CVE List - 2025 / January
Showing 1201 - 1300 of 4277 CVEs for January 2025 (Page 13 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-13301 | 2025-01-09 | OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) - Critical - Cross Site Scripting - SA-CONTRIB-2024-067 |
| CVE-2024-13302 | 2025-01-09 | Pages Restriction Access - Critical - Access bypass - SA-CONTRIB-2024-068 |
| CVE-2024-13303 | 2025-01-09 | Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069 |
| CVE-2024-13304 | 2025-01-09 | Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070 |
| CVE-2024-13305 | 2025-01-09 | Entity Form Steps - Moderately critical - Cross site scripting - SA-CONTRIB-2024-071 |
| CVE-2024-13308 | 2025-01-09 | Browser Back Button - Moderately critical - Cross site scripting - SA-CONTRIB-2024-072 |
| CVE-2024-13309 | 2025-01-09 | Login Disable - Critical - Access bypass - SA-CONTRIB-2024-073 |
| CVE-2024-13310 | 2025-01-09 | Git Utilities for Drupal - Critical - Unsupported - SA-CONTRIB-2024-074 |
| CVE-2024-13311 | 2025-01-09 | Allow All File Extensions for file fields - Critical - Unsupported - SA-CONTRIB-2024-075 |
| CVE-2024-13312 | 2025-01-09 | Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076 |
| CVE-2025-21385 | 2025-01-09 | Microsoft Purview Information Disclosure Vulnerability |
| CVE-2025-21380 | 2025-01-09 | Azure Marketplace SaaS Resources Information Disclosure Vulnerability |
| CVE-2024-25371 | 2025-01-10 | Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from an Interface vulnerability due to... |
| CVE-2024-29970 | 2025-01-10 | Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads... |
| CVE-2024-29971 | 2025-01-10 | Scontain SCONE 5.8.0 has an interface vulnerability that leads to... |
| CVE-2024-33297 | 2025-01-10 | Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote... |
| CVE-2024-33298 | 2025-01-10 | Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a... |
| CVE-2024-33299 | 2025-01-10 | Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote... |
| CVE-2024-54687 | 2025-01-10 | Vtiger CRM v.6.1 and before is vulnerable to Cross Site... |
| CVE-2024-54846 | 2025-01-10 | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to... |
| CVE-2024-54847 | 2025-01-10 | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to... |
| CVE-2024-54848 | 2025-01-10 | Improper handling and storage of certificates in CP Plus CP-VNR-3104... |
| CVE-2024-54849 | 2025-01-10 | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to... |
| CVE-2024-54910 | 2025-01-10 | Hasleo Backup Suite Free v4.9.4 and before is vulnerable to... |
| CVE-2024-54994 | 2025-01-10 | MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities... |
| CVE-2024-54996 | 2025-01-10 | MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection... |
| CVE-2024-54997 | 2025-01-10 | MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection... |
| CVE-2024-54998 | 2025-01-10 | MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection... |
| CVE-2024-57211 | 2025-01-10 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection... |
| CVE-2024-57212 | 2025-01-10 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection... |
| CVE-2024-57213 | 2025-01-10 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection... |
| CVE-2024-57214 | 2025-01-10 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection... |
| CVE-2024-57222 | 2025-01-10 | Linksys E7350 1.1.00.032 was discovered to contain a command injection... |
| CVE-2024-57223 | 2025-01-10 | Linksys E7350 1.1.00.032 was discovered to contain a command injection... |
| CVE-2024-57224 | 2025-01-10 | Linksys E7350 1.1.00.032 was discovered to contain a command injection... |
| CVE-2024-57225 | 2025-01-10 | Linksys E7350 1.1.00.032 was discovered to contain a command injection... |
| CVE-2024-57226 | 2025-01-10 | Linksys E7350 1.1.00.032 was discovered to contain a command injection... |
| CVE-2024-57227 | 2025-01-10 | Linksys E7350 1.1.00.032 was discovered to contain a command injection... |
| CVE-2024-57228 | 2025-01-10 | Linksys E7350 1.1.00.032 was discovered to contain a command injection... |
| CVE-2024-57687 | 2025-01-10 | An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in... |
| CVE-2024-57822 | 2025-01-10 | In Raptor RDF Syntax Library through 2.0.16, there is a... |
| CVE-2024-57823 | 2025-01-10 | In Raptor RDF Syntax Library through 2.0.16, there is an... |
| CVE-2025-22946 | 2025-01-10 | Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability... |
| CVE-2025-22949 | 2025-01-10 | Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection... |
| CVE-2025-23110 | 2025-01-10 | An issue was discovered in REDCap 14.9.6. A Reflected cross-site... |
| CVE-2025-23111 | 2025-01-10 | An issue was discovered in REDCap 14.9.6. It allows HTML... |
| CVE-2025-23112 | 2025-01-10 | An issue was discovered in REDCap 14.9.6. A stored cross-site... |
| CVE-2025-23113 | 2025-01-10 | An issue was discovered in REDCap 14.9.6. It has an... |
| CVE-2024-46210 | 2025-01-10 | An arbitrary file upload vulnerability in the MediaPool module of... |
| CVE-2024-50807 | 2025-01-10 | Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting... |
| CVE-2024-57686 | 2025-01-10 | A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php... |
| CVE-2025-23016 | 2025-01-10 | FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer... |
| CVE-2025-23022 | 2025-01-10 | FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in... |
| CVE-2024-12606 | 2025-01-10 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-12473 | 2025-01-10 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.3 - Authenticated (Contributor+) SQL Injection |
| CVE-2025-0311 | 2025-01-10 | Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget |
| CVE-2024-13183 | 2025-01-10 | Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter |
| CVE-2024-13318 | 2025-01-10 | Essential WP Real Estate <= 1.1.3 - Missing Authorization to Arbitrary Post/Page Deletion |
| CVE-2024-41787 | 2025-01-10 | IBM Engineering Requirements Management DOORS Next code execution |
| CVE-2024-56511 | 2025-01-10 | DataEase has an unauthorized vulnerability |
| CVE-2025-22152 | 2025-01-10 | Improper Path Validation Enables Path Traversal in Multiple Components in Atheos |
| CVE-2025-22596 | 2025-01-10 | WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint 'modulos_visiveis.php' parameter'msg_c' |
| CVE-2025-22597 | 2025-01-10 | WeGIA has a Cross-Site Scripting (XSS) Stored endpoint 'CobrancaController.php' parameter 'local_recepcao' |
| CVE-2025-22598 | 2025-01-10 | WeGIA has a Cross-Site Scripting (XSS) Stored endpoint 'cadastrarSocio.php' parameter 'nome' |
| CVE-2025-22599 | 2025-01-10 | WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `home.php` parameter `msg_c` |
| CVE-2025-22600 | 2025-01-10 | WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `configuracao_doacao.php` parameter `avulso` |
| CVE-2024-6662 | 2025-01-10 | CSRF in MegaBIP |
| CVE-2024-6880 | 2025-01-10 | CSRF in MegaBIP |
| CVE-2025-23078 | 2025-01-10 | XSS in BreadCrumbs2 |
| CVE-2025-23079 | 2025-01-10 | XSSes in Extension:ArticleFeedbackv5 |
| CVE-2024-12847 | 2025-01-10 | NETGEAR DGN setup.cgi OS Command Injection |
| CVE-2024-6437 | 2025-01-10 | On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options ma |
| CVE-2024-7095 | 2025-01-10 | On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being term |
| CVE-2024-5872 | 2025-01-10 | On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc. |
| CVE-2024-7142 | 2025-01-10 | On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them |
| CVE-2024-9131 | 2025-01-10 | A user with administrator privileges can perform command injection |
| CVE-2024-9132 | 2025-01-10 | The administrator is able to configure an insecure captive portal script |
| CVE-2024-9133 | 2025-01-10 | A user with administrator privileges is able to retrieve authentication tokens |
| CVE-2024-9134 | 2025-01-10 | Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. |
| CVE-2024-47517 | 2025-01-10 | Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access |
| CVE-2024-47518 | 2025-01-10 | Specially constructed queries targeting ETM could discover active remote access sessions |
| CVE-2024-47519 | 2025-01-10 | Backup uploads to ETM subject to man-in-the-middle interception |
| CVE-2024-47520 | 2025-01-10 | A user with advanced report application access rights can perform actions for which they are not authorized |
| CVE-2024-9188 | 2025-01-10 | Specially constructed queries cause cross platform scripting leaking administrator tokens |
| CVE-2024-12404 | 2025-01-11 | CF Internal Link Shortcode <= 1.1.0 - Unauthenticated SQL Injection |
| CVE-2024-12472 | 2025-01-11 | Post Duplicator <= 2.36 - Authenticated (Contributor+) Protected Post Disclosure |
| CVE-2024-12627 | 2025-01-11 | Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-12505 | 2025-01-11 | Trackserver <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11327 | 2025-01-11 | ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Reflected Cross-Site Scripting |
| CVE-2024-12204 | 2025-01-11 | Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization |
| CVE-2024-42168 | 2025-01-11 | HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability |
| CVE-2024-42169 | 2025-01-11 | HCL MyXalytics is affected by insecure direct object references |
| CVE-2025-0103 | 2025-01-11 | Expedition: SQL Injection Vulnerability |
| CVE-2025-0104 | 2025-01-11 | Expedition: Cross-Site Scripting (XSS) Vulnerability |
| CVE-2025-0105 | 2025-01-11 | Expedition: Arbitrary File Deletion Vulnerability |
| CVE-2025-0106 | 2025-01-11 | Expedition: Wildcard Expansion Vulnerability |
| CVE-2025-0107 | 2025-01-11 | Expedition: OS Command Injection Vulnerability |
| CVE-2024-12304 | 2025-01-11 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.4.2 - Authenticated (contributor+) Stored Cross-Site Scripting via Button Link |
| CVE-2025-23108 | 2025-01-11 | Opening Javascript links in a new tab via long-press in... |
| CVE-2025-23109 | 2025-01-11 | Long hostnames in URLs could be leveraged to obscure the... |