CVE List - 2025 / January
Showing 1501 - 1600 of 4274 CVEs for January 2025 (Page 16 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-56138 | 2025-01-13 | Timestamp signature generation lacks certificate revocation check in notion-go |
| CVE-2024-51491 | 2025-01-13 | Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go |
| CVE-2024-11128 | 2025-01-13 | Insufficient Hardened Runtime or Library Validation signing in Bitdefender Virus Scanner for macOS |
| CVE-2024-11396 | 2025-01-13 | Event monster <= 1.4.3 - Information Exposure Via Visitors List Export |
| CVE-2025-23037 | 2025-01-13 | Cross-Site Scripting (XSS) Stored endpoint 'control.php' parameter 'cargo' in WeGIA |
| CVE-2025-23036 | 2025-01-13 | Cross-Site Scripting (XSS) Reflected endpoint 'pre_cadastro_funcionario.php' parameter 'msg_e' in WeGIA |
| CVE-2025-23035 | 2025-01-13 | Cross-Site Scripting (XSS) Stored endpoint 'adicionar_tipo_quadro_horario.php' parameter 'tipo' in WeGIA |
| CVE-2025-23034 | 2025-01-13 | Cross-Site Scripting (XSS) Reflected endpoint 'tags.php' parameter 'msg_e' in WeGIA |
| CVE-2025-23033 | 2025-01-13 | Cross-Site Scripting (XSS) Stored endpoint 'adicionar_situacao.php' parameter 'situacao' in WeGIA |
| CVE-2025-23032 | 2025-01-13 | Cross-Site Scripting (XSS) Stored endpoint 'adicionar_escala.php' parameter 'escala' in WeGIA |
| CVE-2025-23031 | 2025-01-13 | Cross-Site Scripting (XSS) Stored endpoint 'adicionar_alergia.php' parameter 'nome' in WeGIA |
| CVE-2025-23030 | 2025-01-13 | Cross-Site Scripting (XSS) Reflected endpoint 'cadastro_funcionario.php' parameter 'cpf' in WeGIA |
| CVE-2025-23038 | 2025-01-13 | Cross-Site Scripting (XSS) Stored endpoint 'remuneracao.php ' parameter 'descricao' in WeGIA |
| CVE-2024-50857 | 2025-01-14 | The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to... |
| CVE-2024-50858 | 2025-01-14 | Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification,... |
| CVE-2024-50859 | 2025-01-14 | The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the... |
| CVE-2024-50861 | 2025-01-14 | The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers... |
| CVE-2024-53563 | 2025-01-14 | A stored cross-site scripting (XSS) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. |
| CVE-2024-55000 | 2025-01-14 | Sourcecodester House Rental Management system v1.0 is vulnerable to Cross Site Scripting (XSS) in rental/manage_categories.php. |
| CVE-2024-57615 | 2025-01-14 | An issue in the BATcalcbetween_intern component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57616 | 2025-01-14 | An issue in the vscanf component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57617 | 2025-01-14 | An issue in the dameraulevenshtein component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57618 | 2025-01-14 | An issue in the bind_col_exp component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57619 | 2025-01-14 | An issue in the atom_get_int component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57620 | 2025-01-14 | An issue in the trimchars component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57621 | 2025-01-14 | An issue in the GDKanalytical_correlation component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57622 | 2025-01-14 | An issue in the exp_bin component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57623 | 2025-01-14 | An issue in the HEAP_malloc component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57624 | 2025-01-14 | An issue in the exp_atom component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57625 | 2025-01-14 | An issue in the merge_table_prune_and_unionize component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57626 | 2025-01-14 | An issue in the mat_join2 component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57627 | 2025-01-14 | An issue in the gc_col component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57628 | 2025-01-14 | An issue in the exp_values_set_supertype component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57629 | 2025-01-14 | An issue in the tail_type component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57630 | 2025-01-14 | An issue in the exps_card component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57631 | 2025-01-14 | An issue in the exp_ref component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57632 | 2025-01-14 | An issue in the is_column_unique component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57633 | 2025-01-14 | An issue in the exps_bind_column component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57634 | 2025-01-14 | An issue in the exp_copy component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57635 | 2025-01-14 | An issue in the chash_array component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57636 | 2025-01-14 | An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57637 | 2025-01-14 | An issue in the dfe_unit_gb_dependant component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57638 | 2025-01-14 | An issue in the dfe_body_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57639 | 2025-01-14 | An issue in the dc_elt_size component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57640 | 2025-01-14 | An issue in the dc_add_int component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57641 | 2025-01-14 | An issue