CVE List - 2025 / January
Showing 201 - 300 of 4277 CVEs for January 2025 (Page 3 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-48758 | 2025-01-02 | WordPress JetEngine plugin <= 3.2.4 - Broken Access Control vulnerability |
| CVE-2024-55538 | 2025-01-02 | Sensitive information disclosure due to missing authentication. The following products... |
| CVE-2024-49385 | 2025-01-02 | Sensitive information disclosure due to insecure folder permissions. The following... |
| CVE-2023-48739 | 2025-01-02 | WordPress Porto Theme Functionality plugin < 2.12.1 - Broken Access Control vulnerability |
| CVE-2023-47807 | 2025-01-02 | WordPress 10WebAnalytics plugin <= 1.2.12 - Broken Access Control vulnerability |
| CVE-2023-47778 | 2025-01-02 | WordPress LuckyWP Scripts Control plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2022-43476 | 2025-01-02 | WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to Broken Access Control |
| CVE-2024-56137 | 2025-01-02 | MaxKB RCE vulnerability in function library |
| CVE-2022-49035 | 2025-01-02 | media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE |
| CVE-2022-41995 | 2025-01-02 | WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Broken Access Control |
| CVE-2023-45633 | 2025-01-02 | WordPress IMPress Listings plugin <= 2.6.2 - Broken Access Control vulnerability |
| CVE-2023-45272 | 2025-01-02 | WordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal Vulnerability |
| CVE-2023-40327 | 2025-01-02 | WordPress Putler Connector for WooCommerce plugin <= 2.12.0 - Unauthenticated Broken Access Control vulnerability |
| CVE-2025-0171 | 2025-01-02 | code-projects Chat System deleteuser.php sql injection |
| CVE-2022-45830 | 2025-01-02 | WordPress Analytify - Google Analytics Dashboard plugin <= 4.2.3 - Privilege Escalation vulnerability |
| CVE-2023-39994 | 2025-01-02 | WordPress ARMember Premium plugin <= 5.9.2 - Broken Access Control |
| CVE-2023-32240 | 2025-01-02 | WordPress Woodmart theme <= 7.2.1 - Broken Access Control vulnerability |
| CVE-2023-23672 | 2025-01-02 | WordPress GiveWP plugin <= 2.25.1 - Arbitrary Content Deletion vulnerability |
| CVE-2022-47601 | 2025-01-02 | WordPress WP Table Manager plugin <= 3.5.2 - Broken Access Control |
| CVE-2022-45811 | 2025-01-02 | WordPress Post Teaser plugin <= 4.1.5 - Auth. Broken Access Control vulnerability |
| CVE-2024-55543 | 2025-01-02 | Local privilege escalation due to DLL hijacking vulnerability. The following... |
| CVE-2024-55540 | 2025-01-02 | Local privilege escalation due to DLL hijacking vulnerability. The following... |
| CVE-2024-56413 | 2025-01-02 | Missing session invalidation after user deletion. The following products are... |
| CVE-2024-56414 | 2025-01-02 | Web installer integrity check used weak hash algorithm. The following... |
| CVE-2024-55542 | 2025-01-02 | Local privilege escalation due to excessive permissions assigned to Tray... |
| CVE-2024-55541 | 2025-01-02 | Stored cross-site scripting (XSS) vulnerability due to missing origin validation... |
| CVE-2025-0172 | 2025-01-02 | code-projects Chat System deleteroom.php sql injection |
| CVE-2024-9950 | 2025-01-02 | Abuse of Unauthenticated Compliance Recheck in SecureConnector |
| CVE-2024-12907 | 2025-01-02 | XSS in Kentico 7 |
| CVE-2024-11716 | 2025-01-02 | While assignment of a user to a team (bracket) in... |
| CVE-2024-11717 | 2025-01-02 | Tokens in CTFd used for account activation and password resetting... |
| CVE-2024-56199 | 2025-01-02 | phpMyFAQ Vulnerable to Stored HTML Injection at FAQ |
| CVE-2025-0173 | 2025-01-02 | SourceCodester Online Eyewear Shop view_order.php sql injection |
| CVE-2024-8447 | 2025-01-02 | Narayana: deadlock via multiple join requests sent to lra coordinator |
| CVE-2024-43077 | 2025-01-02 | In DevmemValidateFlags of devicemem_server.c , there is a possible out... |
| CVE-2024-43097 | 2025-01-02 | In resizeToAtLeast of SkRegion.cpp, there is a possible out of... |
| CVE-2024-43762 | 2025-01-02 | In multiple locations, there is a possible way to avoid... |
| CVE-2024-43764 | 2025-01-02 | In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to... |
| CVE-2024-43767 | 2025-01-02 | In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow... |
| CVE-2024-43768 | 2025-01-02 | In skia_alloc_func of SkDeflate.cpp, there is a possible out of... |
| CVE-2024-43769 | 2025-01-02 | In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case... |
| CVE-2024-35365 | 2025-01-03 | FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c... |
| CVE-2024-36613 | 2025-01-03 | FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of... |
| CVE-2024-48814 | 2025-01-03 | SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker... |
| CVE-2024-55078 | 2025-01-03 | An arbitrary file upload vulnerability in the component /adminUser/updateImg of... |
| CVE-2024-55507 | 2025-01-03 | An issue in CodeAstro Complaint Management System v.1.0 allows a... |
| CVE-2025-22275 | 2025-01-03 | iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers... |
| CVE-2025-22376 | 2025-01-03 | In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl,... |
| CVE-2025-0174 | 2025-01-03 | code-projects Point of Sales and Inventory Management System Parameter search_result2.php sql injection |
| CVE-2025-0175 | 2025-01-03 | code-projects Online Shop view.php cross site scripting |
| CVE-2025-0176 | 2025-01-03 | code-projects Point of Sales and Inventory Management System add_cart.php sql injection |
| CVE-2024-11624 | 2025-01-03 | there is a possible to add apps to bypass VPN... |
| CVE-2024-47032 | 2025-01-03 | In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of... |
| CVE-2024-53833 | 2025-01-03 | In prepare_response_locked of lwis_transaction.c, there is a possible out of... |
| CVE-2024-53834 | 2025-01-03 | In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of... |
| CVE-2024-53835 | 2025-01-03 | there is a possible biometric bypass due to an unusual... |
| CVE-2024-53836 | 2025-01-03 | In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of... |
| CVE-2024-53837 | 2025-01-03 | In prepare_response of lwis_periodic_io.c, there is a possible out of... |
| CVE-2024-53838 | 2025-01-03 | In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of... |
| CVE-2024-53839 | 2025-01-03 | In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of... |
| CVE-2024-53840 | 2025-01-03 | there is a possible biometric bypass due to an unusual... |
| CVE-2024-53841 | 2025-01-03 | In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to... |
| CVE-2024-53842 | 2025-01-03 | In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of... |
| CVE-2024-9138 | 2025-01-03 | Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances |
| CVE-2024-12132 | 2025-01-03 | WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference |
| CVE-2024-9140 | 2025-01-03 | Moxa’s cellular routers, secure routers, and network security appliances are... |
| CVE-2024-5591 | 2025-01-03 | IBM Jazz Foundation information disclosure |
| CVE-2024-41780 | 2025-01-03 | IBM Jazz Foundation information disclosure |
| CVE-2024-56320 | 2025-01-03 | GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user |
| CVE-2024-56321 | 2025-01-03 | GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access |
| CVE-2024-56322 | 2025-01-03 | GoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionality |
| CVE-2024-56324 | 2025-01-03 | GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins |
| CVE-2024-56408 | 2025-01-03 | PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file |
| CVE-2024-56513 | 2025-01-03 | Karmada PULL Mode Cluster Privilege Escalation |
| CVE-2024-56514 | 2025-01-03 | Karmada Tar Slips in CRDs archive extraction |
| CVE-2025-21609 | 2025-01-03 | SiYuan has an arbitrary file deletion vulnerability |
| CVE-2025-21610 | 2025-01-03 | Trix allows Cross-site Scripting via `javascript:` url in a link |
| CVE-2024-56365 | 2025-01-03 | PhpSpreadsheet vulnerable to unauthorized reflected XSS in the constructor of the Downloader class |
| CVE-2024-56366 | 2025-01-03 | PhpSpreadsheet vulnerable to unauthorized reflected XSS in the Accounting.php file |
| CVE-2024-56409 | 2025-01-03 | PhpSpreadsheet vulnerable to unauthorized reflected XSS in Currency.php file |
| CVE-2024-56410 | 2025-01-03 | PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability in custom properties |
| CVE-2024-56411 | 2025-01-03 | PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header |
| CVE-2024-56412 | 2025-01-03 | PhpSpreadsheet vulnerable to bypass of the XSS sanitizer using the javascript protocol and special characters |
| CVE-2025-0195 | 2025-01-03 | code-projects Point of Sales and Inventory Management System del_product.php sql injection |
| CVE-2025-0196 | 2025-01-03 | code-projects Point of Sales and Inventory Management System plist.php sql injection |
| CVE-2025-0197 | 2025-01-03 | code-projects Point of Sales and Inventory Management System search.php sql injection |
| CVE-2024-56332 | 2025-01-03 | Next.js Vulnerable to Denial of Service (DoS) with Server Actions |
| CVE-2025-0198 | 2025-01-03 | code-projects Point of Sales and Inventory Management System search_result.php sql injection |
| CVE-2024-13129 | 2025-01-03 | Roxy-WI roxy.py action_service os command injection |
| CVE-2024-12237 | 2025-01-03 | Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.15 - Authenticated (Subscriber+) Limited Server-Side Request Forgery |
| CVE-2024-11733 | 2025-01-03 | WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-55896 | 2025-01-03 | IBM PowerHA SystemMirror for i clickjacking |
| CVE-2024-55897 | 2025-01-03 | IBM PowerHA SystemMirror for i information disclosure |
| CVE-2025-0199 | 2025-01-03 | code-projects Point of Sales and Inventory Management System minus_cart.php sql injection |
| CVE-2025-22383 | 2025-01-04 | An issue was discovered in Optimizely Configured Commerce before 5.2.2408.... |
| CVE-2025-22384 | 2025-01-04 | An issue was discovered in Optimizely Configured Commerce before 5.2.2408.... |
| CVE-2025-22385 | 2025-01-04 | An issue was discovered in Optimizely Configured Commerce before 5.2.2408.... |
| CVE-2025-22386 | 2025-01-04 | An issue was discovered in Optimizely Configured Commerce before 5.2.2408.... |
| CVE-2025-22387 | 2025-01-04 | An issue was discovered in Optimizely Configured Commerce before 5.2.2408.... |
| CVE-2025-22388 | 2025-01-04 | An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A... |