CVE List - 2025 / January
Showing 3201 - 3300 of 4277 CVEs for January 2025 (Page 33 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-57723 | 2025-01-23 | lunasvg v3.0.0 was discovered to contain a segmentation violation via... |
| CVE-2024-57724 | 2025-01-23 | lunasvg v3.0.0 was discovered to contain a segmentation violation via... |
| CVE-2025-24529 | 2025-01-23 | An issue was discovered in phpMyAdmin 5.x before 5.2.2. An... |
| CVE-2025-24530 | 2025-01-23 | An issue was discovered in phpMyAdmin 5.x before 5.2.2. An... |
| CVE-2024-42182 | 2025-01-23 | HCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability |
| CVE-2024-42183 | 2025-01-23 | HCL BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability |
| CVE-2024-42184 | 2025-01-23 | HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme |
| CVE-2024-42185 | 2025-01-23 | HCL BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks |
| CVE-2023-32340 | 2025-01-23 | IBM Sterling B2B Integrator cross-site scripting |
| CVE-2023-50309 | 2025-01-23 | IBM Sterling B2B Integrator cross-site scripting |
| CVE-2024-42186 | 2025-01-23 | HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support |
| CVE-2024-42187 | 2025-01-23 | HCL BigFix Patch Download Plug-ins are affected by path traversal vulnerability |
| CVE-2025-24030 | 2025-01-23 | Envoy Admin Interface Exposed through prometheus metrics endpoint |
| CVE-2024-43710 | 2025-01-23 | Kibana server-side request forgery |
| CVE-2024-43707 | 2025-01-23 | Kibana exposure of sensitive information to an unauthorized actor |
| CVE-2024-52972 | 2025-01-23 | Kibana allocation of resources without limits or throttling leads to crash |
| CVE-2024-52975 | 2025-01-23 | Fleet Server sensitive information exposure via logs |
| CVE-2024-53299 | 2025-01-23 | Apache Wicket: An attacker can intentionally trigger a memory leak |
| CVE-2024-13511 | 2025-01-23 | Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset |
| CVE-2024-13593 | 2025-01-23 | BMLT Meeting Map <= 2.6.0 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-12957 | 2025-01-23 | A file handling command vulnerability in certain versions of Armoury... |
| CVE-2024-43708 | 2025-01-23 | An allocation of resources without limits or throttling in Kibana... |
| CVE-2025-0648 | 2025-01-23 | M-Files Server crash via EOT database driver configuration |
| CVE-2025-0619 | 2025-01-23 | Unsafe stored password recovery |
| CVE-2025-0635 | 2025-01-23 | Denial of Service condition in M-Files Server |
| CVE-2024-12043 | 2025-01-23 | Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13234 | 2025-01-23 | Product Table by WBW <= 2.1.2 - Unuthenticated SQL Injection |
| CVE-2024-12504 | 2025-01-23 | Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13236 | 2025-01-23 | Tainacan <= 0.21.12 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-13422 | 2025-01-23 | SEO Blogger to WordPress Migration using 301 Redirection <= 0.4.8 - Reflected Cross-Site Scripting |
| CVE-2024-13389 | 2025-01-23 | Cliptakes <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12118 | 2025-01-23 | The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13340 | 2025-01-23 | MDTF – Meta Data and Taxonomies Filter <= 1.3.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-23006 | 2025-01-23 | Pre-authentication deserialization of untrusted data vulnerability has been identified in... |
| CVE-2024-10539 | 2025-01-23 | Reflected XSS in Uyumsoft's ERP |
| CVE-2024-57947 | 2025-01-23 | netfilter: nf_set_pipapo: fix initial map fill |
| CVE-2025-23540 | 2025-01-23 | WordPress WP Front-end login and register plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-10846 | 2025-01-23 | Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop |
| CVE-2025-0637 | 2025-01-23 | Inadequate access control in Beta10 |
| CVE-2025-22264 | 2025-01-23 | WordPress WP Query Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22768 | 2025-01-23 | WordPress Rocket Media Library Mime Type plugin <= 2.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23541 | 2025-01-23 | WordPress Download, Downloads plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23544 | 2025-01-23 | WordPress StatPressCN plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23545 | 2025-01-23 | WordPress WP Social Broadcast plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23624 | 2025-01-23 | WordPress WpDevTool plugin <= 0.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23626 | 2025-01-23 | WordPress Kumihimo plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23628 | 2025-01-23 | WordPress GeoDigs plugin <= 3.4.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23629 | 2025-01-23 | WordPress Gallerio plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23634 | 2025-01-23 | WordPress Youtube Video Grid plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23636 | 2025-01-23 | WordPress My Favorite Car plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23722 | 2025-01-23 | WordPress Mind3doM RyeBread Widgets plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23723 | 2025-01-23 | WordPress Plestar Directory Listing plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23724 | 2025-01-23 | WordPress University Quizzes Online plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23725 | 2025-01-23 | WordPress Accessibility Task Manager plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23727 | 2025-01-23 | WordPress AZ Content Finder plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23729 | 2025-01-23 | WordPress XTRA Settings plugin <= 2.1.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23730 | 2025-01-23 | WordPress FLX Dashboard Groups plugin <= 0.0.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23733 | 2025-01-23 | WordPress SC Simple Zazzle plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23834 | 2025-01-23 | WordPress Links/Problem Reporter plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23835 | 2025-01-23 | WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23836 | 2025-01-23 | WordPress Custom Coming Soon Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23894 | 2025-01-23 | WordPress wp-flickr-press Plugin <= 2.6.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23960 | 2025-01-23 | WordPress Save & Import Image from URL Plugin <= 0.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52325 | 2025-01-23 | ECOVACS robot lawnmowers and vacuums command injection |
| CVE-2025-0650 | 2025-01-23 | Ovn: egress acls may be bypassed via specially crafted udp packet |
| CVE-2024-52328 | 2025-01-23 | ECOVACS lawnmowers and vacuums insecurely store audio warning files |
| CVE-2024-52329 | 2025-01-23 | ECOVACS HOME mobile app plugins do not properly validate TLS certificates |
| CVE-2024-52330 | 2025-01-23 | ECOVACS lawnmowers and vacuums do not properly validate TLS certificates |
| CVE-2024-52331 | 2025-01-23 | ECOVACS lawnmowers and vacuums deterministic firmware encryption key |
| CVE-2024-11147 | 2025-01-23 | ECOVACS lawnmowers and vacuums deterministic root password |
| CVE-2024-12078 | 2025-01-23 | ECOVACS lawnmowers and vacuums static BLE GATT encryption key |
| CVE-2024-12079 | 2025-01-23 | ECOVACS lawnmowers cleartext storage of anti-theft PIN |
| CVE-2024-52327 | 2025-01-23 | ECOVACS lawnmower and vacuum cloud service live video PIN bypass |
| CVE-2024-55925 | 2025-01-23 | API Security bypass through header manipulation |
| CVE-2024-55926 | 2025-01-23 | Arbitrary file upload, deletion and read through header manipulation |
| CVE-2025-23227 | 2025-01-23 | IBM Tivoli Application Dependency Discovery Manager cross-site scripting |
| CVE-2024-55927 | 2025-01-23 | Flawed token generation implementation & Hard-coded key implementation |
| CVE-2024-55928 | 2025-01-23 | Clear text secrets returned & Remote system secrets in clear text |
| CVE-2024-55929 | 2025-01-23 | Mail spoofing |
| CVE-2024-45672 | 2025-01-23 | IBM Security Verify Bridge data manipulation |
| CVE-2025-22153 | 2025-01-23 | try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter |
| CVE-2024-55930 | 2025-01-23 | Weak default folder permissions |
| CVE-2025-24034 | 2025-01-23 | Himmelblau leaks credentials in the debug log |
| CVE-2025-24033 | 2025-01-23 | @fastify/multipart vulnerable to unlimited consumption of resources |
| CVE-2025-24353 | 2025-01-23 | Directus privilege escalation vulnerability using Share feature |
| CVE-2025-23011 | 2025-01-23 | Fedora Repository archive extraction path traversal |
| CVE-2025-23012 | 2025-01-23 | Fedora Repository fedoraIntCallUser default credentials |
| CVE-2025-0693 | 2025-01-23 | Issue with AWS Sign-in IAM User Login Flow - Possible Username Enumeration |
| CVE-2021-42718 | 2025-01-23 | Sensitive data unnecessarily returned from authenticated API |
| CVE-2022-47090 | 2025-01-24 | GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function... |
| CVE-2024-50690 | 2025-01-24 | SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that... |
| CVE-2024-50692 | 2025-01-24 | SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that... |
| CVE-2024-50694 | 2025-01-24 | In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp... |
| CVE-2024-50695 | 2025-01-24 | SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer... |
| CVE-2024-50697 | 2025-01-24 | In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages,... |
| CVE-2024-50698 | 2025-01-24 | SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer... |
| CVE-2024-56404 | 2025-01-24 | In One Identity Identity Manager 9.x before 9.3, an insecure... |
| CVE-2024-57041 | 2025-01-24 | A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows... |
| CVE-2024-57095 | 2025-01-24 | SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker... |
| CVE-2024-57184 | 2025-01-24 | An issue was discovered in GPAC v0.8.0, as demonstrated by... |