CVE List - 2025 / January
Showing 2101 - 2200 of 4274 CVEs for January 2025 (Page 22 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-57857 | 2025-01-15 | RDMA/siw: Remove direct link to net_device |
| CVE-2024-11322 | 2025-01-15 | CyberPower PowerPanel Business Unauthenticated Restart DoS |
| CVE-2024-12084 | 2025-01-15 | Rsync: heap buffer overflow in rsync due to improper checksum length handling |
| CVE-2024-45061 | 2025-01-15 | A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An... |
| CVE-2024-47002 | 2025-01-15 | A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user... |
| CVE-2024-47140 | 2025-01-15 | A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user... |
| CVE-2025-22799 | 2025-01-15 | WordPress Neon Product Designer Plugin <= 2.1.1 - SQL Injection vulnerability |
| CVE-2025-22798 | 2025-01-15 | WordPress Responsive jQuery Slider plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22797 | 2025-01-15 | WordPress Gallery and Lightbox plugin <= 1.0.14 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22795 | 2025-01-15 | WordPress Multilang Contact Form Plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22793 | 2025-01-15 | WordPress Bold pagos en linea Plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22788 | 2025-01-15 | WordPress CoDesigner plugin <= 4.7.17.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22787 | 2025-01-15 | WordPress Button Block plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2025-22786 | 2025-01-15 | WordPress ElementInvader Addons for Elementor plugin <= 1.2.6 - Local File Inclusion vulnerability |
| CVE-2025-22785 | 2025-01-15 | WordPress Course Booking System plugin <= 6.0.5 - SQL Injection vulnerability |
| CVE-2025-22784 | 2025-01-15 | WordPress Background Control plugin <= 1.0.5 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-22782 | 2025-01-15 | WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Remote Code Execution (RCE) vulnerability |
| CVE-2025-22781 | 2025-01-15 | WordPress Nativery Plugin plugin <= 0.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22780 | 2025-01-15 | WordPress wp-pano Plugin <= 1.17 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22779 | 2025-01-15 | WordPress WP News Sliders plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-22778 | 2025-01-15 | WordPress Lijit Search Plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22776 | 2025-01-15 | WordPress WP Bulletin Board Plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22773 | 2025-01-15 | WordPress Htaccess File Editor <= 1.0.19 - Broken Authentication vulnerability |
| CVE-2025-22769 | 2025-01-15 | WordPress Multifox theme <= 1.3.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22766 | 2025-01-15 | WordPress Zarinpal Paid Download Plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22765 | 2025-01-15 | WordPress WP Order By Plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22764 | 2025-01-15 | WordPress WP Post Corrector Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22762 | 2025-01-15 | WordPress Octrace Support Pro plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22761 | 2025-01-15 | WordPress Ajax Contact Form plugin <= 1.2.5.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22760 | 2025-01-15 | WordPress CodeBard Help Desk plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22759 | 2025-01-15 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22758 | 2025-01-15 | WordPress Elementor AI Addons plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22755 | 2025-01-15 | WordPress WP Headmaster Plugin <= 0.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22754 | 2025-01-15 | WordPress Amber Plugin <=1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22753 | 2025-01-15 | WordPress turboSMTP Plugin <= 4.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22752 | 2025-01-15 | WordPress GSheetConnector for Forminator Forms Plugin <= 1.0.11 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22751 | 2025-01-15 | WordPress Partners Plugin <= 0.2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22750 | 2025-01-15 | WordPress Post Carousel & Slider plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22749 | 2025-01-15 | WordPress Social Media Engine plugin <= 1.0.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22748 | 2025-01-15 | WordPress SetMore Theme – Custom Post Types plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22747 | 2025-01-15 | WordPress Foundation Columns plugin <= 0.8 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22746 | 2025-01-15 | WordPress HireHive Job Plugin plugin <= 2.9.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22745 | 2025-01-15 | WordPress Navigation Du Lapin Blanc plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22744 | 2025-01-15 | WordPress S-DEV SEO plugin <= 1.88 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22743 | 2025-01-15 | WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22742 | 2025-01-15 | WordPress WP ViewSTL plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22738 | 2025-01-15 | WordPress WP ULike plugin <= 4.7.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22737 | 2025-01-15 | WordPress WpTravelly Plugin <= 1.8.5 - Broken Access Control vulnerability |
| CVE-2025-22736 | 2025-01-15 | WordPress User Management plugin <= 1.2 - Privilege Escalation vulnerability |
| CVE-2025-22734 | 2025-01-15 | WordPress Posts Footer Manager Plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22731 | 2025-01-15 | WordPress Build Private Store For Woocommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22729 | 2025-01-15 | WordPress VOD Infomaniak plugin <= 1.5.9 - Broken Access Control vulnerability |
| CVE-2025-22724 | 2025-01-15 | WordPress Product Carousel For WooCommerce – WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22587 | 2025-01-15 | WordPress SEO Bulk Editor plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22346 | 2025-01-15 | WordPress Course Migration for LearnDash plugin 1.0.2 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-22329 | 2025-01-15 | WordPress Free Google Maps plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22317 | 2025-01-15 | WordPress Gallery Images Ape plugin <= 2.2.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56295 | 2025-01-15 | WordPress Poll Maker plugin <= 5.5.6 - Broken Access Control vulnerability |
| CVE-2024-8603 | 2025-01-15 | A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may... |
| CVE-2025-21088 | 2025-01-15 | WebApp crash via improper validation of proto style in attachments |
| CVE-2025-20036 | 2025-01-15 | Insufficient Input Validation on Post Props |
| CVE-2025-21083 | 2025-01-15 | Insufficient Input Validation on Post Props |
| CVE-2020-8094 | 2025-01-15 | Untrusted Search Path Vulnerability in Bitdefender Antivirus Free 2020 (VA-8422) |
| CVE-2024-7085 | 2025-01-15 | Exposure of private information vulnerability has been discovered in OpenText™ Solutions Business Manager (SBM). |
| CVE-2025-20086 | 2025-01-15 | Insufficient Input Validation on Post Props |
| CVE-2025-20088 | 2025-01-15 | Insufficient Input Validation on Post Props |
| CVE-2025-23040 | 2025-01-15 | Maliciously crafted remote URLs could lead to credential leak in GitHub Desktop |
| CVE-2025-0480 | 2025-01-15 | wuzhicms config.php test server-side request forgery |
| CVE-2024-52005 | 2025-01-15 | The sideband payload is passed unfiltered to the terminal in git |
| CVE-2025-0502 | 2025-01-15 | Transmission of Private Resources into a New Sphere in Crafter Engine |
| CVE-2025-0500 | 2025-01-15 | Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients |
| CVE-2025-0501 | 2025-01-15 | Issue affecting Amazon WorkSpaces Clients (when running PCoIP protocol) |
| CVE-2025-0481 | 2025-01-15 | D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure |
| CVE-2025-0482 | 2025-01-15 | Fanli2012 native-php-cms user_recoverpwd.php default credentials |
| CVE-2025-0483 | 2025-01-15 | Fanli2012 native-php-cms jump.php cross site scripting |
| CVE-2024-54540 | 2025-01-15 | The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app. |
| CVE-2024-44136 | 2025-01-15 | This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to... |
| CVE-2024-27856 | 2025-01-15 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS... |
| CVE-2024-40771 | 2025-01-15 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS... |
| CVE-2024-40839 | 2025-01-15 | This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able... |
| CVE-2024-40854 | 2025-01-15 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, macOS Ventura... |
| CVE-2024-54535 | 2025-01-15 | A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data... |
| CVE-2024-54470 | 2025-01-15 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1. An attacker with physical access may be... |
| CVE-2025-22146 | 2025-01-15 | Improper authentication on SAML SSO process allows user impersonation in sentry |
| CVE-2025-0484 | 2025-01-15 | Fanli2012 native-php-cms Backend sysconfig_doedit.php improper authorization |
| CVE-2025-0485 | 2025-01-15 | Fanli2012 native-php-cms sysconfig_doedit.php cross site scripting |
| CVE-2025-0486 | 2025-01-15 | Fanli2012 native-php-cms login.php sql injection |
| CVE-2025-0487 | 2025-01-15 | Fanli2012 native-php-cms cat_edit.php sql injection |
| CVE-2025-0488 | 2025-01-15 | Fanli2012 native-php-cms product_list.php sql injection |
| CVE-2025-0489 | 2025-01-15 | Fanli2012 native-php-cms friendlink_dodel.php sql injection |
| CVE-2025-0490 | 2025-01-15 | Fanli2012 native-php-cms article_dodel.php sql injection |
| CVE-2025-0491 | 2025-01-15 | Fanli2012 native-php-cms cat_dodel.php sql injection |
| CVE-2025-0492 | 2025-01-15 | D-Link DIR-823X FUN_00412244 null pointer dereference |
| CVE-2025-0215 | 2025-01-15 | UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting |
| CVE-2025-0476 | 2025-01-15 | Mobile crash via file with specially crafted filename |
| CVE-2024-57577 | 2025-01-16 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. |
| CVE-2024-57578 | 2025-01-16 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function. |
| CVE-2024-57684 | 2025-01-16 | An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. |
| CVE-2024-57771 | 2025-01-16 | A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2024-57772 | 2025-01-16 | A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |