CVE List - 2025 / January
Showing 2501 - 2600 of 4274 CVEs for January 2025 (Page 26 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-57032 | 2025-01-17 | WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password... |
| CVE-2024-57033 | 2025-01-17 | WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo parameter of documentos_funcionario.php. |
| CVE-2024-57034 | 2025-01-17 | WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter. |
| CVE-2024-57035 | 2025-01-17 | WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php. |
| CVE-2024-57369 | 2025-01-17 | Clickjacking vulnerability in typecho v1.2.1. |
| CVE-2024-57370 | 2025-01-17 | Cross Site Scripting vulnerability in sunnygkp10 Online Exam System master version allows a remote attacker to obtain sensitive information via the w parameter. |
| CVE-2024-34579 | 2025-01-17 | Fuji Electric Alpha5 SMART Stack-Based Buffer Overflow |
| CVE-2025-21325 | 2025-01-17 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| CVE-2024-52363 | 2025-01-17 | IBM InfoSphere Information Server directory traversal |
| CVE-2024-51462 | 2025-01-17 | IBM QRadar WinCollect Agent data manipulation |
| CVE-2024-13401 | 2025-01-17 | Payment Button for PayPal <= 1.2.3.35 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13434 | 2025-01-17 | WP Inventory Manager <= 2.3.2 - Reflected Cross-Site Scripting |
| CVE-2024-13398 | 2025-01-17 | Checkout for PayPal <= 1.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11146 | 2025-01-17 | TrueFiling authorization bypass via user-controlled keys |
| CVE-2024-13333 | 2025-01-17 | Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-10799 | 2025-01-17 | Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read |
| CVE-2024-12508 | 2025-01-17 | Glofox Shortcodes <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13366 | 2025-01-17 | Sandbox <= 0.4 - Reflected Cross-Site Scripting |
| CVE-2024-13386 | 2025-01-17 | quote-posttype-plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13367 | 2025-01-17 | Sandbox <= 0.4 - Missing Authorization to Authenticated (Subscriber+) Sandbox Download |
| CVE-2024-12637 | 2025-01-17 | Moving Users <= 1.05 - Unauthenticated Sensitive Information Exposure |
| CVE-2024-12598 | 2025-01-17 | MyBookProgress by Stormhill Media <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via book Parameter |
| CVE-2024-12466 | 2025-01-17 | Proofreading <= 1.2.1.1 - Reflected Cross-Site Scripting |
| CVE-2024-12203 | 2025-01-17 | RSS Icon Widget <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-12370 | 2025-01-17 | WP Hotel Booking <= 2.1.5 - Missing Authorization |
| CVE-2024-11139 | 2025-01-17 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to exploit these issues to potentially execute arbitrary code when opening... |
| CVE-2024-11425 | 2025-01-17 | CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver. |
| CVE-2024-13377 | 2025-01-17 | GravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter |
| CVE-2024-13378 | 2025-01-17 | GravityForms 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter |
| CVE-2024-12399 | 2025-01-17 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when... |
| CVE-2024-12476 | 2025-01-17 | CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted... |
| CVE-2024-12142 | 2025-01-17 | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure of restricted web page, modification of web page and denial of service when specific... |
| CVE-2024-12703 | 2025-01-17 | CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious... |
| CVE-2024-10497 | 2025-01-17 | CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges (Elevation of Privileges) when the attacker sends... |
| CVE-2024-10498 | 2025-01-17 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow an unauthorized attacker to modify configuration values outside of the normal range when... |
| CVE-2025-0527 | 2025-01-17 | code-projects Admission Management System signupconfirm.php sql injection |
| CVE-2024-13503 | 2025-01-17 | Stack-Based Buffer Overflow in Newtec's update signaling causes RCE |
| CVE-2024-13502 | 2025-01-17 | A command injection in the NTC2218, NTC2250, NTC2299 modems' web interfaces allows to exeucte arbitrary shell commands. |
| CVE-2025-0528 | 2025-01-17 | Tenda AC8/AC10/AC18 HTTP Request telnet command injection |
| CVE-2025-0529 | 2025-01-17 | code-projects Train Ticket Reservation System Login Form stack-based overflow |
| CVE-2025-0530 | 2025-01-17 | code-projects Job Recruitment _feedback_system.php cross site scripting |
| CVE-2025-0531 | 2025-01-17 | code-projects Chat System leaveroom.php sql injection |
| CVE-2024-26156 | 2025-01-17 | ETIC Telecom Remote Access Server (RAS) Cross-site Scripting |
| CVE-2024-26157 | 2025-01-17 | ETIC Telecom Remote Access Server (RAS) Cross-site Scripting |
| CVE-2024-26154 | 2025-01-17 | ETIC Telecom Remote Access Server (RAS) Cross-site Scripting |
| CVE-2024-26155 | 2025-01-17 | ETIC Telecom Remote Access Server (RAS) Cleartext Transmission of Sensitive Information |
| CVE-2024-26153 | 2025-01-17 | ETIC Telecom Remote Access Server (RAS) Cross-Site Request Forgery |
