CVE List - 2025 / January
Showing 4001 - 4100 of 4274 CVEs for January 2025 (Page 41 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-12409 | 2025-01-30 | Simple:Press Forum <= 6.10.11 - Reflected Cross-Site Scripting |
| CVE-2024-13706 | 2025-01-30 | WP Image Uploader <= 1.0.1 - Reflected Cross-Site Scripting |
| CVE-2025-0739 | 2025-01-30 | Improper Access Control vulnerability in EmbedAI |
| CVE-2025-0740 | 2025-01-30 | Improper Access Control vulnerability in EmbedAI |
| CVE-2025-0741 | 2025-01-30 | Improper Access Control vulnerability in EmbedAI |
| CVE-2025-0742 | 2025-01-30 | Improper Access Control vulnerability in EmbedAI |
| CVE-2025-0743 | 2025-01-30 | Improper Access Control vulnerability in EmbedAI |
| CVE-2025-0744 | 2025-01-30 | Improper Access Control vulnerability in EmbedAI |
| CVE-2025-0745 | 2025-01-30 | Improper Access Control vulnerability in EmbedAI |
| CVE-2025-0746 | 2025-01-30 | Reflected Cross-Site Scripting vulnerability in EmbedAI |
| CVE-2025-0747 | 2025-01-30 | Stored Cross-Site vulnerability in EmbedAI |
| CVE-2022-43916 | 2025-01-30 | IBM App Connect Enterprise Certified Container improper communications restriction |
| CVE-2024-13380 | 2025-01-30 | Alex Reservations: Smart Restaurant Booking <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-13466 | 2025-01-30 | Automatically Hierarchic Categories in Menu <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-0869 | 2025-01-30 | Cianet ONU GW24AC Login cross site scripting |
| CVE-2025-0870 | 2025-01-30 | Axiomatic Bento4 Ap4DataBuffer.h GetData heap-based overflow |
| CVE-2024-11583 | 2025-01-30 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font Deletion |
| CVE-2024-12444 | 2025-01-30 | WP Dispensary <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13700 | 2025-01-30 | Embed Swagger UI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13661 | 2025-01-30 | Table Editor <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13512 | 2025-01-30 | Wonder FontAwesome <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13720 | 2025-01-30 | WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2024-13705 | 2025-01-30 | StageShow <= 9.8.6 - Reflected Cross-Site Scripting |
| CVE-2024-12269 | 2025-01-30 | Safe Ai Malware Protection for WP <= 1.0.17 - Missing Authorization to Unauthenticated Database Export |
| CVE-2024-13671 | 2025-01-30 | Music Sheet Viewer <= 4.1 - Unauthenticated Arbitrary File Read |
| CVE-2024-13652 | 2025-01-30 | ECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion |
| CVE-2024-11600 | 2025-01-30 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Authenticated (Administrator+) Remote Code Execution |
| CVE-2024-13707 | 2025-01-30 | WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion |
| CVE-2024-13742 | 2025-01-30 | iControlWP – Multiple WordPress Site Manager <= 4.4.5 - Unauthenticated PHP Object Injection |
| CVE-2024-13460 | 2025-01-30 | WE – Testimonial Slider <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13549 | 2025-01-30 | All Bootstrap Blocks <= 1.3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12320 | 2025-01-30 | Team Rosters <= 4.7 - Reflected Cross-Site Scripting via 'tab' |
| CVE-2024-12821 | 2025-01-30 | Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-13646 | 2025-01-30 | Single-user-chat <= 0.5 - Authenticated (Subscriber+) Limited Options Update |
| CVE-2024-12861 | 2025-01-30 | W2S – Migrate WooCommerce to Shopify <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read |
| CVE-2024-13670 | 2025-01-30 | Music Sheet Viewer <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12177 | 2025-01-30 | Ai Image Alt Text Generator for WP <= 1.0.2 - Reflected Cross-Site Scripting |
| CVE-2024-8494 | 2025-01-30 | Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode |
| CVE-2024-13715 | 2025-01-30 | zStore Manager Basic <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache Clearing |
| CVE-2024-12451 | 2025-01-30 | HTML5 chat <= 1.04 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12299 | 2025-01-30 | System Dashboard <= 2.8.15 - Reflected Cross-Site Scripting via Filename Parameter |
| CVE-2024-13596 | 2025-01-30 | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-12822 | 2025-01-30 | Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update |
| CVE-2024-12129 | 2025-01-30 | Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-13664 | 2025-01-30 | WP Post List Table <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10847 | 2025-01-30 | Storely <= 16.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10591 | 2025-01-30 | MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update |
| CVE-2024-12102 | 2025-01-30 | Typer Core <= 1.9.6 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-13400 | 2025-01-30 | Kona Gallery Block <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13349 | 2025-01-30 | Stockdio Historical Chart <= 2.8.18 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-22218 | 2025-01-30 | VMware Aria Operations for Logs information disclosure vulnerability |
