CVE List - 2025 / January
Showing 901 - 1000 of 4274 CVEs for January 2025 (Page 10 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-20167 | 2025-01-08 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability |
| CVE-2025-20168 | 2025-01-08 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability |
| CVE-2024-13187 | 2025-01-08 | Kingsoft WPS Office TCC code injection |
| CVE-2024-56770 | 2025-01-08 | net/sched: netem: account for backlog updates from child qdisc |
| CVE-2024-6350 | 2025-01-08 | EmberZNet malformed MAC layer packet leads to denial of service |
| CVE-2023-35685 | 2025-01-08 | In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel... |
| CVE-2025-21111 | 2025-01-08 | Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. |
| CVE-2024-56771 | 2025-01-08 | mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information |
| CVE-2024-56772 | 2025-01-08 | kunit: string-stream: Fix a UAF bug in kunit_init_suite() |
| CVE-2024-56773 | 2025-01-08 | kunit: Fix potential null dereference in kunit_device_driver_test() |
| CVE-2024-56774 | 2025-01-08 | btrfs: add a sanity check for btrfs root in btrfs_search_slot() |
| CVE-2024-56775 | 2025-01-08 | drm/amd/display: Fix handling of plane refcount |
| CVE-2024-56776 | 2025-01-08 | drm/sti: avoid potential dereference of error pointers |
| CVE-2024-56777 | 2025-01-08 | drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check |
| CVE-2024-56778 | 2025-01-08 | drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check |
| CVE-2024-56779 | 2025-01-08 | nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur |
| CVE-2024-56780 | 2025-01-08 | quota: flush quota_release_work upon quota writeback |
| CVE-2024-56781 | 2025-01-08 | powerpc/prom_init: Fixup missing powermac #size-cells |
| CVE-2024-56782 | 2025-01-08 | ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() |
| CVE-2024-56783 | 2025-01-08 | netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level |
| CVE-2024-56784 | 2025-01-08 | drm/amd/display: Adding array index check to prevent memory corruption |
| CVE-2024-56785 | 2025-01-08 | MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a |
| CVE-2024-56787 | 2025-01-08 | soc: imx8m: Probe the SoC driver as platform driver |
| CVE-2025-22140 | 2025-01-08 | WeGIA SQL Injection (Blind Time-Based) endpoint 'dependente_listar_um.php' parameter 'id_dependente' |
| CVE-2025-22139 | 2025-01-08 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint `configuracao_geral.php` parameter `msg` |
| CVE-2025-22141 | 2025-01-08 | WeGIA SQL Injection (Blind Time-Based) endpoint 'verificar_recursos_cargo.php' parameter 'cargo' |
| CVE-2025-0291 | 2025-01-08 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-13188 | 2025-01-08 | MicroWorld eScan Antivirus Installation var default permission |
| CVE-2025-22143 | 2025-01-08 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'listar_permissoes.php' parameter 'msg_e' |
| CVE-2024-13189 | 2025-01-08 | ZeroWdd myblog MyBlogMvcConfig.java permission |
| CVE-2025-0194 | 2025-01-08 | Insertion of Sensitive Information into Externally-Accessible File or Directory in GitLab |
| CVE-2024-12431 | 2025-01-08 | Missing Authorization in GitLab |
| CVE-2025-22145 | 2025-01-08 | Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale |
| CVE-2024-54010 | 2025-01-08 | Unauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switches |
| CVE-2024-53995 | 2025-01-08 | GHSL-2024-288: SickChill open redirect in login |
| CVE-2024-13190 | 2025-01-08 | ZeroWdd myblog BlogMapper.xml xml injection |
| CVE-2025-0282 | 2025-01-08 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated... |
| CVE-2025-0283 | 2025-01-08 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated... |
| CVE-2024-13191 | 2025-01-08 | ZeroWdd myblog uploadController.java upload unrestricted upload |
| CVE-2024-13192 | 2025-01-08 | ZeroWdd myblog BlogController.java update cross site scripting |
| CVE-2024-13193 | 2025-01-08 | SEMCMS Image Library Management Page SEMCMS_Images.php sql injection |
| CVE-2024-13194 | 2025-01-08 | Sucms admin_members.php sql injection |
| CVE-2024-13195 | 2025-01-08 | donglight bookstore电商书城系统说明 HttpUtil.java getHtml server-side request forgery |
| CVE-2023-28354 | 2025-01-09 | An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to... |
| CVE-2024-42898 | 2025-01-09 | A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account... |
| CVE-2024-46464 | 2025-01-09 | In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs... |
| CVE-2024-48806 | 2025-01-09 | Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field |
| CVE-2024-51229 | 2025-01-09 | Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function. |
| CVE-2024-54724 | 2025-01-09 | PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion. |
| CVE-2024-54761 | 2025-01-09 | BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter. |
| CVE-2024-54762 | 2025-01-09 | Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection. |
| CVE-2024-54887 | 2025-01-09 | TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute... |
| CVE-2024-55224 | 2025-01-09 | An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message. |
| CVE-2024-55225 | 2025-01-09 | An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request. |
| CVE-2024-55226 | 2025-01-09 | Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs. |
| CVE-2024-55494 | 2025-01-09 | A PHP Code Injection vulnerability that can lead to Remote Code Execution (RCE) and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2024-56114 | 2025-01-09 | Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature... |
| CVE-2024-56376 | 2025-01-09 | A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the... |
| CVE-2024-56377 | 2025-01-09 | A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user... |
| CVE-2024-46505 | 2025-01-09 | Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. |
| CVE-2024-56113 | 2025-01-09 | Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page. |
| CVE-2024-13196 | 2025-01-09 | donglight bookstore电商书城系统说明 BookInfoController.java BookSearchList cross site scripting |
| CVE-2024-13197 | 2025-01-09 | donglight bookstore电商书城系统说明 AdminUserControlle.java updateUser cross site scripting |
| CVE-2024-13198 | 2025-01-09 | langhsu Mblog Blog System login observable response discrepancy |
| CVE-2024-13199 | 2025-01-09 | langhsu Mblog Blog System Search Bar search cross site scripting |
| CVE-2023-28120 | 2025-01-09 | There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. |
| CVE-2024-37372 | 2025-01-09 | The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to... |
| CVE-2023-38037 | 2025-01-09 | ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users... |
| CVE-2024-27980 | 2025-01-09 | Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option... |
| CVE-2023-28362 | 2025-01-09 | The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce... |
| CVE-2023-27539 | 2025-01-09 | There is a denial of service vulnerability in the header parsing component of Rack. |
| CVE-2023-27531 | 2025-01-09 | There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code |
| CVE-2023-23913 | 2025-01-09 | There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential... |
| CVE-2024-13200 | 2025-01-09 | wander-chu SpringBoot-Blog HTTP POST Request BaseInterceptor.java preHandle access control |
| CVE-2024-13201 | 2025-01-09 | wander-chu SpringBoot-Blog Admin Attachment AttachtController.java upload unrestricted upload |
| CVE-2024-13202 | 2025-01-09 | wander-chu SpringBoot-Blog Blog Article PageController.java modifiyArticle cross site scripting |
| CVE-2024-13203 | 2025-01-09 | kurniaramadhan E-Commerce-PHP cross-site request forgery |
| CVE-2024-13204 | 2025-01-09 | kurniaramadhan E-Commerce-PHP blog-details.php sql injection |
| CVE-2024-13205 | 2025-01-09 | kurniaramadhan E-Commerce-PHP Create Product Page create_product.php cross site scripting |
| CVE-2024-13206 | 2025-01-09 | REVE Antivirus reveinstall default permission |
| CVE-2024-13209 | 2025-01-09 | Redaxo CMS Structure Management Page index.php cross site scripting |
| CVE-2024-13210 | 2025-01-09 | donglight bookstore电商书城系统说明 AdminBookController. java uploadPicture unrestricted upload |
| CVE-2024-13211 | 2025-01-09 | SingMR HouseRent AdminController.java access control |
| CVE-2024-56826 | 2025-01-09 | Openjpeg: heap buffer overflow in bin/common/color.c |
| CVE-2024-56827 | 2025-01-09 | Openjpeg: heap buffer overflow in lib/openjp2/j2k.c |
| CVE-2024-13212 | 2025-01-09 | SingMR HouseRent AddHouseController.java upload unrestricted upload |
| CVE-2024-13213 | 2025-01-09 | SingMR HouseRent toAdminUpdateHousePage cross site scripting |
| CVE-2025-0306 | 2025-01-09 | Ruby: openssl: ruby marvin attack |
| CVE-2025-0328 | 2025-01-09 | KaiYuanTong ECT Platform HTTP POST Request runCode.php command injection |
| CVE-2025-0331 | 2025-01-09 | YunzMall HTTP POST Request ResetpwdController.php changePwd password recovery |
| CVE-2025-0333 | 2025-01-09 | leiyuxi cy-fast listData sql injection |
| CVE-2024-10815 | 2025-01-09 | PostLists <= 2.0.2 - Reflected XSS |
| CVE-2024-12714 | 2025-01-09 | Backlink Monitoring Manager <= 0.1.3 - Reflected XSS |
| CVE-2024-12715 | 2025-01-09 | Asgard Security Scanner <= 0.7 - Reflected XSS |
| CVE-2024-12717 | 2025-01-09 | aklamator-infeed <= 2.0.0 - Admin+ Stored XSS |
| CVE-2025-0334 | 2025-01-09 | leiyuxi cy-fast listData sql injection |
| CVE-2024-12731 | 2025-01-09 | aklamator-infeed <= 2.0.0 - Reflected XSS |
| CVE-2024-12736 | 2025-01-09 | BU Section Editing <= 0.9.9 - Reflected XSS |
| CVE-2025-0335 | 2025-01-09 | code-projects Online Bike Rental System Change Image unrestricted upload |
| CVE-2024-6324 | 2025-01-09 | Inefficient Algorithmic Complexity in GitLab |