| CVE-2024-53683 | 2025-01-17 | Ossur Mobile Logic Application Exposure of Sensitive System Information to an Unauthorized Control Sphere |
| CVE-2024-54681 | 2025-01-17 | Ossur Mobile Logic Application Command Injection |
| CVE-2024-45832 | 2025-01-17 | Ossur Mobile Logic Application Use of Hard-coded Credentials |
| CVE-2025-0532 | 2025-01-17 | Codezips Gym Management System new_submit.php sql injection |
| CVE-2025-0430 | 2025-01-17 | Belledonne Communications Linphone-Desktop NULL Pointer Dereference |
| CVE-2024-12757 | 2025-01-17 | Nedap Librix Ecoreader Missing Authentication for Critical Function |
| CVE-2025-0533 | 2025-01-17 | 1000 Projects Campaign Management System Platform for Women sc_login.php sql injection |
| CVE-2025-0534 | 2025-01-17 | 1000 Projects Campaign Management System Platform for Women loginnew.php sql injection |
| CVE-2025-0535 | 2025-01-17 | Codezips Gym Management System edit_mem_submit.php sql injection |
| CVE-2025-21399 | 2025-01-17 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability |
| CVE-2025-21185 | 2025-01-17 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2025-0536 | 2025-01-17 | 1000 Projects Attendance Tracking Management System edit_action.php sql injection |
| CVE-2025-0537 | 2025-01-17 | code-projects Car Rental Management System manage-pages.php cross site scripting |
| CVE-2024-13026 | 2025-01-17 | Inadequate Encryption Strength Vulnerability in Roche Algo Edge |
| CVE-2025-21606 | 2025-01-17 | Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats |
| CVE-2025-23039 | 2025-01-17 | Cross Site Scripting on URL decode Tooltip in Caido |
| CVE-2025-23202 | 2025-01-17 | Improper Input Validation in Bible Module for ROBLOX |
| CVE-2025-23205 | 2025-01-17 | `frame-ancestors: self` grants all users access to formgrader in nbgrader |
| CVE-2025-0538 | 2025-01-17 | code-projects Tourism Management System manage-pages.php cross site scripting |
| CVE-2025-23206 | 2025-01-17 | IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk |
| CVE-2025-0540 | 2025-01-17 | itsourcecode Tailoring Management System expadd.php sql injection |
| CVE-2023-50738 | 2025-01-17 | A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices. |
| CVE-2025-23207 | 2025-01-17 | \htmlData does not validate attribute names in KaTeX |
| CVE-2025-0541 | 2025-01-17 | Codezips Gym Management System edit_member.php sql injection |
| CVE-2025-23208 | 2025-01-17 | IdP group membership revocation ignored in zot |
| CVE-2018-9383 | 2025-01-17 | In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2018-9384 | 2025-01-17 | In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User... |
| CVE-2017-13322 | 2025-01-17 | In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial... |
| CVE-2018-9375 | 2025-01-17 | In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation... |
| CVE-2018-9379 | 2025-01-17 | In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with... |
| CVE-2018-9382 | 2025-01-17 | In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation... |
| CVE-2018-9434 | 2025-01-17 | In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2018-9447 | 2025-01-17 | In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with... |
| CVE-2018-9461 | 2025-01-17 | In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation... |
| CVE-2018-9464 | 2025-01-17 | In multiple locations, there is a possible way to read protected files due to a missing permission check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2018-9387 | 2025-01-17 | In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no... |
| CVE-2018-9389 | 2025-01-17 | In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to local escalation of privilege with no additional... |
| CVE-2018-9406 | 2025-01-17 | In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2018-9401 | 2025-01-17 | In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with... |
| CVE-2018-9405 | 2025-01-17 | In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2024-11923 | 2025-01-17 | Sensitive Information Disclosure in Fortra Application Hub Prior to version 1.3 |
| CVE-2023-50739 | 2025-01-17 | A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. |
| CVE-2025-23209 | 2025-01-18 | Potential RCE with a compromised security key in craft/cms |
| CVE-2024-12071 | 2025-01-18 | Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2025-0554 | 2025-01-18 | Podlove Podcast Publisher <= 4.1.25 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name |
| CVE-2025-0318 | 2025-01-18 | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure |
| CVE-2024-13515 | 2025-01-18 | Image Source Control Lite – Show Image Credits and Captions <= 2.28.0 - Reflected Cross-Site Scripting |
| CVE-2024-13516 | 2025-01-18 | Kubio AI Page Builder <= 2.3.5 - Reflected Cross-Site Scripting |
| CVE-2025-0308 | 2025-01-18 | Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection |
| CVE-2024-9020 | 2025-01-18 | List category posts < 0.90.3 - Author+ Stored XSS |
| CVE-2024-13391 | 2025-01-18 | MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13432 | 2025-01-18 | Webcamconsult <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-0515 | 2025-01-18 | Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option Update |