in the NVDA Remote (version 2.6.4) and Tele NVDA Remote (version 2025.3.3) remote connection add-ons, which allows an attacker to obtain total control of the remote... |
| CVE-2025-0975 | 2025-02-28 | IBM MQ code execution |
| CVE-2024-54173 | 2025-02-28 | IBM MQ information disclosure |
| CVE-2025-23225 | 2025-02-28 | IBM MQ denial of service |
| CVE-2025-0823 | 2025-02-28 | IBM MQ path traversal |
| CVE-2024-56340 | 2025-02-28 | IBM Cognos Analytics path traversal |
| CVE-2025-1744 | 2025-02-28 | Out-of-bounds Write in radare2 |
| CVE-2024-13796 | 2025-02-28 | Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure |
| CVE-2025-1757 | 2025-02-28 | WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-1505 | 2025-02-28 | Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting |
| CVE-2025-0801 | 2025-02-28 | RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update |
| CVE-2025-1511 | 2025-02-28 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting |
| CVE-2025-1513 | 2025-02-28 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-12820 | 2025-02-28 | MK Google Directions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-1506 | 2025-02-28 | Wp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-0764 | 2025-02-28 | wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update |
| CVE-2025-1405 | 2025-02-28 | Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_products Shortcode |
| CVE-2025-1571 | 2025-02-28 | Exclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Image Comparison Widgets |
| CVE-2025-1572 | 2025-02-28 | KiviCare – Clinic & Patient Management System (EHR) <= 3.6.7 - Authenticated (Doctor+) SQL Injection via 'u_id' Parameter |
| CVE-2025-1560 | 2025-02-28 | WOW Entrance Effects (WEE!) <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13832 | 2025-02-28 | Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure |
| CVE-2024-13716 | 2025-02-28 | Forex Calculators <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-13469 | 2025-02-28 | Pricing Table by PickPlugins <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9019 | 2025-02-28 | SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode |
| CVE-2024-9193 | 2025-02-28 | WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update |
| CVE-2024-8425 | 2025-02-28 | WooCommerce Ultimate Gift Card <= 2.6.0 - Unauthenticated Arbitrary File Upload |
| CVE-2024-13831 | 2025-02-28 | Tabs for WooCommerce <= 1.0.0 - Authentiated (Shop Manager+) PHP Object Injection in product_has_custom_tabs |
| CVE-2024-13638 | 2025-02-28 | Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2025-1570 | 2025-02-28 | Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP |
| CVE-2025-1662 | 2025-02-28 | URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding |
| CVE-2024-9195 | 2025-02-28 | WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-13851 | 2025-02-28 | Modal Portfolio <= 1.7.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-8420 | 2025-02-28 | DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation |
| CVE-2025-22491 | 2025-02-28 | Improper Input Validation in Foreseer Reporting Software (FRS) |
| CVE-2025-1413 | 2025-02-28 | Dylib Hijacking in DaVinci Resolve |
| CVE-2025-22492 | 2025-02-28 | Insecure storage of connection strings in FRS |
| CVE-2024-10860 | 2025-02-28 | NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission |
| CVE-2025-22270 | 2025-02-28 | Stored XSS in CyberArk Endpoint Privilege Manager |
| CVE-2025-22271 | 2025-02-28 | IP Spoofing in CyberArk Endpoint Privilege Manager |
| CVE-2025-22272 | 2025-02-28 | Self Reflected XSS in CyberArk Endpoint Privilege Manager |
| CVE-2025-22273 | 2025-02-28 | Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager |
| CVE-2025-22274 | 2025-02-28 | HTML injection in CyberArk Endpoint Privilege Manager |
| CVE-2025-1319 | 2025-02-28 | Site Mailer <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-1300 | 2025-02-28 | Open redirect in CodeChecker web server |
| CVE-2025-1746 | 2025-02-28 | Cross-Site Scripting vulnerability in OpenCart |
| CVE-2025-1747 | 2025-02-28 | HTML injection vulnerability in OpenCart |
| CVE-2025-1748 | 2025-02-28 | HTML injection vulnerability in OpenCart |
| CVE-2025-1749 | 2025-02-28 | HTML injection vulnerability in OpenCart |
| CVE-2025-1776 | 2025-02-28 | Cross-Site Scripting (XSS) vulnerability in Soteshop |
| CVE-2025-27400 | 2025-02-28 | Magento vulnerable to stored XSS in theme config fields |
| CVE-2024-54175 | 2025-02-28 | IBM MQ denial of service |
| CVE-2025-0985 | 2025-02-28 | IBM MQ information disclosure |
| CVE-2025-20060 | 2025-02-28 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Private Personal Information to an Unauthorized Actor |
| CVE-2025-23405 | 2025-02-28 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Improper Output Neutralization For Logs |
| CVE-2025-24843 | 2025-02-28 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Storage of Sensitive Data in a Mechanism without Access Control |
| CVE-2025-24849 | 2025-02-28 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Cleartext Transmission of Sensitive Information |
| CVE-2025-20049 | 2025-02-28 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Cross-site Scripting |
| CVE-2025-24318 | 2025-02-28 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Sensitive Cookie Without 'HttpOnly' Flag |
| CVE-2025-24316 | 2025-02-28 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Sensitive Information Due to Incompatible Policies |
| CVE-2025-27408 | 2025-02-28 | Manifest Uses a One-Way Hash without a Salt |
| CVE-2025-1795 | 2025-02-28 | Mishandling of comma during folding and unicode-encoding of email headers |
| CVE-2025-0159 | 2025-02-28 | IBM FlashSystem authentication bypass |
| CVE-2025-0160 | 2025-02-28 | IBM FlashSystem code execution |
| CVE-2025-0769 | 2025-02-28 | PixelYourSite 10.1.1.1 - Insecure deserialization |
| CVE-2025-27410 | 2025-02-28 | PwnDoc Arbitrary File Write to RCE using Path Traversal in backup restore as admin |
| CVE-2025-27413 | 2025-02-28 | PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json |
| CVE-2025-27414 | 2025-02-28 | MinIO SFTP authentication bypass due to improperly trusted SSH key |
| CVE-2025-26466 | 2025-02-28 | Openssh: denial-of-service in openssh |
| CVE-2024-1509 | 2025-02-28 | Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100 |
| CVE-2025-27554 | 2025-03-01 | ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json... |
| CVE-2025-27416 | 2025-03-01 | Asking For Scratch Username And Password |
| CVE-2025-23118 | 2025-03-01 | An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system. |
| CVE-2025-23115 | 2025-03-01 | A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras management network. |
| CVE-2025-23117 | 2025-03-01 | An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system. |
| CVE-2025-23116 | 2025-03-01 | An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices enabled could allow a malicious actor with access to UniFi Protect Cameras adjacent network to take control of... |
| CVE-2025-23119 | 2025-03-01 | An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent network. |
| CVE-2024-13358 | 2025-03-01 | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update |
| CVE-2025-1780 | 2025-03-01 | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update |
| CVE-2024-13568 | 2025-03-01 | Fluent Support – Helpdesk & Customer Support Ticket System <= 1.8.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2025-0820 | 2025-03-01 | Clicface Trombi <= 2.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via nom Parameter |
| CVE-2024-9217 | 2025-03-01 | Currency Switcher for WooCommerce <= 2.16.2 - Reflected Cross-Site Scripting |
| CVE-2024-13746 | 2025-03-01 | Booking Calendar and Notification <= 4.0.3 - Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_delete_posts Functions |
| CVE-2024-13750 | 2025-03-01 | Multilevel Referral Affiliate Plugin for WooCommerce <= 2.27 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-13518 | 2025-03-01 | Simple:Press <= 6.10.11 - Cross-Site Request Forgery to Unauthorized Post Editing |
| CVE-2024-13559 | 2025-03-01 | TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-9212 | 2025-03-01 | SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting |
| CVE-2024-13901 | 2025-03-01 | Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site <= 2.0.6 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-12824 | 2025-03-01 | Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change |
| CVE-2024-13373 | 2025-03-01 | Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update |
| CVE-2025-1502 | 2025-03-01 | IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export |
| CVE-2025-1730 | 2025-03-01 | Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read |
| CVE-2025-1459 | 2025-03-01 | Page Builder by SiteOrigin <= 2.31.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-1638 | 2025-03-01 | Alloggio Membership <= 1.1 - Authentication Bypass via Social Login Account Takeover |
| CVE-2025-1671 | 2025-03-01 | Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover |