CVE List - 2025 / January
Showing 1001 - 1100 of 4277 CVEs for January 2025 (Page 11 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-0335 | 2025-01-09 | code-projects Online Bike Rental System Change Image unrestricted upload |
| CVE-2024-6324 | 2025-01-09 | Inefficient Algorithmic Complexity in GitLab |
| CVE-2025-0336 | 2025-01-09 | Codezips Project Management System teacher.php sql injection |
| CVE-2024-13041 | 2025-01-09 | Incorrect User Management in GitLab |
| CVE-2024-40762 | 2025-01-09 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the... |
| CVE-2024-53704 | 2025-01-09 | An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows... |
| CVE-2025-22449 | 2025-01-09 | Access control flaw for team admins allows unauthorized team additions |
| CVE-2025-20033 | 2025-01-09 | DoS via custom post type for sysconsole plugin readers |
| CVE-2025-22445 | 2025-01-09 | Misleading UI for undefined admin console settings in Calls causes security confusion |
| CVE-2024-53705 | 2025-01-09 | A Server-Side Request Forgery vulnerability in the SonicOS SSH management... |
| CVE-2025-0339 | 2025-01-09 | code-projects Online Bike Rental HTTP GET Request vehical-details.php cross site scripting |
| CVE-2025-0340 | 2025-01-09 | code-projects Cinema Seat Reservation System deleteBooking.php sql injection |
| CVE-2024-53706 | 2025-01-09 | A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows... |
| CVE-2024-40765 | 2025-01-09 | An Integer-based buffer overflow vulnerability in the SonicOS via IPSec... |
| CVE-2024-12803 | 2025-01-09 | A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows... |
| CVE-2024-12805 | 2025-01-09 | A post-authentication format string vulnerability in SonicOS management allows a... |
| CVE-2023-1907 | 2025-01-09 | Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session |
| CVE-2024-12806 | 2025-01-09 | A post-authentication absolute path traversal vulnerability in SonicOS management allows... |
| CVE-2025-0341 | 2025-01-09 | CampCodes Computer Laboratory Management System edit unrestricted upload |
| CVE-2025-0342 | 2025-01-09 | CampCodes Computer Laboratory Management System edit cross site scripting |
| CVE-2024-43655 | 2025-01-09 | Any authenticated users can execute OS commands as root using the <redacted>.sh CGI script. |
| CVE-2024-43650 | 2025-01-09 | Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station |
| CVE-2024-43662 | 2025-01-09 | Authenticated arbitrary file upload to /tmp/ and /tmp/upload/ |
| CVE-2024-43656 | 2025-01-09 | A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution. |
| CVE-2024-43659 | 2025-01-09 | Plaintext default credentials in firmware |
| CVE-2024-43663 | 2025-01-09 | Buffer overflow vulnerabilities in CGI scripts lead to segfault |
| CVE-2024-43648 | 2025-01-09 | Authenticated command injection via <redacted>.exe <redacted> parameter |
| CVE-2024-43657 | 2025-01-09 | When uploading new firmware, a shell script inside a firmware file is executed during its processing. This can be used to craft a custom firmware file with a custom script with arbitrary code, which will then be executed on the charging station. |
| CVE-2024-43652 | 2025-01-09 | Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station |
| CVE-2024-43661 | 2025-01-09 | Buffer overflow in <redacted>.so leads to DoS of OCPP service |
| CVE-2024-43653 | 2025-01-09 | Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station |
| CVE-2024-43660 | 2025-01-09 | Arbitrary file download using <redacted>.sh |
| CVE-2024-43649 | 2025-01-09 | Authenticated command injection via <redacted>.exe <redacted> parameter |
| CVE-2024-43654 | 2025-01-09 | Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station |
| CVE-2024-43658 | 2025-01-09 | Using the <redacted> action or <redacted>.sh script, arbitrary files and directories can be deleted using directory traversal. |
| CVE-2024-43651 | 2025-01-09 | Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station |
| CVE-2025-0344 | 2025-01-09 | leiyuxi cy-fast listData sql injection |
| CVE-2024-13153 | 2025-01-09 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2025-0345 | 2025-01-09 | leiyuxi cy-fast listData sql injection |
| CVE-2025-0346 | 2025-01-09 | code-projects Content Management System Publish News Page publishnews.php unrestricted upload |
| CVE-2024-12802 | 2025-01-09 | SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific... |
| CVE-2025-0347 | 2025-01-09 | code-projects Admission Management System Login index.php sql injection |
| CVE-2025-0348 | 2025-01-09 | CampCodes DepEd Equipment Inventory System add_employee.php cross site scripting |
| CVE-2025-0349 | 2025-01-09 | Tenda AC6 GetParentControlInfo stack-based overflow |
| CVE-2024-12618 | 2025-01-09 | Newsletter2Go <= 4.0.14 - Missing Authorization to Authenticated (Subscriber+) Style Reset |
| CVE-2024-12122 | 2025-01-09 | ResAds <= 2.0.6 - Reflected Cross-Site Scripting via Multiple Parameters |
| CVE-2024-12493 | 2025-01-09 | Files Download Delay <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12496 | 2025-01-09 | Linear <= 2.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12249 | 2025-01-09 | GS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection |
| CVE-2024-12222 | 2025-01-09 | Deliver via Shipos for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting via dvsfw_bulk_label_url Parameter |
