CVE List - 2025 / January
Showing 1401 - 1500 of 4277 CVEs for January 2025 (Page 15 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-0401 | 2025-01-12 | 1902756969 reggie CommonController.java download path traversal |
| CVE-2025-0402 | 2025-01-12 | 1902756969 reggie CommonController.java upload unrestricted upload |
| CVE-2023-42230 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross... |
| CVE-2023-42233 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross... |
| CVE-2023-42244 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM)... |
| CVE-2023-42245 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross... |
| CVE-2023-42246 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross... |
| CVE-2023-42247 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross... |
| CVE-2023-42249 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross... |
| CVE-2023-42250 | 2025-01-13 | Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross... |
| CVE-2024-44771 | 2025-01-13 | BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS)... |
| CVE-2024-46310 | 2025-01-13 | Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows... |
| CVE-2024-46479 | 2025-01-13 | Venki Supravizio BPM through 18.0.1 was discovered to contain an... |
| CVE-2024-46480 | 2025-01-13 | An NTLM hash leak in Venki Supravizio BPM up to... |
| CVE-2024-46481 | 2025-01-13 | The login page of Venki Supravizio BPM up to 18.1.1... |
| CVE-2024-46919 | 2025-01-13 | An issue was discovered in Samsung Mobile Processor Exynos 9820,... |
| CVE-2024-46920 | 2025-01-13 | An issue was discovered in Samsung Mobile Processor Exynos 9820,... |
| CVE-2024-48883 | 2025-01-13 | An issue was discovered in Samsung Mobile Processor, Wearable Processor,... |
| CVE-2024-54999 | 2025-01-13 | MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability... |
| CVE-2024-57487 | 2025-01-13 | In Code-Projects Online Car Rental System 1.0, the file upload... |
| CVE-2024-57488 | 2025-01-13 | Code-Projects Online Car Rental System 1.0 is vulnerable to Cross... |
| CVE-2024-57811 | 2025-01-13 | In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an... |
| CVE-2025-22963 | 2025-01-13 | Teedy through 1.11 allows CSRF for account takeover via POST... |
| CVE-2023-42225 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory... |
| CVE-2023-42226 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory... |
| CVE-2023-42227 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory... |
| CVE-2023-42228 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect... |
| CVE-2023-42229 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory... |
| CVE-2023-42231 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect... |
| CVE-2023-42232 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory... |
| CVE-2023-42234 | 2025-01-13 | Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross... |
| CVE-2023-42235 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM)... |
| CVE-2023-42236 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM)... |
| CVE-2023-42237 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM)... |
| CVE-2023-42238 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM)... |
| CVE-2023-42239 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM)... |
| CVE-2023-42240 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM)... |
| CVE-2023-42241 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM)... |
| CVE-2023-42242 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM)... |
| CVE-2023-42243 | 2025-01-13 | In Selesta Visual Access Manager < 4.42.2, an authenticated user... |
| CVE-2023-42248 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM)... |
| CVE-2024-46921 | 2025-01-13 | An issue was discovered in Samsung Mobile Processor and Modem... |
| CVE-2025-0403 | 2025-01-13 | 1902756969 reggie Phone Number Validation sendMsg information disclosure |
| CVE-2025-0404 | 2025-01-13 | liujianview gymxmjpa CoachController.java CoachController sql injection |
| CVE-2025-0405 | 2025-01-13 | liujianview gymxmjpa GoodsController.java GoodsDaoImpl sql injection |
| CVE-2025-0406 | 2025-01-13 | liujianview gymxmjpa SubjectController.java SubjectDaoImpl sql injection |
| CVE-2025-0407 | 2025-01-13 | liujianview gymxmjpa EquipmentController.java EquipmentDaoImpl sql injection |
| CVE-2025-0408 | 2025-01-13 | liujianview gymxmjpa LoosController.java LoosDaoImpl sql injection |
| CVE-2025-0409 | 2025-01-13 | liujianview gymxmjpa MembertypeController.java MembertypeDaoImpl sql injection |
| CVE-2025-0410 | 2025-01-13 | liujianview gymxmjpa MenberConntroller.java MenberDaoInpl sql injection |
| CVE-2025-0412 | 2025-01-13 | Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2024-11636 | 2025-01-13 | Email Subscribers < 5.7.45 - Admin+ Stored XSS |
| CVE-2024-12274 | 2025-01-13 | BookingPress < 1.1.23 - Unauthenticated Export File Download |
| CVE-2024-12566 | 2025-01-13 | Email Subscribers < 5.7.45 - Admin+ Stored XSS |
| CVE-2024-12567 | 2025-01-13 | Email Subscribers < 5.7.45 - Admin+ Stored XSS |
| CVE-2024-12568 | 2025-01-13 | Email Subscribers < 5.7.45 - Admin+ Stored XSS |
| CVE-2024-47897 | 2025-01-13 | GPU DDK - PVRSRVRGXGetEnabledHWPerfBlocksKM off-by-one OOB write |
| CVE-2024-47894 | 2025-01-13 | GPU DDK - Out of bounds read into fwlog due to unchecked loop bounds |
| CVE-2024-47895 | 2025-01-13 | GPU DDK - OOB read into fwlog due to unchecked block count |
| CVE-2024-52935 | 2025-01-13 | GPU DDK - psContext->eDM gives OOB write |
| CVE-2024-52936 | 2025-01-13 | GPU DDK - rgxfw_hwperf_config OOB read & write |
| CVE-2024-52937 | 2025-01-13 | GPU DDK - rgxfw_kernel_CMD_DISABLE_ZSSTORE OOB write via ui32WriteOffsetOfDisableZSStore |
| CVE-2024-52938 | 2025-01-13 | GPU DDK - rgxfw_pm_add_freelist_for_reconstruction OOB write |
| CVE-2025-22828 | 2025-01-13 | Apache CloudStack: Unauthorised access to annotations |
| CVE-2025-22777 | 2025-01-13 | WordPress GiveWP Plugin <= 3.19.3 - PHP Object Injection vulnerability |
| CVE-2025-22588 | 2025-01-13 | WordPress Scanventory Plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22586 | 2025-01-13 | WordPress WPEX Replace DB Urls Plugin <= 0.4.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22583 | 2025-01-13 | WordPress Scan External Links Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22576 | 2025-01-13 | WordPress Site PIN Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22570 | 2025-01-13 | WordPress Inline Tweets plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22569 | 2025-01-13 | WordPress Featured Page Widget Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22568 | 2025-01-13 | WordPress Post And Page Reactions Plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22567 | 2025-01-13 | WordPress TRUSTist REVIEWer Plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22514 | 2025-01-13 | WordPress Axact Author List Widget Plugin <= 3.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22506 | 2025-01-13 | WordPress Smart Agenda Plugin <= 4.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-22499 | 2025-01-13 | WordPress F4 Post Tree Plugin <= 1.1.18 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22498 | 2025-01-13 | WordPress LucidLMS plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22344 | 2025-01-13 | WordPress Media Category Library plugin <= 2.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22337 | 2025-01-13 | WordPress Order Audit Log for WooCommerce plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22314 | 2025-01-13 | WordPress Food Store plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22800 | 2025-01-13 | WordPress Post SMTP plugin <= 2.9.11 - Broken Access Control vulnerability |
| CVE-2024-56301 | 2025-01-13 | WordPress Distance Based Shipping Calculator Plugin <= 2.0.21 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56065 | 2025-01-13 | WordPress WP2LEADS Plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47796 | 2025-01-13 | An improper array index validation vulnerability exists in the nowindow... |
| CVE-2024-52333 | 2025-01-13 | An improper array index validation vulnerability exists in the determineMinMax... |
| CVE-2024-12211 | 2025-01-13 | Pega Platform versions 8.1 to Infinity 24.2.0 are affected by... |
| CVE-2024-6352 | 2025-01-13 | Malformed packet leads to denial of service in APS layer |
| CVE-2024-5743 | 2025-01-13 | Command Injection Vulnerability |
| CVE-2025-23026 | 2025-01-13 | HTML templates containing Javascript template strings are subject to XSS in jte |
| CVE-2025-23027 | 2025-01-13 | BASEHUB_TOKEN commited in next-forge |
| CVE-2025-22144 | 2025-01-13 | Account Takeover in NamelessMC |
| CVE-2025-22142 | 2025-01-13 | Cross-site Scripting in NamelessMC |
| CVE-2025-22138 | 2025-01-13 | Private categories allow suggested edits to be viewed via the queue in @codidact/qpixel |
| CVE-2025-22134 | 2025-01-13 | heap-buffer-overflow with visual mode in Vim < 9.1.1003 |
| CVE-2025-22619 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_permissoes.php' parameter 'msg_c' |
| CVE-2025-22618 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Stored endpoint 'adicionar_cargo.php' parameter 'cargo' |
| CVE-2025-22617 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_socio.php' parameter 'socio' |
| CVE-2025-22616 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_parentesco_adicionar.php' parameter 'descricao' |
| CVE-2025-22615 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'Cadastro_Atendido.php' parameter 'cpf' |
| CVE-2025-22614 | 2025-01-13 | WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_editarInfoPessoal.php ' parameters 'nome' 'SobrenomeForm' |