CVE List - 2025 / January
Showing 1301 - 1400 of 4277 CVEs for January 2025 (Page 14 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-12587 | 2025-01-11 | Contact Form Master <= 1.0.7 - Reflected XSS |
| CVE-2024-42170 | 2025-01-11 | HCL MyXalytics is affected by a session fixation vulnerability |
| CVE-2024-42171 | 2025-01-11 | HCL MyXalytics is affected by insufficient session expiration |
| CVE-2024-42172 | 2025-01-11 | HCL MyXalytics is affected by broken authentication |
| CVE-2024-42173 | 2025-01-11 | HCL MyXalytics is affected by an improper password policy implementation vulnerability |
| CVE-2024-42174 | 2025-01-11 | HCL MyXalytics is affected by username enumeration vulnerability |
| CVE-2024-42175 | 2025-01-11 | HCL MyXalytics is affected by a weak input validation vulnerability |
| CVE-2024-11758 | 2025-01-11 | WP SPID Italia <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11915 | 2025-01-11 | RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-11874 | 2025-01-11 | Grid Accordion Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12519 | 2025-01-11 | TCBD Auto Refresher <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12116 | 2025-01-11 | Unlimited Theme Addon For Elementor and WooCommerce <= 1.2.1 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-12520 | 2025-01-11 | Dominion – Domain Checker for WPBakery <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12412 | 2025-01-11 | Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting |
| CVE-2024-12877 | 2025-01-11 | GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection |
| CVE-2024-11892 | 2025-01-11 | Accordion Slider Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12527 | 2025-01-11 | Perfect Portal Widgets <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11386 | 2025-01-11 | GatorMail SmartForms <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12407 | 2025-01-11 | Push Notification for Post and BuddyPress <= 2.06 - Reflected Cross-Site Scripting |
| CVE-2025-0390 | 2025-01-11 | Guangzhou Huayi Intelligent Technology Jeewms wmOmNoticeHController.do path traversal |
| CVE-2025-0391 | 2025-01-11 | Guangzhou Huayi Intelligent Technology Jeewms CgFormBuildController. java saveOrUpdate sql injection |
| CVE-2025-0392 | 2025-01-11 | Guangzhou Huayi Intelligent Technology Jeewms graphReportController.do datagridGraph sql injection |
| CVE-2024-41932 | 2025-01-11 | sched: fix warning in sched_setaffinity |
| CVE-2024-41935 | 2025-01-11 | f2fs: fix to shrink read extent node in batches |
| CVE-2024-43098 | 2025-01-11 | i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock |
| CVE-2024-45828 | 2025-01-11 | i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request |
| CVE-2024-47141 | 2025-01-11 | pinmux: Use sequential access to access desc->pinmux data |
| CVE-2024-47143 | 2025-01-11 | dma-debug: fix a possible deadlock on radix_lock |
| CVE-2024-47794 | 2025-01-11 | bpf: Prevent tailcall infinite loop caused by freplace |
| CVE-2024-47809 | 2025-01-11 | dlm: fix possible lkb_resource null dereference |
| CVE-2024-48873 | 2025-01-11 | wifi: rtw89: check return value of ieee80211_probereq_get() for RNR |
| CVE-2024-48875 | 2025-01-11 | btrfs: don't take dev_replace rwsem on task already holding it |
| CVE-2024-48876 | 2025-01-11 | stackdepot: fix stack_depot_save_flags() in NMI context |
| CVE-2024-48881 | 2025-01-11 | bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again |
| CVE-2024-49569 | 2025-01-11 | nvme-rdma: unquiesce admin_q before destroy it |
| CVE-2024-50051 | 2025-01-11 | spi: mpc52xx: Add cancel_work_sync before module remove |
| CVE-2024-52332 | 2025-01-11 | igb: Fix potential invalid memory access in igb_init_module() |
| CVE-2024-53680 | 2025-01-11 | ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() |
| CVE-2024-53682 | 2025-01-11 | regulator: axp20x: AXP717: set ramp_delay |
| CVE-2024-53687 | 2025-01-11 | riscv: Fix IPIs usage in kfence_protect_page() |
| CVE-2024-54191 | 2025-01-11 | Bluetooth: iso: Fix circular lock in iso_conn_big_sync |
| CVE-2024-54460 | 2025-01-11 | Bluetooth: iso: Fix circular lock in iso_listen_bis |
| CVE-2024-54683 | 2025-01-11 | netfilter: IDLETIMER: Fix for possible ABBA deadlock |
| CVE-2024-55639 | 2025-01-11 | net: renesas: rswitch: avoid use-after-put for a device tree node |
| CVE-2024-55641 | 2025-01-11 | xfs: unlock inodes when erroring out of xfs_trans_alloc_dir |
| CVE-2024-55642 | 2025-01-11 | block: Prevent potential deadlocks in zone write plug error recovery |
| CVE-2024-41149 | 2025-01-11 | block: avoid to reuse `hctx` not removed from cpuhp callback list |
| CVE-2024-46896 | 2025-01-11 | drm/amdgpu: don't access invalid sched |
| CVE-2024-47408 | 2025-01-11 | net/smc: check smcd_v2_ext_offset when receiving proposal msg |
| CVE-2024-49568 | 2025-01-11 | net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg |
| CVE-2024-49571 | 2025-01-11 | net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg |
| CVE-2024-49573 | 2025-01-11 | sched/fair: Fix NEXT_BUDDY |
| CVE-2024-51729 | 2025-01-11 | mm: use aligned address in copy_user_gigantic_page() |
| CVE-2024-52319 | 2025-01-11 | mm: use aligned address in clear_gigantic_page() |
| CVE-2024-53685 | 2025-01-11 | ceph: give up on paths longer than PATH_MAX |
| CVE-2024-53690 | 2025-01-11 | nilfs2: prevent use of deleted inode |
| CVE-2024-54193 | 2025-01-11 | accel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal() |
| CVE-2024-54455 | 2025-01-11 | accel/ivpu: Fix general protection fault in ivpu_bo_list() |
| CVE-2024-55881 | 2025-01-11 | KVM: x86: Play nice with protected guests in complete_hypercall_exit() |
| CVE-2024-55916 | 2025-01-11 | Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet |
| CVE-2024-56368 | 2025-01-11 | ring-buffer: Fix overflow in __rb_map_vma |
| CVE-2024-56369 | 2025-01-11 | drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() |
| CVE-2024-56372 | 2025-01-11 | net: tun: fix tun_napi_alloc_frags() |
| CVE-2024-56788 | 2025-01-11 | net: ethernet: oa_tc6: fix tx skb race condition between reference pointers |
| CVE-2024-57791 | 2025-01-11 | net/smc: check return value of sock_recvmsg when draining clc data |
| CVE-2024-57792 | 2025-01-11 | power: supply: gpio-charger: Fix set charge current limits |
| CVE-2024-57793 | 2025-01-11 | virt: tdx-guest: Just leak decrypted memory on unrecoverable errors |
| CVE-2024-57798 | 2025-01-11 | drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() |
| CVE-2024-57799 | 2025-01-11 | phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM |
| CVE-2024-57800 | 2025-01-11 | ALSA: memalloc: prefer dma_mapping_error() over explicit address checking |
| CVE-2024-57804 | 2025-01-11 | scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs |
| CVE-2024-57805 | 2025-01-11 | ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP |
| CVE-2024-57806 | 2025-01-11 | btrfs: fix transaction atomicity bug when enabling simple quotas |
| CVE-2024-57807 | 2025-01-11 | scsi: megaraid_sas: Fix for a potential deadlock |
| CVE-2024-57809 | 2025-01-11 | PCI: imx6: Fix suspend/resume support on i.MX6QDL |
| CVE-2024-57838 | 2025-01-11 | s390/entry: Mark IRQ entries to fix stack depot warnings |
| CVE-2024-57839 | 2025-01-11 | Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" |
| CVE-2024-57843 | 2025-01-11 | virtio-net: fix overflow inside virtnet_rq_alloc |
| CVE-2024-57849 | 2025-01-11 | s390/cpum_sf: Handle CPU hotplug remove during sampling |
| CVE-2024-57850 | 2025-01-11 | jffs2: Prevent rtime decompress memory corruption |
| CVE-2024-57872 | 2025-01-11 | scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() |
| CVE-2024-57874 | 2025-01-11 | arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL |
| CVE-2024-57875 | 2025-01-11 | block: RCU protect disk->conv_zones_bitmap |
| CVE-2024-57876 | 2025-01-11 | drm/dp_mst: Fix resetting msg rx state after topology removal |
| CVE-2024-57877 | 2025-01-11 | arm64: ptrace: fix partial SETREGSET for NT_ARM_POE |
| CVE-2024-57878 | 2025-01-11 | arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR |
| CVE-2024-57879 | 2025-01-11 | Bluetooth: iso: Always release hdev at the end of iso_listen_bis |
| CVE-2024-57880 | 2025-01-11 | ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array |
| CVE-2024-57881 | 2025-01-11 | mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() |
| CVE-2024-49785 | 2025-01-12 | IBM watsonx.ai cross-site scripting |
| CVE-2021-29669 | 2025-01-12 | IBM Jazz Foundation cross-site scripting |
| CVE-2025-0396 | 2025-01-12 | exelban stats XPC Service shouldAcceptNewConnection command injection |
| CVE-2025-0397 | 2025-01-12 | reckcn SPPanAdmin edit cross site scripting |
| CVE-2024-51456 | 2025-01-12 | IBM Robotic Process Automation information disclosure |
| CVE-2025-0398 | 2025-01-12 | longpi1 warehouse Backend updateInport cross site scripting |
| CVE-2024-42179 | 2025-01-12 | HCL MyXalytics is affected by sensitive information disclosure vulnerability |
| CVE-2024-42180 | 2025-01-12 | HCL MyXalytics is affected by a malicious file upload vulnerability |
| CVE-2024-42181 | 2025-01-12 | HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability |
| CVE-2025-0399 | 2025-01-12 | StarSea99 starsea-mall uploadController.java UploadController unrestricted upload |
| CVE-2025-0400 | 2025-01-12 | StarSea99 starsea-mall update cross site scripting |