| CVE-2024-12330 | 2025-01-09 | WP Database Backup – Unlimited Database & Files Backup by Backup for WP <= 7.3 - Unauthenticated Database Back-Up Exposure |
| CVE-2024-12285 | 2025-01-09 | SEMA API <= 5.27 - Reflected Cross-Site Scripting via catid Parameter |
| CVE-2024-5769 | 2025-01-09 | MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Limited Settings Update |
| CVE-2024-12206 | 2025-01-09 | Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion |
| CVE-2024-12067 | 2025-01-09 | WP Travel – Ultimate Travel Booking System, Tour Management Engine <= 10.0.0 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-12605 | 2025-01-09 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.3 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-11929 | 2025-01-09 | Responsive FlipBook Plugin Wordpress <= 2.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-12218 | 2025-01-09 | Woocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-11328 | 2025-01-09 | CLUEVO LMS, E-Learning Platform <= 1.13.2 - Reflected Cross-Site Scripting |
| CVE-2024-12621 | 2025-01-09 | Yumpu E-Paper publishing <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11907 | 2025-01-09 | Skyword API Plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11815 | 2025-01-09 | Pósturinn\'s Shipping with WooCommerce <= 1.3.1 - Reflected Cross-Site Scripting |
| CVE-2024-11686 | 2025-01-09 | WhatsApp click to chat <= 3.0.4 - Reflected Cross-Site Scripting |
| CVE-2024-12848 | 2025-01-09 | SKT Page Builder <= 4.6 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-12819 | 2025-01-09 | Searchie <= 1.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12515 | 2025-01-09 | Muslim Prayer Time-Salah/Iqamah <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12491 | 2025-01-09 | SimplyRETS Real Estate IDX <= 2.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12616 | 2025-01-09 | Bitly's WordPress Plugin <= 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-11642 | 2025-01-09 | Post Grid Master <= 3.4.12 - Missing Authorization to Unauthenticated Local PHP File Inclusion |
| CVE-2024-12542 | 2025-01-09 | linkID <= 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure |
| CVE-2024-12394 | 2025-01-09 | Action Network <= 1.4.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12514 | 2025-01-09 | 3DVieweronline <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-6155 | 2025-01-09 | Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting |
| CVE-2024-43176 | 2025-01-09 | IBM OpenPages information disclosure |
| CVE-2022-22491 | 2025-01-09 | IBM App Connect Enterprise Certified Container denial of service |
| CVE-2023-24010 | 2025-01-09 | Data Distribution Service (DDS) Chain of Trust (CoT) violation in Fast DDS |
| CVE-2023-24011 | 2025-01-09 | Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Cyclone DDS |
| CVE-2023-24012 | 2025-01-09 | Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Open DDS |
| CVE-2024-10106 | 2025-01-09 | Ember ZNet buffer overflow in 'packet handoff' plugin |
| CVE-2025-22827 | 2025-01-09 | WordPress WP Joomag plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22826 | 2025-01-09 | WordPress Sell Digital Downloads plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22824 | 2025-01-09 | WordPress Live Flight Radar Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22823 | 2025-01-09 | WordPress Genesis Style Shortcodes Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22822 | 2025-01-09 | WordPress wp custom countdown Plugin <= 2.8 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22821 | 2025-01-09 | WordPress StorePress theme <= 1.0.12 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22820 | 2025-01-09 | WordPress VR Views plugin <= 1.5.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22819 | 2025-01-09 | WordPress Qr Code and Barcode Scanner Reader plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22818 | 2025-01-09 | WordPress S3Player plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22817 | 2025-01-09 | WordPress BP Profile Shortcodes Extra plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22815 | 2025-01-09 | WordPress Button Block plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22814 | 2025-01-09 | WordPress Zephyr Admin Theme Plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22813 | 2025-01-09 | WordPress ChatBot Conversational Forms plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22812 | 2025-01-09 | WordPress News Ticker Widget for Elementor plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22811 | 2025-01-09 | WordPress MT Addons for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22810 | 2025-01-09 | WordPress Content Blocks Builder plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22809 | 2025-01-09 | WordPress PDF Catalog Woocommerce plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22808 | 2025-01-09 | WordPress Surbma | Premium WP plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22807 | 2025-01-09 | WordPress Responsive Flickr Slideshow Plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22806 | 2025-01-09 | WordPress Black Widgets For Elementor plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22805 | 2025-01-09 | WordPress Skill Bar Plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability |