CVE List - 2025 / January
Showing 1601 - 1700 of 4277 CVEs for January 2025 (Page 17 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-0057 | 2025-01-14 | Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application) |
| CVE-2025-0058 | 2025-01-14 | Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow |
| CVE-2025-0059 | 2025-01-14 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) |
| CVE-2025-0060 | 2025-01-14 | Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform |
| CVE-2025-0061 | 2025-01-14 | Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform |
| CVE-2025-0063 | 2025-01-14 | SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2025-0066 | 2025-01-14 | Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) |
| CVE-2025-0067 | 2025-01-14 | Missing Authorization check in SAP NetWeaver Application Server Java |
| CVE-2025-0068 | 2025-01-14 | Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP |
| CVE-2025-0069 | 2025-01-14 | DLL Hijacking vulnerability in SAPSetup |
| CVE-2025-0070 | 2025-01-14 | Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform |
| CVE-2024-12298 | 2025-01-14 | Vulnerability Report on Improper Restriction of XML External Entity Reference in NB-Designer |
| CVE-2024-12083 | 2025-01-14 | Path Traversal Vulnerabilities in NJ/NX-series Machine Automation Controllers |
| CVE-2024-12398 | 2025-01-14 | An improper privilege management vulnerability in the web management interface... |
| CVE-2025-23082 | 2025-01-14 | Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request... |
| CVE-2024-13323 | 2025-01-14 | Booking Calendar <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode |
| CVE-2024-12365 | 2025-01-14 | W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery |
| CVE-2024-12006 | 2025-01-14 | W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation |
| CVE-2024-12008 | 2025-01-14 | W3 Total Cache <= 2.8.1 Information Exposure via Log Files |
| CVE-2025-0393 | 2025-01-14 | Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-0394 | 2025-01-14 | Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function |
| CVE-2024-13156 | 2025-01-14 | HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter |
| CVE-2024-11734 | 2025-01-14 | Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers |
| CVE-2024-11736 | 2025-01-14 | Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables |
| CVE-2024-12919 | 2025-01-14 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.7 - Authentication Bypass via pms_payment_id |
| CVE-2025-20016 | 2025-01-14 | OS command injection vulnerability exists in network storage servers STEALTHONE... |
| CVE-2025-20055 | 2025-01-14 | OS command injection vulnerability exists in network storage servers STEALTHONE... |
| CVE-2025-20620 | 2025-01-14 | SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S... |
| CVE-2024-45385 | 2025-01-14 | A vulnerability has been identified in Industrial Edge Management OS... |
| CVE-2024-47100 | 2025-01-14 | A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C... |
| CVE-2024-53649 | 2025-01-14 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300)... |
| CVE-2024-56841 | 2025-01-14 | A vulnerability has been identified in Mendix LDAP (All versions... |
| CVE-2024-12240 | 2025-01-14 | Page Builder by SiteOrigin <= 2.31.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Row Label Parameter |
| CVE-2024-7344 | 2025-01-14 | Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. |
| CVE-2024-11863 | 2025-01-14 | SCP-Firmware Vulnerability |
| CVE-2024-11864 | 2025-01-14 | SCP-Firmware Vulnerability |
| CVE-2024-11497 | 2025-01-14 | Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation |
| CVE-2024-46665 | 2025-01-14 | An insertion of sensitive information into sent data vulnerability [CWE-201]... |
| CVE-2024-48893 | 2025-01-14 | An improper neutralization of input during web page generation vulnerability... |
| CVE-2024-52963 | 2025-01-14 | A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through... |
| CVE-2024-55591 | 2025-01-14 | An Authentication Bypass Using an Alternate Path or Channel vulnerability... |
| CVE-2024-50566 | 2025-01-14 | A improper neutralization of special elements used in an os... |
| CVE-2024-55593 | 2025-01-14 | A improper neutralization of special elements used in an sql... |
| CVE-2024-46669 | 2025-01-14 | An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4... |
| CVE-2024-46670 | 2025-01-14 | An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version... |
| CVE-2024-36512 | 2025-01-14 | An improper limitation of a pathname to a restricted directory... |
| CVE-2023-42785 | 2025-01-14 | A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1,... |
| CVE-2024-35275 | 2025-01-14 | A improper neutralization of special elements used in an sql... |
| CVE-2024-35276 | 2025-01-14 | A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through... |
| CVE-2023-42786 | 2025-01-14 | A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1,... |
| CVE-2023-46715 | 2025-01-14 | An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec... |
| CVE-2024-35273 | 2025-01-14 | A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2,... |
| CVE-2024-46668 | 2025-01-14 | An allocation of resources without limits or throttling vulnerability [CWE-770]... |
| CVE-2024-52969 | 2025-01-14 | An Improper Neutralization of Special Elements used in an SQL... |
| CVE-2024-48884 | 2025-01-14 | A improper limitation of a pathname to a restricted directory... |
| CVE-2024-56497 | 2025-01-14 | An improper neutralization of special elements used in an os... |
| CVE-2023-37937 | 2025-01-14 | An improper neutralization of special elements used in an os... |
| CVE-2023-37936 | 2025-01-14 | A use of hard-coded cryptographic key in Fortinet FortiSwitch version... |
| CVE-2024-33503 | 2025-01-14 | A improper privilege management in Fortinet FortiManager version 7.4.0 through... |
| CVE-2024-27778 | 2025-01-14 | An improper neutralization of special elements used in an OS... |
| CVE-2024-48886 | 2025-01-14 | A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4,... |
| CVE-2024-47566 | 2025-01-14 | A improper limitation of a pathname to a restricted directory... |
| CVE-2024-46664 | 2025-01-14 | A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0... |
| CVE-2024-40587 | 2025-01-14 | An improper neutralization of special elements used in an OS... |
| CVE-2024-52967 | 2025-01-14 | An improper neutralization of script-related html tags in a web... |
| CVE-2024-35278 | 2025-01-14 | A improper neutralization of special elements used in an sql... |
| CVE-2024-54021 | 2025-01-14 | An improper neutralization of crlf sequences in http headers ('http... |
| CVE-2024-36510 | 2025-01-14 | An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0... |
| CVE-2024-50564 | 2025-01-14 | A use of hard-coded cryptographic key in Fortinet FortiClientWindows version... |
| CVE-2024-33502 | 2025-01-14 | An improper limitation of a pathname to a restricted directory... |
| CVE-2024-48890 | 2025-01-14 | An improper neutralization of special elements used in an OS... |
| CVE-2024-36506 | 2025-01-14 | An improper verification of source of a communication channel vulnerability... |
| CVE-2024-26012 | 2025-01-14 | A improper neutralization of special elements used in an os... |
| CVE-2024-35277 | 2025-01-14 | A missing authentication for critical function in Fortinet FortiPortal version... |
| CVE-2024-45326 | 2025-01-14 | An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0,... |
| CVE-2024-46666 | 2025-01-14 | An allocation of resources without limits or throttling [CWE-770] vulnerability... |
| CVE-2024-21758 | 2025-01-14 | A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through... |
| CVE-2024-36504 | 2025-01-14 | An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal... |
| CVE-2024-46667 | 2025-01-14 | A allocation of resources without limits or throttling in Fortinet... |
| CVE-2024-47572 | 2025-01-14 | An improper neutralization of formula elements in a csv file... |
| CVE-2024-47571 | 2025-01-14 | An operation on a resource after expiration or release in... |
| CVE-2023-37931 | 2025-01-14 | An improper neutralization of special elements used in an sql... |
| CVE-2024-23106 | 2025-01-14 | An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS... |
| CVE-2024-32115 | 2025-01-14 | A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version... |
| CVE-2024-39784 | 2025-01-14 | Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality... |
| CVE-2024-39785 | 2025-01-14 | Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality... |
| CVE-2024-39786 | 2025-01-14 | Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality... |
| CVE-2024-39787 | 2025-01-14 | Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality... |
| CVE-2024-39788 | 2025-01-14 | Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg()... |
| CVE-2024-39789 | 2025-01-14 | Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg()... |
| CVE-2024-39790 | 2025-01-14 | Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg()... |
| CVE-2024-39280 | 2025-01-14 | An external config control vulnerability exists in the nas.cgi set_smb_cfg()... |
| CVE-2024-39360 | 2025-01-14 | An os command injection vulnerability exists in the nas.cgi remove_dir()... |
| CVE-2024-39793 | 2025-01-14 | Multiple external config control vulnerabilities exist in the nas.cgi set_nas()... |
| CVE-2024-39794 | 2025-01-14 | Multiple external config control vulnerabilities exist in the nas.cgi set_nas()... |
| CVE-2024-39795 | 2025-01-14 | Multiple external config control vulnerabilities exist in the nas.cgi set_nas()... |
| CVE-2024-39602 | 2025-01-14 | An external config control vulnerability exists in the nas.cgi set_nas()... |
| CVE-2024-38666 | 2025-01-14 | An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup()... |
| CVE-2024-39798 | 2025-01-14 | Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup()... |
| CVE-2024-39799 | 2025-01-14 | Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup()... |