in the sqlexp component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57642 | 2025-01-14 | An issue in the dfe_inx_op_col_def_table component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57643 | 2025-01-14 | An issue in the box_deserialize_string component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57644 | 2025-01-14 | An issue in the itc_hash_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57645 | 2025-01-14 | An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57646 | 2025-01-14 | An issue in the psiginfo component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57647 | 2025-01-14 | An issue in the row_insert_cast component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57648 | 2025-01-14 | An issue in the itc_set_param_row component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57649 | 2025-01-14 | An issue in the qst_vec_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57650 | 2025-01-14 | An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57651 | 2025-01-14 | An issue in the jp_add component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57652 | 2025-01-14 | An issue in the numeric_to_dv component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57654 | 2025-01-14 | An issue in the qst_vec_get_int64 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57659 | 2025-01-14 | An issue in the sqlg_parallel_ts_seq component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57661 | 2025-01-14 | An issue in the sqlo_df component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2025-22996 | 2025-01-14 | A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2025-22997 | 2025-01-14 | A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2024-42911 | 2025-01-14 | ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability. |
| CVE-2024-48760 | 2025-01-14 | An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original... |
| CVE-2024-53561 | 2025-01-14 | A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request. |
| CVE-2024-54730 | 2025-01-14 | Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function. |
| CVE-2024-56374 | 2025-01-14 | An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead... |
| CVE-2024-57471 | 2025-01-14 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause... |
| CVE-2024-57473 | 2025-01-14 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the... |
| CVE-2024-57479 | 2025-01-14 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the... |
| CVE-2024-57480 | 2025-01-14 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote... |
| CVE-2024-57482 | 2025-01-14 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause... |
| CVE-2024-57483 | 2025-01-14 | Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function. |
| CVE-2024-57653 | 2025-01-14 | An issue in the qst_vec_set_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57655 | 2025-01-14 | An issue in the dfe_n_in_order component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57656 | 2025-01-14 | An issue in the sqlc_add_distinct_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57657 | 2025-01-14 | An issue in the sqlg_vec_upd component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57658 | 2025-01-14 | An issue in the sql_tree_hash_1 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57660 | 2025-01-14 | An issue in the sqlo_expand_jts component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57662 | 2025-01-14 | An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57663 | 2025-01-14 | An issue in the sqlg_place_dpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57664 | 2025-01-14 | An issue in the sqlg_group_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2024-57757 | 2025-01-14 | JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava. |
| CVE-2024-57760 | 2025-01-14 | JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java. |
| CVE-2024-57761 | 2025-01-14 | An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-57762 | 2025-01-14 | MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file. |
| CVE-2024-57763 | 2025-01-14 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField. |
| CVE-2024-57764 | 2025-01-14 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add. |
| CVE-2024-57765 | 2025-01-14 | MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list. |
| CVE-2024-57766 | 2025-01-14 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField. |
| CVE-2024-57767 | 2025-01-14 | MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. |
| CVE-2025-22983 | 2025-01-14 | An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. |
| CVE-2025-22984 | 2025-01-14 | An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. |
| CVE-2025-23018 | 2025-01-14 | IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via... |
| CVE-2025-23019 | 2025-01-14 | IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface. |
| CVE-2025-0053 | 2025-01-14 | Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2025-0055 | 2025-01-14 | Information Disclosure vulnerability in SAP GUI for Windows |
| CVE-2025-0056 | 2025-01-14 | Information Disclosure vulnerability in SAP GUI for Java |
| CVE-2025-0057 | 2025-01-14 | Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application) |
| CVE-2025-0058 | 2025-01-14 | Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow |