CVE List - 2025 / January
Showing 2001 - 2100 of 4277 CVEs for January 2025 (Page 21 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-39967 | 2025-01-15 | Insecure permissions in Aginode GigaSwitch v5 allows attackers to access... |
| CVE-2024-41454 | 2025-01-15 | An arbitrary file upload vulnerability in the UI login page... |
| CVE-2024-48121 | 2025-01-15 | The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user... |
| CVE-2024-48122 | 2025-01-15 | Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated... |
| CVE-2024-48123 | 2025-01-15 | An issue in the USB Autorun function of HI-SCAN 6040i... |
| CVE-2024-48125 | 2025-01-15 | An issue in the AsDB service of HI-SCAN 6040i Hitrax... |
| CVE-2024-48126 | 2025-01-15 | HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials... |
| CVE-2024-50953 | 2025-01-15 | An issue in XINJE XL5E-16T V3.7.2a allows attackers to cause... |
| CVE-2024-50954 | 2025-01-15 | The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have... |
| CVE-2024-52783 | 2025-01-15 | Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2... |
| CVE-2024-53407 | 2025-01-15 | In Phiewer 4.1.0, a dylib injection leads to Command Execution... |
| CVE-2024-55503 | 2025-01-15 | An issue in termius before v.9.9.0 allows a local attacker... |
| CVE-2024-57011 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command... |
| CVE-2024-57012 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command... |
| CVE-2024-57013 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command... |
| CVE-2024-57014 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command... |
| CVE-2024-57015 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command... |
| CVE-2024-57016 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command... |
| CVE-2024-57017 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command... |
| CVE-2024-57018 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command... |
| CVE-2024-57019 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command... |
| CVE-2024-57020 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command... |
| CVE-2024-57021 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command... |
| CVE-2024-57022 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command... |
| CVE-2024-57726 | 2025-01-15 | SimpleHelp remote support software v5.5.7 and before has a vulnerability... |
| CVE-2024-57727 | 2025-01-15 | SimpleHelp remote support software v5.5.7 and before is vulnerable to... |
| CVE-2024-57728 | 2025-01-15 | SimpleHelp remote support software v5.5.7 and before allows admin users... |
| CVE-2025-22964 | 2025-01-15 | DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated... |
| CVE-2025-22968 | 2025-01-15 | An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker... |
| CVE-2025-22976 | 2025-01-15 | SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker... |
| CVE-2025-23013 | 2025-01-15 | In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes... |
| CVE-2025-0343 | 2025-01-15 | Swift ASN.1 can be caused to crash when parsing certain... |
| CVE-2024-13334 | 2025-01-15 | Car Demon <= 1.8.1 - Reflected Cross-Site Scripting |
| CVE-2025-21101 | 2025-01-15 | Dell Display Manager, versions prior to 2.3.2.20, contain a race... |
| CVE-2025-22394 | 2025-01-15 | Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check... |
| CVE-2024-55577 | 2025-01-15 | Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06 and... |
| CVE-2024-13394 | 2025-01-15 | ViewMedica 9 <= 1.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11870 | 2025-01-15 | Event Registration Calendar By vcita <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-0354 | 2025-01-15 | Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and... |
| CVE-2025-0355 | 2025-01-15 | Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm... |
| CVE-2025-0356 | 2025-01-15 | NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3... |
| CVE-2024-7322 | 2025-01-15 | Dos in ZigBee device due to unsolicited encrypted rejoin response |
| CVE-2024-4227 | 2025-01-15 | gSOAP: Vulnerable to specially crafted unencrypted SDC messages |
| CVE-2024-9636 | 2025-01-15 | Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation |
| CVE-2024-10775 | 2025-01-15 | Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-12423 | 2025-01-15 | Contact Form 7 Redirect & Thank You Page <= 1.0.7 - Reflected Cross-Site Scripting |
| CVE-2024-12403 | 2025-01-15 | Image Gallery – Responsive Photo Gallery <= 1.0.5 - Reflected Cross-Site Scripting |
| CVE-2024-12818 | 2025-01-15 | WP Smart TV <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13351 | 2025-01-15 | Social proof testimonials and reviews by Repuso <= 5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12297 | 2025-01-15 | Frontend Authorization Logic Disclosure Vulnerability |
| CVE-2024-35280 | 2025-01-15 | A improper neutralization of input during web page generation ('cross-site... |
| CVE-2025-0434 | 2025-01-15 | Out of bounds memory access in V8 in Google Chrome... |
| CVE-2025-0435 | 2025-01-15 | Inappropriate implementation in Navigation in Google Chrome on Android prior... |
| CVE-2025-0436 | 2025-01-15 | Integer overflow in Skia in Google Chrome prior to 132.0.6834.83... |
| CVE-2025-0437 | 2025-01-15 | Out of bounds read in Metrics in Google Chrome prior... |
| CVE-2025-0438 | 2025-01-15 | Stack buffer overflow in Tracing in Google Chrome prior to... |
| CVE-2025-0439 | 2025-01-15 | Race in Frames in Google Chrome prior to 132.0.6834.83 allowed... |
| CVE-2025-0440 | 2025-01-15 | Inappropriate implementation in Fullscreen in Google Chrome on Windows prior... |
| CVE-2025-0441 | 2025-01-15 | Inappropriate implementation in Fenced Frames in Google Chrome prior to... |
| CVE-2025-0442 | 2025-01-15 | Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83... |
| CVE-2025-0443 | 2025-01-15 | Insufficient data validation in Extensions in Google Chrome prior to... |
| CVE-2025-0446 | 2025-01-15 | Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83... |
| CVE-2025-0447 | 2025-01-15 | Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83... |
| CVE-2025-0448 | 2025-01-15 | Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83... |
| CVE-2025-0193 | 2025-01-15 | Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series |
| CVE-2024-11848 | 2025-01-15 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2024-12593 | 2025-01-15 | PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode |
| CVE-2024-11851 | 2025-01-15 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update |
| CVE-2024-13215 | 2025-01-15 | Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup |
| CVE-2024-11029 | 2025-01-15 | Freeipa: administrative user data leaked through systemd journal |
| CVE-2024-5198 | 2025-01-15 | OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local... |
| CVE-2024-57882 | 2025-01-15 | mptcp: fix TCP options overflow. |
| CVE-2024-57883 | 2025-01-15 | mm: hugetlb: independent PMD page table shared count |
| CVE-2024-57884 | 2025-01-15 | mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() |
| CVE-2024-57885 | 2025-01-15 | mm/kmemleak: fix sleeping function called from invalid context at print message |
| CVE-2024-57886 | 2025-01-15 | mm/damon/core: fix new damon_target objects leaks on damon_commit_targets() |
| CVE-2024-57887 | 2025-01-15 | drm: adv7511: Fix use-after-free in adv7533_attach_dsi() |
| CVE-2024-57888 | 2025-01-15 | workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker |
| CVE-2024-57889 | 2025-01-15 | pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking |
| CVE-2024-57890 | 2025-01-15 | RDMA/uverbs: Prevent integer overflow issue |
| CVE-2024-57891 | 2025-01-15 | sched_ext: Fix invalid irq restore in scx_ops_bypass() |
| CVE-2024-57892 | 2025-01-15 | ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv |
| CVE-2024-57893 | 2025-01-15 | ALSA: seq: oss: Fix races at processing SysEx messages |
| CVE-2024-57895 | 2025-01-15 | ksmbd: set ATTR_CTIME flags when setting mtime |
| CVE-2024-57896 | 2025-01-15 | btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount |
| CVE-2024-57897 | 2025-01-15 | drm/amdkfd: Correct the migration DMA map direction |
| CVE-2024-57898 | 2025-01-15 | wifi: cfg80211: clear link ID from bitmap during link delete after clean up |
| CVE-2024-57899 | 2025-01-15 | wifi: mac80211: fix mbss changed flags corruption on 32 bit systems |
| CVE-2024-57900 | 2025-01-15 | ila: serialize calls to nf_register_net_hooks() |
| CVE-2024-57901 | 2025-01-15 | af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK |
| CVE-2024-57902 | 2025-01-15 | af_packet: fix vlan_get_tci() vs MSG_PEEK |
| CVE-2024-57903 | 2025-01-15 | net: restrict SO_REUSEPORT to inet sockets |
| CVE-2025-21629 | 2025-01-15 | net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets |
| CVE-2024-36476 | 2025-01-15 | RDMA/rtrs: Ensure 'ib_sge list' is accessible |
| CVE-2024-39282 | 2025-01-15 | net: wwan: t7xx: Fix FSM command timeout issue |
| CVE-2024-53681 | 2025-01-15 | nvmet: Don't overflow subsysnqn |
| CVE-2024-54031 | 2025-01-15 | netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext |
| CVE-2024-57795 | 2025-01-15 | RDMA/rxe: Remove the direct link to net_device |
| CVE-2024-57801 | 2025-01-15 | net/mlx5e: Skip restore TC rules for vport rep without loaded flag |
| CVE-2024-57802 | 2025-01-15 | netrom: check buffer length before accessing it |