CVE List - 2025 / January
Showing 2201 - 2300 of 4277 CVEs for January 2025 (Page 23 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-57771 | 2025-01-16 | A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of... |
| CVE-2024-57772 | 2025-01-16 | A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of... |
| CVE-2024-57773 | 2025-01-16 | A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of... |
| CVE-2024-57774 | 2025-01-16 | A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of... |
| CVE-2024-40513 | 2025-01-16 | An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker... |
| CVE-2024-40514 | 2025-01-16 | Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote... |
| CVE-2024-46450 | 2025-01-16 | Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router... |
| CVE-2024-48460 | 2025-01-16 | An issue in Eugeny Tabby 1.0.213 allows a remote attacker... |
| CVE-2024-50633 | 2025-01-16 | A Broken Object Level Authorization (BOLA) vulnerability in Indico through... |
| CVE-2024-53553 | 2025-01-16 | An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows... |
| CVE-2024-54660 | 2025-01-16 | A JNDI injection issue was discovered in Cloudera JDBC Connector... |
| CVE-2024-55511 | 2025-01-16 | A null pointer dereference vulnerability in Macrium Reflect prior to... |
| CVE-2024-57159 | 2025-01-16 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-57160 | 2025-01-16 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-57161 | 2025-01-16 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-57162 | 2025-01-16 | Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection... |
| CVE-2024-57575 | 2025-01-16 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow... |
| CVE-2024-57579 | 2025-01-16 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow... |
| CVE-2024-57580 | 2025-01-16 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow... |
| CVE-2024-57581 | 2025-01-16 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow... |
| CVE-2024-57582 | 2025-01-16 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow... |
| CVE-2024-57583 | 2025-01-16 | Tenda AC18 V15.03.05.19 was discovered to contain a command injection... |
| CVE-2024-57611 | 2025-01-16 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-57676 | 2025-01-16 | An access control issue in the component form2WlanBasicSetup.cgi of D-Link... |
| CVE-2024-57677 | 2025-01-16 | An access control issue in the component form2Wan.cgi of D-Link... |
| CVE-2024-57678 | 2025-01-16 | An access control issue in the component form2WlAc.cgi of D-Link... |
| CVE-2024-57679 | 2025-01-16 | An access control issue in the component form2RepeaterSetup.cgi of D-Link... |
| CVE-2024-57680 | 2025-01-16 | An access control issue in the component form2PortriggerRule.cgi of D-Link... |
| CVE-2024-57681 | 2025-01-16 | An access control issue in the component form2alg.cgi of D-Link... |
| CVE-2024-57682 | 2025-01-16 | An information disclosure vulnerability in the component d_status.asp of D-Link... |
| CVE-2024-57683 | 2025-01-16 | An access control issue in the component websURLFilterAddDel of D-Link... |
| CVE-2024-57703 | 2025-01-16 | Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by... |
| CVE-2024-57704 | 2025-01-16 | Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by... |
| CVE-2024-57768 | 2025-01-16 | JFinalOA before v2025.01.01 was discovered to contain a SQL injection... |
| CVE-2024-57769 | 2025-01-16 | JFinalOA before v2025.01.01 was discovered to contain a SQL injection... |
| CVE-2024-57770 | 2025-01-16 | JFinalOA before v2025.01.01 was discovered to contain a SQL injection... |
| CVE-2024-57775 | 2025-01-16 | JFinalOA before v2025.01.01 was discovered to contain a SQL injection... |
| CVE-2024-57776 | 2025-01-16 | A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of... |
| CVE-2024-57784 | 2025-01-16 | An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE... |
| CVE-2024-57785 | 2025-01-16 | Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local... |
| CVE-2025-22904 | 2025-01-16 | RE11S v1.11 was discovered to contain a stack overflow via... |
| CVE-2025-22905 | 2025-01-16 | RE11S v1.11 was discovered to contain a command injection vulnerability... |
| CVE-2025-22906 | 2025-01-16 | RE11S v1.11 was discovered to contain a command injection vulnerability... |
| CVE-2025-22907 | 2025-01-16 | RE11S v1.11 was discovered to contain a stack overflow via... |
| CVE-2025-22912 | 2025-01-16 | RE11S v1.11 was discovered to contain a command injection vulnerability... |
| CVE-2025-22913 | 2025-01-16 | RE11S v1.11 was discovered to contain a stack overflow via... |
| CVE-2025-22916 | 2025-01-16 | RE11S v1.11 was discovered to contain a stack overflow via... |
| CVE-2025-0455 | 2025-01-16 | NetVision Information airPASS - SQL injection |
| CVE-2025-0456 | 2025-01-16 | NetVision Information airPASS - Missing Authentication |
| CVE-2025-0457 | 2025-01-16 | NetVision Information airPASS - OS Command Injection |
| CVE-2025-0170 | 2025-01-16 | DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting |
| CVE-2024-10970 | 2025-01-16 | Motors – Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title |
| CVE-2024-11452 | 2025-01-16 | Chamber Dashboard Business Directory <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10789 | 2025-01-16 | WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-12226 | 2025-01-16 | In affected versions of the Octopus Kubernetes worker or agent,... |
| CVE-2024-45331 | 2025-01-16 | A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through... |
| CVE-2024-48885 | 2025-01-16 | A improper limitation of a pathname to a restricted directory... |
| CVE-2024-50563 | 2025-01-16 | A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0... |
| CVE-2024-13387 | 2025-01-16 | WP Responsive Tabs <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13355 | 2025-01-16 | Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting |
| CVE-2024-12614 | 2025-01-16 | Passwords Manager <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key |
| CVE-2024-12615 | 2025-01-16 | Passwords Manager <= 1.4.8 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-12613 | 2025-01-16 | Passwords Manager <= 1.4.8 - Unauthenticated SQL Injection |
| CVE-2024-12427 | 2025-01-16 | Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload |
| CVE-2018-25108 | 2025-01-16 | WAGO: Denial of service in 750-8xx controller due to uncontrolled resource consumption |
| CVE-2025-0471 | 2025-01-16 | Unrestricted Upload of File with Dangerous Type vulnerability in PMB platform |
| CVE-2025-0472 | 2025-01-16 | Information exposure vulnerability in PMB platform |
| CVE-2025-0473 | 2025-01-16 | Incomplete Cleanup vulnerability in PMB platform |
| CVE-2025-0518 | 2025-01-16 | Unchecked sscanf return value which leads to memory data leak |
| CVE-2024-41746 | 2025-01-16 | IBM CICS TX cross-site scripting |
| CVE-2025-20072 | 2025-01-16 | Mobile crash via improper validation of proto style in attachments |
| CVE-2024-37181 | 2025-01-16 | Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software... |
| CVE-2025-20621 | 2025-01-16 | Webapp crash via object that can't be cast to String in Attachment Field |
| CVE-2025-20630 | 2025-01-16 | Mobile crash via object that can't be cast to String in Attachment Field |
| CVE-2024-52594 | 2025-01-16 | Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib |
| CVE-2024-56515 | 2025-01-16 | Untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in Matrix Media Repo |
| CVE-2024-52791 | 2025-01-16 | Denial of service through memory exhaustion in Matrix Media Repo |
| CVE-2024-52602 | 2025-01-16 | Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo |
| CVE-2024-36403 | 2025-01-16 | Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo |
| CVE-2024-36402 | 2025-01-16 | Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo |
| CVE-2024-56136 | 2025-01-16 | /api/v1/jwt/fetch_api_key endpoint can leak if an email address has an account in Zulip server |
| CVE-2024-55954 | 2025-01-16 | OpenObserve Improper Authorization Allows Admin User to Remove Root User |
| CVE-2025-23423 | 2025-01-16 | WordPress SendGrid for WordPress plugin <= 1.4 - Broken Access Control vulnerability |
| CVE-2025-23467 | 2025-01-16 | WordPress RSS News Scroller plugin <= 2.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23470 | 2025-01-16 | WordPress Visit Site Link enhanced plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23432 | 2025-01-16 | WordPress AlT Report plugin <= 1.12.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23463 | 2025-01-16 | WordPress MD Custom content after or before of post plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23483 | 2025-01-16 | WordPress Universal Analytics Injector plugin <= 1.0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23429 | 2025-01-16 | WordPress Altima Lookbook Free for WooCommerce plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23476 | 2025-01-16 | WordPress my-related-posts plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23456 | 2025-01-16 | WordPress EmailShroud plugin <= 2.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23442 | 2025-01-16 | WordPress Shockingly Big IE6 Warning plugin <= 1.6.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23436 | 2025-01-16 | WordPress Wp-Scribd-List plugin <= 1.2 - CSRF to XSS vulnerability |
| CVE-2025-23455 | 2025-01-16 | WordPress WP VTiger Synchronization plugin <= 1.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23430 | 2025-01-16 | WordPress Mass Custom Fields Manager plugin <= 1.5 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23445 | 2025-01-16 | WordPress Easy Tynt plugin <= 0.2.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23453 | 2025-01-16 | WordPress Stars SMTP Mailer plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23426 | 2025-01-16 | WordPress go Social plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23424 | 2025-01-16 | WordPress Marquee Style RSS News Ticker plugin <= 3.2.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23444 | 2025-01-16 | WordPress Scroll Top Advanced plugin <= 2.5 - Stored Cross Site Scripting (XSS) vulnerability |