CVE List - 2025 / January
Showing 1401 - 1500 of 4274 CVEs for January 2025 (Page 15 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-42230 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function. |
| CVE-2023-42233 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function. |
| CVE-2023-42244 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php. |
| CVE-2023-42245 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php. |
| CVE-2023-42246 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php. |
| CVE-2023-42247 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php. |
| CVE-2023-42249 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php. |
| CVE-2023-42250 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php. |
| CVE-2024-44771 | 2025-01-13 | BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS) via the "Label" field in the Report template function. |
| CVE-2024-46310 | 2025-01-13 | Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint |
| CVE-2024-46479 | 2025-01-13 | Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution. |
| CVE-2024-46480 | 2025-01-13 | An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. |
| CVE-2024-46481 | 2025-01-13 | The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS. |
| CVE-2024-46919 | 2025-01-13 | An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at... |
| CVE-2024-46920 | 2025-01-13 | An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at... |
| CVE-2024-48883 | 2025-01-13 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000,... |
| CVE-2024-54999 | 2025-01-13 | MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module. |
| CVE-2024-57487 | 2025-01-13 | In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions... |
| CVE-2024-57488 | 2025-01-13 | Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php. |
| CVE-2024-57811 | 2025-01-13 | In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in... |
| CVE-2023-42225 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function. |
| CVE-2023-42226 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function. |
| CVE-2023-42227 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function. |
| CVE-2023-42228 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function. |
| CVE-2023-42229 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service. |
| CVE-2023-42231 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function. |
| CVE-2023-42232 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function. |
| CVE-2023-42234 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function. |
| CVE-2023-42235 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php. |
| CVE-2023-42236 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php. |
| CVE-2023-42237 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php. |
| CVE-2023-42238 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php. |
| CVE-2023-42239 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php. |
| CVE-2023-42240 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php. |
| CVE-2023-42241 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php. |
| CVE-2023-42242 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php. |
| CVE-2023-42243 | 2025-01-13 | In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries. |
| CVE-2023-42248 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php". |
| CVE-2024-46921 | 2025-01-13 | An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem... |
| CVE-2025-22963 | 2025-01-13 | Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin. |
| CVE-2025-0403 | 2025-01-13 | 1902756969 reggie Phone Number Validation sendMsg information disclosure |
| CVE-2025-0404 | 2025-01-13 | liujianview gymxmjpa CoachController.java CoachController sql injection |
| CVE-2025-0405 | 2025-01-13 | liujianview gymxmjpa GoodsController.java GoodsDaoImpl sql injection |
| CVE-2025-0406 | 2025-01-13 | liujianview gymxmjpa SubjectController.java SubjectDaoImpl sql injection |
| CVE-2025-0407 | 2025-01-13 | liujianview gymxmjpa EquipmentController.java EquipmentDaoImpl sql injection |
| CVE-2025-0408 | 2025-01-13 | liujianview gymxmjpa LoosController.java LoosDaoImpl sql injection |
| CVE-2025-0409 | 2025-01-13 | liujianview gymxmjpa MembertypeController.java MembertypeDaoImpl sql injection |
| CVE-2025-0410 | 2025-01-13 | liujianview gymxmjpa MenberConntroller.java MenberDaoInpl sql injection |
| CVE-2025-0412 | 2025-01-13 | Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2024-11636 | 2025-01-13 | Email Subscribers < 5.7.45 - Admin+ Stored XSS |
| CVE-2024-12274 | 2025-01-13 | BookingPress < 1.1.23 - Unauthenticated Export File Download |
| CVE-2024-12566 | 2025-01-13 | Email Subscribers < 5.7.45 - Admin+ Stored XSS |
| CVE-2024-12567 | 2025-01-13 | Email Subscribers < 5.7.45 - Admin+ Stored XSS |
| CVE-2024-12568 | 2025-01-13 | Email Subscribers < 5.7.45 - Admin+ Stored XSS |
| CVE-2024-47897 | 2025-01-13 | GPU DDK - PVRSRVRGXGetEnabledHWPerfBlocksKM off-by-one OOB write |
| CVE-2024-47894 | 2025-01-13 | GPU DDK - Out of bounds read into fwlog due to unchecked loop bounds |
| CVE-2024-47895 | 2025-01-13 | GPU DDK - OOB read into fwlog due to unchecked block count |
| CVE-2024-52935 | 2025-01-13 | GPU DDK - psContext->eDM gives OOB write |
| CVE-2024-52936 | 2025-01-13 | GPU DDK - rgxfw_hwperf_config OOB read & write |
| CVE-2024-52937 | 2025-01-13 | GPU DDK - rgxfw_kernel_CMD_DISABLE_ZSSTORE OOB write via ui32WriteOffsetOfDisableZSStore |
| CVE-2024-52938 | 2025-01-13 | GPU DDK - rgxfw_pm_add_freelist_for_reconstruction OOB write |
| CVE-2025-22828 | 2025-01-13 | Apache CloudStack: Unauthorised access to annotations |
| CVE-2025-22777 | 2025-01-13 | WordPress GiveWP Plugin <= 3.19.3 - PHP Object Injection vulnerability |
| CVE-2025-22588 | 2025-01-13 | WordPress Scanventory Plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22586 | 2025-01-13 | WordPress WPEX Replace DB Urls Plugin <= 0.4.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22583 | 2025-01-13 | WordPress Scan External Links Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22576 | 2025-01-13 | WordPress Site PIN Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22570 | 2025-01-13 | WordPress Inline Tweets plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22569 | 2025-01-13 | WordPress Featured Page Widget Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22568 | 2025-01-13 | WordPress Post And Page Reactions Plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22567 | 2025-01-13 | WordPress TRUSTist REVIEWer Plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22514 | 2025-01-13 | WordPress Axact Author List Widget Plugin <= 3.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22506 | 2025-01-13 | WordPress Smart Agenda Plugin <= 4.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-22499 | 2025-01-13 | WordPress F4 Post Tree Plugin <= 1.1.18 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22498 | 2025-01-13 | WordPress LucidLMS plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22344 | 2025-01-13 | WordPress Media Category Library plugin <= 2.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22337 | 2025-01-13 | WordPress Order Audit Log for WooCommerce plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22314 | 2025-01-13 | WordPress Food Store plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22800 | 2025-01-13 | WordPress Post SMTP plugin <= 2.9.11 - Broken Access Control vulnerability |
| CVE-2024-56301 | 2025-01-13 | WordPress Distance Based Shipping Calculator Plugin <= 2.0.21 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56065 | 2025-01-13 | WordPress WP2LEADS Plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47796 | 2025-01-13 | An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide... |
| CVE-2024-52333 | 2025-01-13 | An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide... |
| CVE-2024-12211 | 2025-01-13 | Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. |
| CVE-2024-6352 | 2025-01-13 | Malformed packet leads to denial of service in APS layer |
| CVE-2024-5743 | 2025-01-13 | Command Injection Vulnerability |
| CVE-2025-23026 | 2025-01-13 | HTML templates containing Javascript template strings are subject to XSS in jte |
| CVE-2025-23027 | 2025-01-13 | BASEHUB_TOKEN commited in next-forge |
| CVE-2025-22144 | 2025-01-13 | Account Takeover in NamelessMC |
| CVE-2025-22142 | 2025-01-13 | Cross-site Scripting in NamelessMC |
| CVE-2025-22138 | 2025-01-13 | Private categories allow suggested edits to be viewed via the queue in @codidact/qpixel |
| CVE-2025-22134 | 2025-01-13 | heap-buffer-overflow with visual mode in Vim < 9.1.1003 |
| CVE-2025-22619 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_permissoes.php' parameter 'msg_c' |
| CVE-2025-22618 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Stored endpoint 'adicionar_cargo.php' parameter 'cargo' |
| CVE-2025-22617 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_socio.php' parameter 'socio' |
| CVE-2025-22616 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_parentesco_adicionar.php' parameter 'descricao' |
| CVE-2025-22615 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'Cadastro_Atendido.php' parameter 'cpf' |
| CVE-2025-22614 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_editarInfoPessoal.php ' parameters 'nome' 'SobrenomeForm' |
| CVE-2025-22613 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao' |
| CVE-2024-56323 | 2025-01-13 | OpenFGA Authorization Bypass |