Lista CVE - 2025 / Febbraio
Visualizzazione 401 - 500 di 3676 CVE per Febbraio 2025 (Pagina 5 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-57598 | 2025-02-05 | A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability. |
| CVE-2024-57699 | 2025-02-05 | A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger,... |
| CVE-2025-25246 | 2025-02-05 | NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users. |
| CVE-2025-23114 | 2025-02-05 | A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate. |
| CVE-2025-1028 | 2025-02-05 | Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload |
| CVE-2025-1026 | 2025-02-05 | Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing... |
| CVE-2025-1022 | 2025-02-05 | Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the... |
| CVE-2025-1025 | 2025-02-05 | Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter. |
| CVE-2024-13829 | 2025-02-05 | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure |
| CVE-2023-52924 | 2025-02-05 | netfilter: nf_tables: don't skip expired elements during walk |
| CVE-2023-52925 | 2025-02-05 | netfilter: nf_tables: don't fail inserts if duplicate has expired |
| CVE-2025-0167 | 2025-02-05 | netrc and default credential leak |
| CVE-2025-0665 | 2025-02-05 | eventfd double close |
| CVE-2025-0725 | 2025-02-05 | gzip integer overflow |
| CVE-2023-6386 | 2025-02-05 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2024-1539 | 2025-02-05 | Missing Authorization in GitLab |
| CVE-2024-6356 | 2025-02-05 | Incorrect User Management in GitLab |
| CVE-2024-9631 | 2025-02-05 | Inefficient Algorithmic Complexity in GitLab |
| CVE-2024-5528 | 2025-02-05 | Incomplete Comparison with Missing Factors in GitLab |
| CVE-2024-49352 | 2025-02-05 | IBM Cognos Anaytics XML external entity injection |
| CVE-2024-52364 | 2025-02-05 | IBM Cloud Pak for Business Automation cross-site scripting |
| CVE-2024-52365 | 2025-02-05 | IBM Cloud Pak for Business Automation cross-site scripting |
| CVE-2024-49348 | 2025-02-05 | IBM Cloud Pak for Business Automation incorrect privilege assignment |
| CVE-2024-3976 | 2025-02-05 | Missing Authorization in GitLab |
| CVE-2024-2878 | 2025-02-05 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2024-9097 | 2025-02-05 | IDOR |
| CVE-2025-21117 | 2025-02-05 | Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the... |
| CVE-2025-0858 | 2025-02-05 | Certain Poly Devices – Path Traversal Vulnerability - Arbitrary File Access by Unauthorized User |
| CVE-2024-42207 | 2025-02-05 | HCL iAutomate is affected by a session fixation vulnerability |
| CVE-2024-39564 | 2025-02-05 | Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to RPD crash |
| CVE-2025-20124 | 2025-02-05 | Cisco Identity Services Engine Java Deserialization Vulnerability |
| CVE-2025-20125 | 2025-02-05 | Cisco Identity Services Engine Insufficient Authorization Bypass Vulnerability |
| CVE-2025-20179 | 2025-02-05 | Cisco Expressway Series Cross-Site Scripting Vulnerability |
| CVE-2025-20180 | 2025-02-05 | Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability |
| CVE-2025-20183 | 2025-02-05 | Cisco Secure Web Appliance Range Request Bypass Vulnerability |
| CVE-2025-20184 | 2025-02-05 | Cisco Secure Email and Web Manager and Secure Web Appliance Command Injection Vulnerability |
| CVE-2025-20185 | 2025-02-05 | Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Privilege Escalation Vulnerability |
| CVE-2025-20204 | 2025-02-05 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability |
| CVE-2025-20205 | 2025-02-05 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability |
| CVE-2025-20207 | 2025-02-05 | Cisco Secure Email Gateway, Cisco Secure Email and Web Appliance and Cisco Secure Web Appliance SNMP Polling Information Disclosure Vulnerability |
| CVE-2025-20173 | 2025-02-05 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.... |
| CVE-2025-20172 | 2025-02-05 | A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition... |
| CVE-2025-20176 | 2025-02-05 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.... |
| CVE-2025-20171 | 2025-02-05 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.... |
| CVE-2025-20170 | 2025-02-05 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.... |
| CVE-2025-20174 | 2025-02-05 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.... |
| CVE-2025-20175 | 2025-02-05 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.... |
| CVE-2025-20169 | 2025-02-05 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.... |
| CVE-2025-21087 | 2025-02-05 | TMM Vulnerability |
| CVE-2025-21091 | 2025-02-05 | BIG-IP SNMP vulnerability |
| CVE-2025-23415 | 2025-02-05 | BIG-IP APM Endpoint Inspection vulnerability |
| CVE-2025-20058 | 2025-02-05 | BIG-IP message routing vulnerability |
| CVE-2025-22891 | 2025-02-05 | BIG-IP PEM Vulnerability |
| CVE-2025-20045 | 2025-02-05 | BIG-IP SIP MRF Vulnerability |
| CVE-2025-24326 | 2025-02-05 | BIG-IP Advanced WAF/ASM BADoS vulnerability |
| CVE-2025-23239 | 2025-02-05 | BIG-IP iControl REST vulnerability |
| CVE-2025-23412 | 2025-02-05 | BIG-IP APM access profile vulnerability |
| CVE-2025-22846 | 2025-02-05 | BIG-IP SIP Vulnerability |
| CVE-2025-24312 | 2025-02-05 | BIG-IP AFM vulnerability |
| CVE-2025-24497 | 2025-02-05 | BIG-IP PEM vulnerability |
| CVE-2025-24320 | 2025-02-05 | BIG-IP Configuration utility vulnerability |
| CVE-2025-24319 | 2025-02-05 | BIG-IP Next Central Manager vulnerability |
| CVE-2025-20029 | 2025-02-05 | BIG-IP iControl REST and tmsh vulnerability |
| CVE-2025-23413 | 2025-02-05 | BIG-IP Next Central Manager vulnerability |
| CVE-2025-23419 | 2025-02-05 | TLS Session Resumption Vulnerability |
| CVE-2024-7595 | 2025-02-05 | GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet |
| CVE-2024-7596 | 2025-02-05 | Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet |
| CVE-2024-56131 | 2025-02-05 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. |
| CVE-2024-56132 | 2025-02-05 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. |
| CVE-2024-56133 | 2025-02-05 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. |
| CVE-2024-56134 | 2025-02-05 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. |
| CVE-2024-56135 | 2025-02-05 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. |
| CVE-2025-24372 | 2025-02-05 | XSS vector in user uploaded images in group/org and user profiles in ckan |
| CVE-2025-24805 | 2025-02-05 | Local Privilege Escalation in MobSF |
| CVE-2025-24804 | 2025-02-05 | Partial Denial of Service (DoS) in MobSF |
| CVE-2025-24803 | 2025-02-05 | Stored Cross-Site Scripting (XSS) in MobSF |
| CVE-2024-38316 | 2025-02-05 | IBM Aspera Shares Denial of Service |
| CVE-2024-38317 | 2025-02-05 | IBM Aspera Shares Cross-Site Scripting |
| CVE-2024-38318 | 2025-02-05 | IBM Aspera Shares HTML injection |
| CVE-2024-56470 | 2025-02-05 | IBM Aspera Shares Server-Side Request Forgery |
| CVE-2024-56471 | 2025-02-05 | IBM Aspera Shares Server-Side Request Forgery |
| CVE-2024-56472 | 2025-02-05 | IBM Aspera Shares Cross-Site Scripting |
| CVE-2024-56473 | 2025-02-05 | IBM Aspera Shares Data Manipulation |
| CVE-2024-49791 | 2025-02-05 | IBM ApplinX Cross-Site Scripting |
| CVE-2024-49792 | 2025-02-05 | IBM ApplinX Cross-Site Scripting |
| CVE-2024-49793 | 2025-02-05 | IBM ApplinX Cross-Site Scripting |
| CVE-2025-1066 | 2025-02-05 | CVE-2025-1066 |
| CVE-2024-49794 | 2025-02-05 | IBM ApplinX Cross-Site Request Forgery |
| CVE-2024-49795 | 2025-02-05 | IBM ApplinX Cross-Site Request Forgery |
| CVE-2024-49796 | 2025-02-05 | IBM ApplinX Clickjacking |
| CVE-2024-49797 | 2025-02-05 | IBM ApplinX Information Disclosure |
| CVE-2024-49798 | 2025-02-05 | IBM ApplinX Information Disclosure |
| CVE-2024-49800 | 2025-02-05 | IBM ApplinX Information Disclosure |
| CVE-2020-36085 | 2025-02-06 | Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply For... |
| CVE-2022-40490 | 2025-02-06 | Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into... |
| CVE-2022-40916 | 2025-02-06 | Tiny File Manager v2.4.7 and below is vulnerable to session fixation. |
| CVE-2024-25883 | 2025-02-06 | The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors. |
| CVE-2024-36553 | 2025-02-06 | Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h is vulnerable to MITM attack. |
| CVE-2024-36554 | 2025-02-06 | Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the device... |
| CVE-2024-36555 | 2025-02-06 | Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allows malicious users to change the device IMEI-number which allows for forging... |