Lista CVE - 2025 / Febbraio
Visualizzazione 801 - 900 di 3676 CVE per Febbraio 2025 (Pagina 9 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-57241 | 2025-02-11 | Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection. |
| CVE-2024-57777 | 2025-02-11 | Directory Traversal vulnerability in Ianproxy v.0.1 and before allows a remote attacker to obtain sensitive information |
| CVE-2025-25522 | 2025-02-11 | Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation. The attacker can directly control the remote target... |
| CVE-2025-25523 | 2025-02-11 | Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of length verification, which is related to the mobile access point setup operation. The attacker can... |
| CVE-2025-25524 | 2025-02-11 | Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this... |
| CVE-2025-25525 | 2025-02-11 | Buffer overflow vulnerability in H3C FA3010L access points SWFA1B0V100R005 due to the lack of length verification, which is related to the setting of firewall rules. Attackers who successfully exploit this... |
| CVE-2025-25526 | 2025-02-11 | Buffer overflow vulnerability in Mercury MIPC552W Camera v1.0 due to the lack of length verification, which is related to the configuration of the PPTP server. Attackers who successfully exploit this... |
| CVE-2025-25527 | 2025-02-11 | Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit... |
| CVE-2025-25528 | 2025-02-11 | Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. By successfully exploiting the vulnerabilities, attackers can crash the remote... |
| CVE-2025-25529 | 2025-02-11 | Buffer overflow vulnerability in Digital China DCBC Gateway 200-2.1.1 due to the lack of length verification, which is related to the configuration of static NAT rules. Attackers who successfully exploit... |
| CVE-2025-25530 | 2025-02-11 | Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway 1.0 due to the lack of length verification, which is related to saving parental control configuration information. Attackers who successfully exploit this... |
| CVE-2025-1164 | 2025-02-11 | code-projects Police FIR Record Management System Add Record stack-based overflow |
| CVE-2025-1165 | 2025-02-11 | Lumsoft ERP FileUploadApi.ashx DoWebUpload unrestricted upload |
| CVE-2025-0054 | 2025-02-11 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java |
| CVE-2025-0064 | 2025-02-11 | Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console) |
| CVE-2025-23187 | 2025-02-11 | Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) |
| CVE-2025-23189 | 2025-02-11 | Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) |
| CVE-2025-23190 | 2025-02-11 | Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI) |
| CVE-2025-23191 | 2025-02-11 | Cache Poisoning through header manipulation vulnerability in SAP Fiori for SAP ERP |
| CVE-2025-23193 | 2025-02-11 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP |
| CVE-2025-24867 | 2025-02-11 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (BI Launchpad) |
| CVE-2025-24868 | 2025-02-11 | Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services) |
| CVE-2025-24869 | 2025-02-11 | Information Disclosure vulnerability in SAP NetWeaver Application Server Java |
| CVE-2025-24870 | 2025-02-11 | Insecure Key & Secret Management vulnerability in SAP GUI for Windows |
| CVE-2025-24872 | 2025-02-11 | Missing Authorization check in SAP ABAP Platform (ABAP Build Framework) |
| CVE-2025-24874 | 2025-02-11 | Missing Defense in Depth Against Clickjacking in SAP Commerce Backoffice |
| CVE-2025-24875 | 2025-02-11 | SameSite Defense in Depth not applied for some cookies in SAP Commerce |
| CVE-2025-24876 | 2025-02-11 | Authentication bypass via authorization code injection in SAP Approuter |
| CVE-2025-25241 | 2025-02-11 | Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests) |
| CVE-2025-25243 | 2025-02-11 | Path traversal vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog) |
| CVE-2025-1166 | 2025-02-11 | SourceCodester Food Menu Manager update.php unrestricted upload |
| CVE-2025-1167 | 2025-02-11 | Mayuri K Employee Management System Update_User.php sql injection |
| CVE-2025-1168 | 2025-02-11 | SourceCodester Contact Manager with Export to VCF delete-contact.php sql injection |
| CVE-2025-1169 | 2025-02-11 | SourceCodester Image Compressor Tool compressor.php cross site scripting |
| CVE-2025-1170 | 2025-02-11 | code-projects Real Estate Property Management System Category.php cross site scripting |
| CVE-2025-1143 | 2025-02-11 | Billion Electric M120N - Use of Hard-coded Credentials |
| CVE-2025-1144 | 2025-02-11 | Quanxun School Affairs System - Exposure of Sensitive Information |
| CVE-2025-1145 | 2025-02-11 | NetVision Information ISOinsight - Reflected Cross-site Scripting |
| CVE-2025-1171 | 2025-02-11 | code-projects Real Estate Property Management System CustomerReport.php cross site scripting |
| CVE-2025-1172 | 2025-02-11 | 1000 Projects Bookstore Management System addtocart.php sql injection |
| CVE-2024-12599 | 2025-02-11 | HT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget |
| CVE-2025-1173 | 2025-02-11 | 1000 Projects Bookstore Management System process_users_del.php sql injection |
| CVE-2025-1211 | 2025-02-11 | Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/,... |
| CVE-2025-1174 | 2025-02-11 | 1000 Projects Bookstore Management System Add Book Page process_book_add.php cross site scripting |
| CVE-2025-1176 | 2025-02-11 | GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow |
| CVE-2024-13543 | 2025-02-11 | Zarinpal Paid Downloads <= 2.3 - Reflected XSS |
| CVE-2024-13544 | 2025-02-11 | Zarinpal Paid Downloads <= 2.3 - Admin+ Arbitrary File Upload |
| CVE-2024-13570 | 2025-02-11 | Stray Random Quotes <= 1.9.9 - Reflected XSS |
| CVE-2025-1177 | 2025-02-11 | dayrui XunRuiCMS Linkage.php import_add deserialization |
| CVE-2025-1178 | 2025-02-11 | GNU Binutils ld libbfd.c bfd_putl64 memory corruption |
| CVE-2025-0180 | 2025-02-11 | WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation |
| CVE-2025-0181 | 2025-02-11 | WP Foodbakery <= 4.7 - Authentication Bypass in foodbakery_parse_request |
| CVE-2025-1179 | 2025-02-11 | GNU Binutils ld libbfd.c bfd_putl64 memory corruption |
| CVE-2024-28989 | 2025-02-11 | SolarWinds Web Help Desk Cryptographic Key Management Vulnerability |
| CVE-2024-52606 | 2025-02-11 | SolarWinds Platform Server-Side Request Forgery Vulnerability |
| CVE-2024-45718 | 2025-02-11 | Sensitive data disclosure vulnerability |
| CVE-2024-52612 | 2025-02-11 | SolarWinds Platform Reflected Cross-Site Scripting Vulnerability |
| CVE-2024-52611 | 2025-02-11 | SolarWinds Platform Information Disclosure Vulnerability |
| CVE-2024-13643 | 2025-02-11 | Zox News <= 3.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Modification |
| CVE-2025-1180 | 2025-02-11 | GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption |
| CVE-2025-1181 | 2025-02-11 | GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption |
| CVE-2025-1182 | 2025-02-11 | GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption |
| CVE-2025-0589 | 2025-02-11 | In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which... |
| CVE-2025-26408 | 2025-02-11 | Unprotected JTAG Interface |
| CVE-2025-26409 | 2025-02-11 | Access to Bootloader and Shell Over Serial Interface |
| CVE-2025-26410 | 2025-02-11 | Weak Hard-coded Credentials |
| CVE-2025-26411 | 2025-02-11 | Authenticated Arbitrary Python File Upload via Plugin Manager |
| CVE-2025-0525 | 2025-02-11 | In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may... |
| CVE-2025-0526 | 2025-02-11 | In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result... |
| CVE-2023-37482 | 2025-02-11 | The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish... |
| CVE-2025-0513 | 2025-02-11 | In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code... |
| CVE-2024-23814 | 2025-02-11 | The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This... |
| CVE-2024-45386 | 2025-02-11 | A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0... |
| CVE-2024-53648 | 2025-02-11 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.90), SIPROTEC 5... |
| CVE-2024-53651 | 2025-02-11 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions),... |
| CVE-2024-53977 | 2025-02-11 | A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to... |
| CVE-2024-54015 | 2025-02-11 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions... |
| CVE-2024-54089 | 2025-02-11 | A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak... |
| CVE-2024-54090 | 2025-02-11 | A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain an out-of-bounds... |
| CVE-2025-23363 | 2025-02-11 | A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions... |
| CVE-2025-23403 | 2025-02-11 | A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions). The affected device do not properly restrict the user permission for the registry key.... |
| CVE-2025-24499 | 2025-02-11 | A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1... |
| CVE-2025-24532 | 2025-02-11 | A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1... |
| CVE-2025-24811 | 2025-02-11 | A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0),... |
| CVE-2025-24812 | 2025-02-11 | A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0) (All versions < V4.7), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0) (All versions < V4.7), SIMATIC S7-1200 CPU 1211C... |
| CVE-2025-24956 | 2025-02-11 | A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could... |
| CVE-2025-0862 | 2025-02-11 | SuperSaaS – online appointment scheduling <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via after Parameter |
| CVE-2024-13506 | 2025-02-11 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.97 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display_name Parameter |
| CVE-2025-0588 | 2025-02-11 | In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header... |
| CVE-2024-12366 | 2025-02-11 | CVE-2024-12366 |
| CVE-2025-26493 | 2025-02-11 | In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab |
| CVE-2025-26492 | 2025-02-11 | In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources |
| CVE-2025-1231 | 2025-02-11 | Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password... |
| CVE-2024-33659 | 2025-02-11 | BiosGuard Buffer Overflow and TOCTOU Vulnerability |
| CVE-2025-24896 | 2025-02-11 | Misskey allows token to remain valid in cookie after signing out |
| CVE-2024-47908 | 2025-02-11 | OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| CVE-2024-11771 | 2025-02-11 | Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. |
| CVE-2025-22467 | 2025-02-11 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. |
| CVE-2025-24897 | 2025-02-11 | Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes |
| CVE-2024-10644 | 2025-02-11 | Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |