CVE List - 2025 / January
Showing 2801 - 2900 of 4277 CVEs for January 2025 (Page 29 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-0615 | 2025-01-21 | Input validation vulnerability in Qualifio's Wheel of Fortune |
| CVE-2024-57930 | 2025-01-21 | tracing: Have process_string() also allow arrays |
| CVE-2024-57931 | 2025-01-21 | selinux: ignore unknown extended permissions |
| CVE-2024-57932 | 2025-01-21 | gve: guard XDP xmit NDO on existence of xdp queues |
| CVE-2024-57933 | 2025-01-21 | gve: guard XSK operations on the existence of queues |
| CVE-2024-57934 | 2025-01-21 | fgraph: Add READ_ONCE() when accessing fgraph_array[] |
| CVE-2024-57935 | 2025-01-21 | RDMA/hns: Fix accessing invalid dip_ctx during destroying QP |
| CVE-2024-57936 | 2025-01-21 | RDMA/bnxt_re: Fix max SGEs for the Work Request |
| CVE-2024-57938 | 2025-01-21 | net/sctp: Prevent autoclose integer overflow in sctp_association_init() |
| CVE-2024-57939 | 2025-01-21 | riscv: Fix sleeping in invalid context in die() |
| CVE-2024-57940 | 2025-01-21 | exfat: fix the infinite loop in exfat_readdir() |
| CVE-2024-57941 | 2025-01-21 | netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled |
| CVE-2024-57942 | 2025-01-21 | netfs: Fix ceph copy to cache on write-begin |
| CVE-2024-57943 | 2025-01-21 | exfat: fix the new buffer was not zeroed before writing |
| CVE-2024-57944 | 2025-01-21 | iio: adc: ti-ads1298: Add NULL check in ads1298_init |
| CVE-2024-57945 | 2025-01-21 | riscv: mm: Fix the out of bound issue of vmemmap address |
| CVE-2025-21656 | 2025-01-21 | hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur |
| CVE-2025-21657 | 2025-01-21 | sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass() |
| CVE-2025-21658 | 2025-01-21 | btrfs: avoid NULL pointer dereference if no valid extent tree |
| CVE-2025-21659 | 2025-01-21 | netdev: prevent accessing NAPI instances from another namespace |
| CVE-2025-21660 | 2025-01-21 | ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked |
| CVE-2025-21661 | 2025-01-21 | gpio: virtuser: fix missing lookup table cleanups |
| CVE-2025-21662 | 2025-01-21 | net/mlx5: Fix variable not being completed when function returns |
| CVE-2025-21663 | 2025-01-21 | net: stmmac: dwmac-tegra: Read iommu stream id from device tree |
| CVE-2025-21664 | 2025-01-21 | dm thin: make get_first_thin use rcu-safe list first function |
| CVE-2024-57946 | 2025-01-21 | virtio-blk: don't keep queue frozen during system suspend |
| CVE-2024-49300 | 2025-01-21 | WordPress Hero Menu plugin <= 1.16.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49303 | 2025-01-21 | WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability |
| CVE-2024-49333 | 2025-01-21 | WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability |
| CVE-2024-49655 | 2025-01-21 | WordPress ARPrice plugin <= 4.0.3 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-49666 | 2025-01-21 | WordPress ARPrice plugin <= 4.0.3 - SQL Injection vulnerability |
| CVE-2024-49688 | 2025-01-21 | WordPress ARPrice plugin <= 4.0.3 - Unauthenticated PHP Object Injection vulnerability |
| CVE-2024-49699 | 2025-01-21 | WordPress ARPrice plugin <= 4.0.3 - PHP Object Injection vulnerability |
| CVE-2024-49700 | 2025-01-21 | WordPress ARPrice plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51818 | 2025-01-21 | WordPress Fancy Product Designer plugin <= 6.4.3 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-51888 | 2025-01-21 | WordPress Homey Login Register Plugin <= 2.4.0 - Privilege Escalation vulnerability |
| CVE-2024-51919 | 2025-01-21 | WordPress Fancy Product Designer plugin <= 6.4.3 - Unauthenticated Arbitrary File Upload vulnerability |
| CVE-2024-56277 | 2025-01-21 | WordPress Poll Maker Plugin < 5.5.5 - HTML Injection vulnerability |
| CVE-2025-22311 | 2025-01-21 | WordPress Private Messages for UserPro plugin <= 4.10.0 - Local File Inclusion vulnerability |
| CVE-2025-22318 | 2025-01-21 | WordPress Standard Box Sizes plugin <= 1.6.13 - Broken Access Control vulnerability |
| CVE-2025-22322 | 2025-01-21 | WordPress Private Messages for UserPro plugin <= 4.10.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22553 | 2025-01-21 | WordPress Multiple Carousel Plugin <= 2.0 - SQL Injection vulnerability |
| CVE-2025-22735 | 2025-01-21 | WordPress Tag Cloud Plugin - Tag Groups plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22763 | 2025-01-21 | WordPress Brizy Pro Plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32555 | 2025-01-21 | WordPress Easy Real Estate plugin <= 2.2.6 - Privilege Escalation vulnerability |
| CVE-2025-22262 | 2025-01-21 | WordPress Bonjour Bar plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22706 | 2025-01-21 | WordPress Social Pug: Author Box plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22709 | 2025-01-21 | WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22710 | 2025-01-21 | WordPress Smart Manager Plugin <= 8.52.0 - SQL Injection vulnerability |
| CVE-2025-22711 | 2025-01-21 | WordPress Image Source Control Lite Plugin <= 2.29.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22716 | 2025-01-21 | WordPress Taskbuilder Plugin <= 3.0.6 - SQL Injection vulnerability |
| CVE-2025-22717 | 2025-01-21 | WordPress My Tickets plugin <= 2.0.9 - Broken Access Control vulnerability |
| CVE-2025-22718 | 2025-01-21 | WordPress FAT Event Lite plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22719 | 2025-01-21 | WordPress VikAppointments Services Booking Calendar plugin <= 1.2.16 - CSRF to Stored XSS vulnerability |
| CVE-2025-22723 | 2025-01-21 | WordPress Barcode Scanner and Inventory manager plugin <= 1.6.7 - Arbitrary File Upload vulnerability |
| CVE-2025-22727 | 2025-01-21 | WordPress MailChimp Subscribe Form plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22732 | 2025-01-21 | WordPress Ad Blocking Detector plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22733 | 2025-01-21 | WordPress My auctions allegro Plugin <= 3.6.18 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22825 | 2025-01-21 | WordPress Flexible PDF Coupons plugin < 1.10.3 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23997 | 2025-01-21 | WordPress Tamara Checkout plugin <= 1.9.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23998 | 2025-01-21 | WordPress UltraLight theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24001 | 2025-01-21 | WordPress PPO Call To Actions plugin <= 0.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-53829 | 2025-01-21 | Cross-Site Request Forgery in CodeChecker API |
| CVE-2025-0377 | 2025-01-21 | HashiCorp go-slug Vulnerable to Zip Slip Attack |
| CVE-2025-24011 | 2025-01-21 | Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes |
| CVE-2025-24012 | 2025-01-21 | Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability |
| CVE-2025-24017 | 2025-01-21 | YesWiki Vulnerable to Unauthenticated DOM Based XSS |
| CVE-2024-45687 | 2025-01-21 | HTTP Server incorrectly accepting disallowed characters within header values |
| CVE-2025-24018 | 2025-01-21 | YesWiki Vulnerable to Authenticated Stored XSS |
| CVE-2025-23454 | 2025-01-21 | WordPress Nature FlipBook WordPress Plugin plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23461 | 2025-01-21 | WordPress Social2Blog plugin <= 0.2.990 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23477 | 2025-01-21 | WordPress Realty Workstation plugin <= 1.0.45 - Broken Access Control vulnerability |
| CVE-2025-23489 | 2025-01-21 | WordPress WP-Announcements plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23551 | 2025-01-21 | WordPress SexBundle plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23580 | 2025-01-21 | WordPress BizLibrary plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22267 | 2025-01-21 | WordPress Weaver Themes Shortcode Compatibility Plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22276 | 2025-01-21 | WordPress Related Post Shortcode Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22661 | 2025-01-21 | WordPress Online Payments plugin <= 3.20.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22721 | 2025-01-21 | WordPress ApplyOnline plugin <= 2.6.7.1 - Broken Access Control vulnerability |
| CVE-2025-22722 | 2025-01-21 | WordPress Widget Options plugin <= 4.0.8 - Broken Access Control to Notice Dimissal vulnerability |
| CVE-2025-23994 | 2025-01-21 | WordPress Estatebud – Properties & Listings plugin <= 5.5.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23996 | 2025-01-21 | WordPress AnyRoad plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24456 | 2025-01-21 | In JetBrains Hub before 2024.3.55417 privilege escalation was possible via... |
| CVE-2025-24457 | 2025-01-21 | In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed... |
| CVE-2025-24458 | 2025-01-21 | In JetBrains YouTrack before 2024.3.55417 account takeover was possible via... |
| CVE-2025-24459 | 2025-01-21 | In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on... |
| CVE-2025-24460 | 2025-01-21 | In JetBrains TeamCity before 2024.12.1 improper access control allowed to... |
| CVE-2025-24461 | 2025-01-21 | In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without... |
| CVE-2025-24019 | 2025-01-21 | YesWiki vulnerable to authenticated arbitrary file deletion |
| CVE-2025-22150 | 2025-01-21 | Undici Uses Insufficiently Random Values |
| CVE-2025-24020 | 2025-01-21 | WeGIA Open Redirect vulnerability |
| CVE-2025-23369 | 2025-01-21 | Improper Verification of Cryptographic Signature in GitHub Enterprise Server Allows Signature Spoofing by Improper Validation |
| CVE-2025-24024 | 2025-01-21 | Mjolnir v1.9.0 accepts commands from any room |
| CVE-2024-21245 | 2025-01-21 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle... |
| CVE-2025-21489 | 2025-01-21 | Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle... |
| CVE-2025-21490 | 2025-01-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component:... |
| CVE-2025-21491 | 2025-01-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component:... |
| CVE-2025-21492 | 2025-01-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component:... |
| CVE-2025-21493 | 2025-01-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component:... |
| CVE-2025-21494 | 2025-01-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component:... |