| CVE-2025-23367 | 2025-01-30 | Org.wildfly.core:wildfly-server: wildfly improper rbac permission |
| CVE-2025-0871 | 2025-01-30 | Maybecms Add Article index.php cross site scripting |
| CVE-2025-22219 | 2025-01-30 | VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22219) |
| CVE-2025-22220 | 2025-01-30 | VMware Aria Operations for Logs broken access control vulnerability (CVE-2025-22220) |
| CVE-2025-23216 | 2025-01-30 | Argo CD does not scrub secret values from patch errors |
| CVE-2025-22221 | 2025-01-30 | VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22221) |
| CVE-2025-22222 | 2025-01-30 | VMware Aria Operations information disclosure vulnerability (CVE-2025-22222) |
| CVE-2025-24784 | 2025-01-30 | kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource |
| CVE-2025-24376 | 2025-01-30 | The kubewarden-controller AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources |
| CVE-2025-24883 | 2025-01-30 | go-ethereum has a DoS via malicious p2p message |
| CVE-2025-0872 | 2025-01-30 | itsourcecode Tailoring Management System addpayment.php sql injection |
| CVE-2025-24099 | 2025-01-30 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their... |
| CVE-2025-0873 | 2025-01-30 | itsourcecode Tailoring Management System customeredit.php sql injection |
| CVE-2025-0367 | 2025-01-30 | Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch) |
| CVE-2024-2658 | 2025-01-30 | Local privilege escalation in FlexNet Publisher |
| CVE-2025-0498 | 2025-01-30 | Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability |
| CVE-2025-0497 | 2025-01-30 | Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability |
| CVE-2023-29080 | 2025-01-30 | Privilege escalation in InstallShield |
| CVE-2025-0477 | 2025-01-30 | Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability |
| CVE-2025-0874 | 2025-01-30 | code-projects Simple Plugins Car Rental Management approve.php sql injection |
| CVE-2025-24500 | 2025-01-30 | The vulnerability allows an unauthenticated attacker to access information in PAM database. |
| CVE-2024-12248 | 2025-01-30 | Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor |
| CVE-2025-0626 | 2025-01-30 | Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor |
| CVE-2025-0683 | 2025-01-30 | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor |
| CVE-2025-24501 | 2025-01-30 | An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. |
| CVE-2025-24502 | 2025-01-30 | An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address. |
| CVE-2025-24503 | 2025-01-30 | A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server. |
| CVE-2025-24504 | 2025-01-30 | An improper input validation the CSRF filter results in unsanitized user input written to the application logs. |
| CVE-2025-24505 | 2025-01-30 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. |
| CVE-2025-24506 | 2025-01-30 | A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types. |
| CVE-2025-24507 | 2025-01-30 | This vulnerability allows appliance compromise at boot time. |
| CVE-2024-44142 | 2025-01-30 | The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution. |
| CVE-2025-0680 | 2025-01-30 | New Rock Technologies Cloud Connected Devices has a Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. |
| CVE-2025-0681 | 2025-01-30 | New Rock Technologies Cloud Connected Devices Improper Neutralization of Wildcards or Matching Symbols |
| CVE-2024-10026 | 2025-01-30 | Improved Seeding and Hashing In gVisor |
| CVE-2024-10603 | 2025-01-30 | Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances. |
| CVE-2024-10604 | 2025-01-30 | Identifiable Header Values In Fuchsia Leading To Tracking of The User |
| CVE-2025-24802 | 2025-01-30 | Soundness issue with Plonky2 look up tables |
| CVE-2025-0142 | 2025-01-30 | Zoom Jenkins Marketplace plugin - Cleartext Storage of Sensitive Information |
| CVE-2025-0143 | 2025-01-30 | Zoom Workplace Apps for Linux - Out-of-bounds Write |
| CVE-2025-0144 | 2025-01-30 | Zoom Workplace Apps - Out-of-bounds Write |
| CVE-2025-0145 | 2025-01-30 | Zoom Workplace Apps for Windows - Untrusted Search Path |
| CVE-2025-0146 | 2025-01-30 | Zoom Workplace app for macOS - Symlink Following |
| CVE-2025-0147 | 2025-01-30 | Zoom Workplace App for Linux - Type Confusion |
| CVE-2025-0568 | 2025-01-30 | Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| CVE-2025-0570 | 2025-01-30 | Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| CVE-2025-0571 | 2025-01-30 | Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| CVE-2025-0569 | 2025-01-30 | Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| CVE-2025-0573 | 2025-01-30 | Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability |