CVE List - 2025 / January
Showing 2701 - 2800 of 4277 CVEs for January 2025 (Page 28 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-0582 | 2025-01-20 | itsourcecode Farm Management System add-pig.php unrestricted upload |
| CVE-2025-0590 | 2025-01-20 | Improper permission settings for mobile applications (com.transsion.carlcare) may lead to... |
| CVE-2023-52923 | 2025-01-20 | netfilter: nf_tables: adapt set backend to use GC transaction API |
| CVE-2025-0479 | 2025-01-20 | Security Misconfiguration Vulnerability in CP Plus Router |
| CVE-2024-13176 | 2025-01-20 | Timing side-channel in ECDSA signature computation |
| CVE-2025-21655 | 2025-01-20 | io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period |
| CVE-2024-45647 | 2025-01-20 | IBM Security Verify Access unverified password change |
| CVE-2024-51738 | 2025-01-20 | Sunshine improperly enforces pairing protocol request order |
| CVE-2025-22131 | 2025-01-20 | Cross-Site Scripting (XSS) vulnerability in generateNavigation() function |
| CVE-2025-22620 | 2025-01-20 | gix-worktree-state nonexclusive checkout sets executable files world-writable |
| CVE-2025-23044 | 2025-01-20 | Cross-Site Request Forgery (CSRF) allows creating admin account with POST request |
| CVE-2025-23218 | 2025-01-20 | WeGIA has a SQL Injection endpoint 'adicionar_especie.php' parameter 'especie' |
| CVE-2025-23219 | 2025-01-20 | WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor' |
| CVE-2025-23220 | 2025-01-20 | WeGIA has a SQL Injection endpoint 'adicionar_raca.php' parameter 'raca' |
| CVE-2025-24010 | 2025-01-20 | Vite allows any websites to send any requests to the development server and read the response |
| CVE-2025-24013 | 2025-01-20 | CodeIgniter validation of header name and value |
| CVE-2025-23221 | 2025-01-20 | Fedify has an Infinite loop and Blind SSRF found inside the Webfinger mechanism |
| CVE-2024-22348 | 2025-01-20 | IBM UrbanCode Velocity cross-origin resource sharing |
| CVE-2024-22347 | 2025-01-20 | IBM UrbanCode Velocity information disclosure |
| CVE-2024-22349 | 2025-01-20 | IBM UrbanCode Velocity information disclosure |
| CVE-2025-23214 | 2025-01-20 | Cosmos userbase checking vulnerability |
| CVE-2024-13454 | 2025-01-20 | Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows... |
| CVE-2025-24014 | 2025-01-20 | segmentation fault in win_line() in Vim < 9.1.1043 |
| CVE-2023-37035 | 2025-01-21 | A Null pointer dereference vulnerability in the Mobile Management Entity... |
| CVE-2023-45908 | 2025-01-21 | Homarr before v0.14.0 was discovered to contain a stored cross-site... |
| CVE-2024-54792 | 2025-01-21 | A Cross-Site Request Forgery (CSRF) vulnerability has been found in... |
| CVE-2024-54794 | 2025-01-21 | The script input feature of SpagoBI 3.5.1 allows arbitrary code... |
| CVE-2024-54795 | 2025-01-21 | SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in... |
| CVE-2024-56997 | 2025-01-21 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site... |
| CVE-2024-56998 | 2025-01-21 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site... |
| CVE-2023-27112 | 2025-01-21 | pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability... |
| CVE-2023-27113 | 2025-01-21 | pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability... |
| CVE-2023-37024 | 2025-01-21 | A reachable assertion in the Mobile Management Entity (MME) of... |
| CVE-2023-37025 | 2025-01-21 | A Null pointer dereference vulnerability in the Mobile Management Entity... |
| CVE-2023-37026 | 2025-01-21 | A Null pointer dereference vulnerability in the Mobile Management Entity... |
| CVE-2023-37027 | 2025-01-21 | Null pointer dereference vulnerability in the Mobile Management Entity (MME)... |
| CVE-2023-37028 | 2025-01-21 | A Null pointer dereference vulnerability in the Mobile Management Entity... |
| CVE-2023-37029 | 2025-01-21 | Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are... |
| CVE-2023-37030 | 2025-01-21 | A Null pointer dereference vulnerability in the Mobile Management Entity... |
| CVE-2023-37031 | 2025-01-21 | A Null pointer dereference vulnerability in the Mobile Management Entity... |
| CVE-2023-37032 | 2025-01-21 | A Stack-based buffer overflow in the Mobile Management Entity (MME)... |
| CVE-2023-37033 | 2025-01-21 | A Null pointer dereference vulnerability in the Mobile Management Entity... |
| CVE-2023-37034 | 2025-01-21 | A Null pointer dereference vulnerability in the Mobile Management Entity... |
| CVE-2023-37036 | 2025-01-21 | A Null pointer dereference vulnerability in the Mobile Management Entity... |
| CVE-2023-37037 | 2025-01-21 | A Null pointer dereference vulnerability in the Mobile Management Entity... |
| CVE-2023-37038 | 2025-01-21 | A Null pointer dereference vulnerability in the Mobile Management Entity... |
| CVE-2023-37039 | 2025-01-21 | A Null pointer dereference vulnerability in the Mobile Management Entity... |
| CVE-2024-24416 | 2025-01-21 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit... |
| CVE-2024-24417 | 2025-01-21 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit... |
