CVE List - 2025 / January
Showing 901 - 1000 of 4277 CVEs for January 2025 (Page 10 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-20166 | 2025-01-08 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability |
| CVE-2025-20167 | 2025-01-08 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability |
| CVE-2025-20168 | 2025-01-08 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability |
| CVE-2024-13187 | 2025-01-08 | Kingsoft WPS Office TCC code injection |
| CVE-2024-56770 | 2025-01-08 | net/sched: netem: account for backlog updates from child qdisc |
| CVE-2024-6350 | 2025-01-08 | EmberZNet malformed MAC layer packet leads to denial of service |
| CVE-2023-35685 | 2025-01-08 | In DevmemIntMapPages of devicemem_server.c, there is a possible physical page... |
| CVE-2025-21111 | 2025-01-08 | Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage... |
| CVE-2024-56771 | 2025-01-08 | mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information |
| CVE-2024-56772 | 2025-01-08 | kunit: string-stream: Fix a UAF bug in kunit_init_suite() |
| CVE-2024-56773 | 2025-01-08 | kunit: Fix potential null dereference in kunit_device_driver_test() |
| CVE-2024-56774 | 2025-01-08 | btrfs: add a sanity check for btrfs root in btrfs_search_slot() |
| CVE-2024-56775 | 2025-01-08 | drm/amd/display: Fix handling of plane refcount |
| CVE-2024-56776 | 2025-01-08 | drm/sti: avoid potential dereference of error pointers |
| CVE-2024-56777 | 2025-01-08 | drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check |
| CVE-2024-56778 | 2025-01-08 | drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check |
| CVE-2024-56779 | 2025-01-08 | nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur |
| CVE-2024-56780 | 2025-01-08 | quota: flush quota_release_work upon quota writeback |
| CVE-2024-56781 | 2025-01-08 | powerpc/prom_init: Fixup missing powermac #size-cells |
| CVE-2024-56782 | 2025-01-08 | ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() |
| CVE-2024-56783 | 2025-01-08 | netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level |
| CVE-2024-56784 | 2025-01-08 | drm/amd/display: Adding array index check to prevent memory corruption |
| CVE-2024-56785 | 2025-01-08 | MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a |
| CVE-2024-56786 | 2025-01-08 | bpf: put bpf_link's program when link is safe to be deallocated |
| CVE-2024-56787 | 2025-01-08 | soc: imx8m: Probe the SoC driver as platform driver |
| CVE-2025-22140 | 2025-01-08 | WeGIA SQL Injection (Blind Time-Based) endpoint 'dependente_listar_um.php' parameter 'id_dependente' |
| CVE-2025-22139 | 2025-01-08 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint `configuracao_geral.php` parameter `msg` |
| CVE-2025-22141 | 2025-01-08 | WeGIA SQL Injection (Blind Time-Based) endpoint 'verificar_recursos_cargo.php' parameter 'cargo' |
| CVE-2025-0291 | 2025-01-08 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.264... |
| CVE-2024-13188 | 2025-01-08 | MicroWorld eScan Antivirus Installation var default permission |
| CVE-2025-22143 | 2025-01-08 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'listar_permissoes.php' parameter 'msg_e' |
| CVE-2024-13189 | 2025-01-08 | ZeroWdd myblog MyBlogMvcConfig.java permission |
| CVE-2025-0194 | 2025-01-08 | Insertion of Sensitive Information into Externally-Accessible File or Directory in GitLab |
| CVE-2024-12431 | 2025-01-08 | Missing Authorization in GitLab |
| CVE-2025-22145 | 2025-01-08 | Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale |
| CVE-2024-54010 | 2025-01-08 | Unauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switches |
| CVE-2024-53995 | 2025-01-08 | GHSL-2024-288: SickChill open redirect in login |
| CVE-2024-13190 | 2025-01-08 | ZeroWdd myblog BlogMapper.xml xml injection |
| CVE-2025-0282 | 2025-01-08 | A stack-based buffer overflow in Ivanti Connect Secure before version... |
| CVE-2025-0283 | 2025-01-08 | A stack-based buffer overflow in Ivanti Connect Secure before version... |
| CVE-2024-13191 | 2025-01-08 | ZeroWdd myblog uploadController.java upload unrestricted upload |
| CVE-2024-13192 | 2025-01-08 | ZeroWdd myblog BlogController.java update cross site scripting |
| CVE-2024-13193 | 2025-01-08 | SEMCMS Image Library Management Page SEMCMS_Images.php sql injection |
| CVE-2024-13194 | 2025-01-08 | Sucms admin_members.php sql injection |
| CVE-2024-13195 | 2025-01-08 | donglight bookstore电商书城系统说明 HttpUtil.java getHtml server-side request forgery |
| CVE-2023-28354 | 2025-01-09 | An issue was discovered in Opsview Monitor Agent 6.8. An... |
| CVE-2024-42898 | 2025-01-09 | A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows... |
| CVE-2024-46464 | 2025-01-09 | In PRIMX ZED Enterprise up to 2024.3, technical files stored... |
| CVE-2024-48806 | 2025-01-09 | Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a... |
| CVE-2024-51229 | 2025-01-09 | Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a... |
| CVE-2024-54724 | 2025-01-09 | PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted... |
| CVE-2024-54761 | 2025-01-09 | BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via... |
| CVE-2024-54762 | 2025-01-09 | Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability.... |
| CVE-2024-54887 | 2025-01-09 | TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier... |
| CVE-2024-55224 | 2025-01-09 | An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows... |
| CVE-2024-55225 | 2025-01-09 | An issue in the component src/api/identity.rs of Vaultwarden prior to... |
| CVE-2024-55226 | 2025-01-09 | Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site... |
| CVE-2024-55494 | 2025-01-09 | A PHP Code Injection vulnerability that can lead to Remote... |
| CVE-2024-56114 | 2025-01-09 | Canlineapp Online 1.1 is vulnerable to Broken Access Control and... |
| CVE-2024-56376 | 2025-01-09 | A stored cross-site scripting (XSS) vulnerability in the built-in messenger... |
| CVE-2024-56377 | 2025-01-09 | A stored cross-site scripting (XSS) vulnerability in survey titles of... |
| CVE-2024-46505 | 2025-01-09 | Infoblox BloxOne v2.4 was discovered to contain a business logic... |
| CVE-2024-56113 | 2025-01-09 | Smart Toilet Lab - Motius 1.3.11 is running with debug... |
| CVE-2024-13196 | 2025-01-09 | donglight bookstore电商书城系统说明 BookInfoController.java BookSearchList cross site scripting |
| CVE-2024-13197 | 2025-01-09 | donglight bookstore电商书城系统说明 AdminUserControlle.java updateUser cross site scripting |
| CVE-2024-13198 | 2025-01-09 | langhsu Mblog Blog System login observable response discrepancy |
| CVE-2024-13199 | 2025-01-09 | langhsu Mblog Blog System Search Bar search cross site scripting |
| CVE-2023-28120 | 2025-01-09 | There is a vulnerability in ActiveSupport if the new bytesplice... |
| CVE-2024-37372 | 2025-01-09 | The Permission Model assumes that any path starting with two... |
| CVE-2023-38037 | 2025-01-09 | ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary... |
| CVE-2024-27980 | 2025-01-09 | Due to the improper handling of batch files in child_process.spawn... |
| CVE-2023-28362 | 2025-01-09 | The redirect_to method in Rails allows provided values to contain... |
| CVE-2023-27539 | 2025-01-09 | There is a denial of service vulnerability in the header... |
| CVE-2023-27531 | 2025-01-09 | There is a deserialization of untrusted data vulnerability in the... |
| CVE-2023-23913 | 2025-01-09 | There is a potential DOM based cross-site scripting issue in... |
| CVE-2024-13200 | 2025-01-09 | wander-chu SpringBoot-Blog HTTP POST Request BaseInterceptor.java preHandle access control |
| CVE-2024-13201 | 2025-01-09 | wander-chu SpringBoot-Blog Admin Attachment AttachtController.java upload unrestricted upload |
| CVE-2024-13202 | 2025-01-09 | wander-chu SpringBoot-Blog Blog Article PageController.java modifiyArticle cross site scripting |
| CVE-2024-13203 | 2025-01-09 | kurniaramadhan E-Commerce-PHP cross-site request forgery |
| CVE-2024-13204 | 2025-01-09 | kurniaramadhan E-Commerce-PHP blog-details.php sql injection |
| CVE-2024-13205 | 2025-01-09 | kurniaramadhan E-Commerce-PHP Create Product Page create_product.php cross site scripting |
| CVE-2024-13206 | 2025-01-09 | REVE Antivirus reveinstall default permission |
| CVE-2024-13209 | 2025-01-09 | Redaxo CMS Structure Management Page index.php cross site scripting |
| CVE-2024-13210 | 2025-01-09 | donglight bookstore电商书城系统说明 AdminBookController. java uploadPicture unrestricted upload |
| CVE-2024-13211 | 2025-01-09 | SingMR HouseRent AdminController.java access control |
| CVE-2024-56826 | 2025-01-09 | Openjpeg: heap buffer overflow in bin/common/color.c |
| CVE-2024-56827 | 2025-01-09 | Openjpeg: heap buffer overflow in lib/openjp2/j2k.c |
| CVE-2024-13212 | 2025-01-09 | SingMR HouseRent AddHouseController.java upload unrestricted upload |
| CVE-2024-13213 | 2025-01-09 | SingMR HouseRent toAdminUpdateHousePage cross site scripting |
| CVE-2025-0306 | 2025-01-09 | Ruby: openssl: ruby marvin attack |
| CVE-2025-0328 | 2025-01-09 | KaiYuanTong ECT Platform HTTP POST Request runCode.php command injection |
| CVE-2025-0331 | 2025-01-09 | YunzMall HTTP POST Request ResetpwdController.php changePwd password recovery |
| CVE-2025-0333 | 2025-01-09 | leiyuxi cy-fast listData sql injection |
| CVE-2024-10815 | 2025-01-09 | PostLists <= 2.0.2 - Reflected XSS |
| CVE-2024-12714 | 2025-01-09 | Backlink Monitoring Manager <= 0.1.3 - Reflected XSS |
| CVE-2024-12715 | 2025-01-09 | Asgard Security Scanner <= 0.7 - Reflected XSS |
| CVE-2024-12717 | 2025-01-09 | aklamator-infeed <= 2.0.0 - Admin+ Stored XSS |
| CVE-2025-0334 | 2025-01-09 | leiyuxi cy-fast listData sql injection |
| CVE-2024-12731 | 2025-01-09 | aklamator-infeed <= 2.0.0 - Reflected XSS |
| CVE-2024-12736 | 2025-01-09 | BU Section Editing <= 0.9.9 - Reflected XSS |