CVE List - 2025 / January
Showing 3501 - 3600 of 4274 CVEs for January 2025 (Page 36 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-12113 | 2025-01-25 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion |
| CVE-2024-13368 | 2025-01-25 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2024-11825 | 2025-01-25 | Broadstreet <= 1.50.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via zone Parameter |
| CVE-2024-13467 | 2025-01-25 | WP Contact Form7 Email Spam Blocker <= 1.0.0 - Reflected Cross-Site Scripting |
| CVE-2024-13586 | 2025-01-25 | Masy Gallery <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12817 | 2025-01-25 | Etsy Importer <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13441 | 2025-01-25 | Bilingual Linker <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13551 | 2025-01-25 | ABC Notation <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13550 | 2025-01-25 | ABC Notation <= 6.1.3 - Authenticated (Contributor+) Arbitrary File Read |
| CVE-2024-13370 | 2025-01-25 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) |
| CVE-2024-12826 | 2025-01-25 | GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update |
| CVE-2024-13449 | 2025-01-25 | Boom Fest <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update |
| CVE-2024-13450 | 2025-01-25 | Contact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery |
| CVE-2025-0350 | 2025-01-25 | Divi Carousel Lite <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets |
| CVE-2024-13562 | 2025-01-25 | Import WP – Export and Import CSV and XML files to WordPress <= 2.14.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2024-35111 | 2025-01-25 | IBM Control Center information disclosure |
| CVE-2024-35112 | 2025-01-25 | IBM Control Center cross-site scripting |
| CVE-2024-35113 | 2025-01-25 | IBM Control Center information disclosure |
| CVE-2024-35114 | 2025-01-25 | IBM Control Center information disclosure |
| CVE-2023-38716 | 2025-01-25 | IBM Cloud Pak System information disclosure |
| CVE-2023-38012 | 2025-01-25 | IBM Cloud Pak System directory traversal |
| CVE-2023-38013 | 2025-01-25 | IBM Cloud Pak System information disclosure |
| CVE-2023-38714 | 2025-01-25 | IBM Cloud Pak System information disclosure |
| CVE-2023-38713 | 2025-01-25 | IBM Cloud Pak System information disclosure |
| CVE-2023-38271 | 2025-01-25 | IBM Cloud Pak System information disclosure |
| CVE-2024-39750 | 2025-01-25 | IBM Analytics Content Hub buffer overflow |
| CVE-2024-35134 | 2025-01-25 | IBM Analytics Content Hub information disclosure |
| CVE-2024-35145 | 2025-01-25 | IBM Maximo Application Suite cross-site scripting |
| CVE-2024-35144 | 2025-01-25 | IBM Maximo Application Suite information disclosure |
| CVE-2024-35148 | 2025-01-25 | IBM Maximo Application Suite SQL injection |
| CVE-2024-35150 | 2025-01-25 | IBM Maximo Application Suite log manipulation |
| CVE-2025-0542 | 2025-01-25 | G DATA Management Server Local privilege escalation |
| CVE-2025-0543 | 2025-01-25 | G DATA Security Client Local privilege escalation |
| CVE-2022-49043 | 2025-01-26 | xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. |
| CVE-2024-46881 | 2025-01-26 | Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions... |
| CVE-2025-24858 | 2025-01-26 | Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used... |
| CVE-2024-10636 | 2025-01-26 | Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Reflected DOM-Based Cross-Site Scripting via content |
| CVE-2024-10628 | 2025-01-26 | Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated SQL Injection via id |
| CVE-2024-10574 | 2025-01-26 | Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Missing Authorization to Google Sheets Integration Credentials Modification and Stored Cross-Site Scripting |
| CVE-2024-10633 | 2025-01-26 | Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content |
| CVE-2024-11090 | 2025-01-26 | Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-10705 | 2025-01-26 | Multiple Page Generator Plugin – MPG <= 4.0.5 - Authenticated (Editor+) Server-Side Request Forgery via fileUrl |
| CVE-2024-11936 | 2025-01-26 | Zox News <= 3.16.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-11641 | 2025-01-26 | VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-12334 | 2025-01-26 | WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.4 - Reflected Cross-Site Scripting |
| CVE-2024-13505 | 2025-01-26 | Survey Maker <= 5.1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Survey Question |
| CVE-2024-31906 | 2025-01-26 | IBM Automation Decision Services information disclosure |
| CVE-2023-50945 | 2025-01-26 | IBM Common Licensing information disclosure |
| CVE-2023-50946 | 2025-01-26 | IBM Common Licensing information disclosure |
| CVE-2023-38009 | 2025-01-26 | IBM Cognos Analytics Mobile information disclosure |
| CVE-2017-20196 | 2025-01-26 | Itechscripts School Management Software notice-edit.php sql injection |
| CVE-2025-0720 | 2025-01-26 | Microword eScan Antivirus Folder Watch List rtscanner removeExtraSlashes stack-based overflow |
| CVE-2025-0721 | 2025-01-26 | needyamin image_gallery view.php cross site scripting |
| CVE-2025-0722 | 2025-01-26 | needyamin image_gallery Cover Image gallery.php unrestricted upload |
| CVE-2024-26317 | 2025-01-27 | In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it... |
| CVE-2024-48416 | 2025-01-27 | Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding. |
| CVE-2024-48417 | 2025-01-27 | Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter. |
| CVE-2024-48418 | 2025-01-27 | In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to... |
| CVE-2024-48419 | 2025-01-27 | Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues... |
| CVE-2024-48420 | 2025-01-27 | Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic. |
| CVE-2024-48662 | 2025-01-27 | Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (4778) and before allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component. |
| CVE-2024-54728 | 2025-01-27 | Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs. |
| CVE-2024-55227 | 2025-01-27 | A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. |
| CVE-2024-55228 | 2025-01-27 | A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. |
| CVE-2024-56178 | 2025-01-27 | An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role. |
| CVE-2024-56316 | 2025-01-27 | In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests... |
| CVE-2024-56947 | 2025-01-27 | An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56948 | 2025-01-27 | An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56949 | 2025-01-27 | An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56950 | 2025-01-27 | An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56951 | 2025-01-27 | An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56952 | 2025-01-27 | An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link. |
| CVE-2024-56953 | 2025-01-27 | An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link. |
| CVE-2024-56954 | 2025-01-27 | An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56955 | 2025-01-27 | An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56957 | 2025-01-27 | An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56959 | 2025-01-27 | An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56960 | 2025-01-27 | An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56962 | 2025-01-27 | An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56963 | 2025-01-27 | An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56964 | 2025-01-27 | An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56965 | 2025-01-27 | An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56966 | 2025-01-27 | An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56967 | 2025-01-27 | An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56968 | 2025-01-27 | An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload. |
| CVE-2024-56969 | 2025-01-27 | An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56971 | 2025-01-27 | An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-56972 | 2025-01-27 | An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link. |
| CVE-2024-57052 | 2025-01-27 | An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file. |
| CVE-2024-57272 | 2025-01-27 | SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site Scripting (XSS). |
| CVE-2024-57276 | 2025-01-27 | In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file... |
| CVE-2024-57373 | 2025-01-27 | Cross Site Request Forgery (CSRF) vulnerability in LifestyleStore v1.0 allows a remote attacker to execute unauthorized actions on behalf of an authenticated user, potentially leading to account modifications or data... |
| CVE-2024-57546 | 2025-01-27 | An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function. |
| CVE-2024-57547 | 2025-01-27 | Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files. |
| CVE-2024-57548 | 2025-01-27 | CMSimple 5.16 allows the user to edit log.php file via print page. |
| CVE-2024-57549 | 2025-01-27 | CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request. |
| CVE-2024-57590 | 2025-01-27 | TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary... |
| CVE-2024-57595 | 2025-01-27 | DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter "wps_pin" passed to... |
| CVE-2024-28771 | 2025-01-27 | IBM Security Directory Integrator information disclosure |
| CVE-2024-28770 | 2025-01-27 | IBM Security Directory Integrator information disclosure |