| CVE-2024-24418 | 2025-01-21 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit... |
| CVE-2024-24419 | 2025-01-21 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit... |
| CVE-2024-24420 | 2025-01-21 | A reachable assertion in the decode_linked_ti_ie function of Magma <=... |
| CVE-2024-24421 | 2025-01-21 | A type confusion in the nas_message_decode function of Magma <=... |
| CVE-2024-24422 | 2025-01-21 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit... |
| CVE-2024-24423 | 2025-01-21 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit... |
| CVE-2024-24424 | 2025-01-21 | A reachable assertion in the decode_access_point_name_ie function of Magma <=... |
| CVE-2024-24427 | 2025-01-21 | A reachable assertion in the amf_ue_set_suci function of Open5GS <=... |
| CVE-2024-24428 | 2025-01-21 | A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <=... |
| CVE-2024-24442 | 2025-01-21 | A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface... |
| CVE-2024-24443 | 2025-01-21 | An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface... |
| CVE-2024-24444 | 2025-01-21 | Improper file descriptor handling for closed connections in OpenAirInterface CN5G... |
| CVE-2024-24445 | 2025-01-21 | OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference... |
| CVE-2024-24451 | 2025-01-21 | A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G... |
| CVE-2024-42936 | 2025-01-21 | The mqlink.elf is service component in Ruijie RG-EW300N with firmware... |
| CVE-2024-48392 | 2025-01-21 | OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An... |
| CVE-2024-51417 | 2025-01-21 | An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to... |
| CVE-2024-55504 | 2025-01-21 | An issue in RAR Extractor - Unarchiver Free and Pro... |
| CVE-2024-55958 | 2025-01-21 | Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows... |
| CVE-2024-55959 | 2025-01-21 | Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. |
| CVE-2024-56990 | 2025-01-21 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site... |
| CVE-2024-57036 | 2025-01-21 | TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion... |
| CVE-2024-57360 | 2025-01-21 | https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The... |
| CVE-2024-57536 | 2025-01-21 | Linksys E8450 v1.2.00.360516 was discovered to contain a command injection... |
| CVE-2024-57537 | 2025-01-21 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow... |
| CVE-2024-57538 | 2025-01-21 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow... |
| CVE-2024-57539 | 2025-01-21 | Linksys E8450 v1.2.00.360516 was discovered to contain a command injection... |
| CVE-2024-57540 | 2025-01-21 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow... |
| CVE-2024-57541 | 2025-01-21 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow... |
| CVE-2024-57542 | 2025-01-21 | Linksys E8450 v1.2.00.360516 was discovered to contain a command injection... |
| CVE-2024-57543 | 2025-01-21 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow... |
| CVE-2024-57544 | 2025-01-21 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow... |
| CVE-2024-57545 | 2025-01-21 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow... |
| CVE-2024-45091 | 2025-01-21 | IBM UrbanCode Deploy information disclosure |
| CVE-2024-13536 | 2025-01-21 | 1003 Mortgage Application <= 1.87 - Unauthenticated Full Path Disclosure |
| CVE-2025-23086 | 2025-01-21 | On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a... |
| CVE-2024-10936 | 2025-01-21 | String Locator <= 2.6.6 - Unauthenticated PHP Object Injection |
| CVE-2025-0371 | 2025-01-21 | Jet Elements <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-12005 | 2025-01-21 | WP-BibTeX <= 3.0.1 - Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting |
| CVE-2024-12104 | 2025-01-21 | Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion |
| CVE-2024-13404 | 2025-01-21 | Link Library <= 7.7.2 - Reflected Cross-Site Scripting |
| CVE-2025-23184 | 2025-01-21 | Apache CXF: Denial of Service vulnerability with temporary files |
| CVE-2024-6466 | 2025-01-21 | NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an attacker... |
| CVE-2024-37284 | 2025-01-21 | Elastic Defend Improper Handling of Alternate Encoding Leads to Crash |
| CVE-2024-43709 | 2025-01-21 | Elasticsearch allocation of resources without limits or throttling leads to crash |
| CVE-2024-52973 | 2025-01-21 | Kibana allocation of resources without limits or throttling leads to crash |
| CVE-2025-0450 | 2025-01-21 | Betheme <= 27.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS |
| CVE-2024-13230 | 2025-01-21 | Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.14 - Unauthenticated Limited SQL Injection via 'SuperSocializerKey' |
| CVE-2024-11226 | 2025-01-21 | FireCask Like & Share Button <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter |
| CVE-2024-13444 | 2025-01-21 | wp-greet <= 6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-0614 | 2025-01-21 | Input validation vulnerability in Qualifio's Wheel of Fortune |