CVE List - 2025 / January
Showing 3301 - 3400 of 4277 CVEs for January 2025 (Page 34 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-57277 | 2025-01-24 | InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting... |
| CVE-2025-23222 | 2025-01-24 | An issue was discovered in Deepin dde-api-proxy through 1.0.19 in... |
| CVE-2025-0314 | 2025-01-24 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-11931 | 2025-01-24 | Insufficient Granularity of Access Control in GitLab |
| CVE-2024-13659 | 2025-01-24 | Listamester <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13680 | 2025-01-24 | Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-13683 | 2025-01-24 | Automate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery to Activation Status Update |
| CVE-2024-13545 | 2025-01-24 | Bootstrap Ultimate <= 1.4.9 - Unauthenticated Limited Local File Inclusion |
| CVE-2024-13583 | 2025-01-24 | Simple Gallery with Filter <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12494 | 2025-01-24 | BMLT Meeting Map <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-23422 | 2025-01-24 | WordPress Store Locator plugin <= 3.98.10 - Local File Inclusion vulnerability |
| CVE-2025-23427 | 2025-01-24 | WordPress Redux Converter plugin <= 1.1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23522 | 2025-01-24 | WordPress HM Portfolio plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23621 | 2025-01-24 | WordPress Causes – Donation plugin <= 1.0.01 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23622 | 2025-01-24 | WordPress CBX Accounting & Bookkeeping plugin <= 1.3.14 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23711 | 2025-01-24 | WordPress Quote me plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23734 | 2025-01-24 | WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23737 | 2025-01-24 | WordPress Network-Favorites plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23837 | 2025-01-24 | WordPress One Backend Language Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23838 | 2025-01-24 | WordPress Bauernregeln Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23839 | 2025-01-24 | WordPress Sticky Button plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23885 | 2025-01-24 | WordPress MJ Contact us Plugin <= 5.2.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23888 | 2025-01-24 | WordPress Custom Page Extensions Plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23889 | 2025-01-24 | WordPress FooGallery Captions Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22714 | 2025-01-24 | WordPress MDJM Event Management Plugin <= 1.7.5.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-13409 | 2025-01-24 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() |
| CVE-2024-13572 | 2025-01-24 | Precious Metals Charts and Widgets for WordPress <= 1.2.8 - Authenticated (Contributor+) Stored Cross-site Scripting |
| CVE-2024-13594 | 2025-01-24 | Simple Downloads List <= 1.4.2 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-13542 | 2025-01-24 | WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13335 | 2025-01-24 | Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates <= 1.0.14 - Missing Authorization to Spexo Theme Install |
| CVE-2024-13354 | 2025-01-24 | Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13408 | 2025-01-24 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-41739 | 2025-01-24 | IBM Cognos Dashboards on Cloud Pak for Data privilege escalation |
| CVE-2024-11913 | 2025-01-24 | Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery |
| CVE-2024-10324 | 2025-01-24 | RomethemeKit For Elementor <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates |
| CVE-2024-9490 | 2025-01-24 | Uncontrolled search path can lead to DLL hijacking in Silicon Labs IDE installer |
| CVE-2024-9491 | 2025-01-24 | Uncontrolled search path can lead to DLL hijacking in Configuration Wizard 2 installer |
| CVE-2024-9492 | 2025-01-24 | Uncontrolled search path can lead to DLL hijacking in Flash Programming Utility installer |
| CVE-2024-9493 | 2025-01-24 | Uncontrolled search path can lead to DLL hijacking in ToolStick installer |
| CVE-2024-9494 | 2025-01-24 | Uncontrolled search path can lead to DLL hijacking in CP210 VCP Win 2k installer |
| CVE-2024-9495 | 2025-01-24 | Uncontrolled search path can lead to DLL hijacking in CP210x VCP Windows installer |
| CVE-2024-9496 | 2025-01-24 | Uncontrolled search path can lead to DLL hijacking in USBXpress Dev Kit installer |
| CVE-2024-9497 | 2025-01-24 | Uncontrolled search path can lead to DLL hijacking in USBXpress 4 SDK installer |
| CVE-2024-9498 | 2025-01-24 | Uncontrolled search path can lead to DLL hijacking in USBXpress SDK installer |
| CVE-2024-9499 | 2025-01-24 | Uncontrolled search path can lead to DLL hijacking in USBXpress Win 98SE Dev Kit installer |
| CVE-2025-22605 | 2025-01-24 | Coolify OS Command Injection Vulnerability in SSH Command Generation |
| CVE-2025-0697 | 2025-01-24 | Telstra Smart Modem Gen 2 HTTP Header injection |
| CVE-2024-41757 | 2025-01-24 | IBM Concert Software information disclosure |
| CVE-2024-40706 | 2025-01-24 | IBM InfoSphere Information Server information disclosure |
| CVE-2024-13698 | 2025-01-24 | Jobify - Job Board WordPress Theme <= 4.2.7 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Image Generation |
| CVE-2024-25034 | 2025-01-24 | IBM Planning Analytics file upload |
| CVE-2024-40693 | 2025-01-24 | IBM Planning Analytics file upload |
| CVE-2025-0698 | 2025-01-24 | JoeyBling bootplus list sql injection |
| CVE-2025-0699 | 2025-01-24 | JoeyBling bootplus list sql injection |
| CVE-2025-23991 | 2025-01-24 | WordPress Product Size Charts Plugin for WooCommerce plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2024-45077 | 2025-01-24 | IBM Maximo Asset Management file upload |
| CVE-2025-22606 | 2025-01-24 | Coolify Command Injection Vulnerability in Project Name |
| CVE-2025-22607 | 2025-01-24 | Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak |
| CVE-2025-22608 | 2025-01-24 | Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS) |
| CVE-2025-22609 | 2025-01-24 | Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE) |
| CVE-2025-22610 | 2025-01-24 | Coolify Vulnerable to OAuth Secrets Leak |
| CVE-2025-22611 | 2025-01-24 | Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE) |
| CVE-2025-22612 | 2025-01-24 | Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (RCE) |
| CVE-2025-24025 | 2025-01-24 | Coolify Vulnerable to Reflected XSS on Tag Search |
| CVE-2025-24355 | 2025-01-24 | Updatecli may expose Maven credentials in console output |
| CVE-2025-24359 | 2025-01-24 | ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape |
| CVE-2025-0700 | 2025-01-24 | JoeyBling bootplus list sql injection |
| CVE-2025-0701 | 2025-01-24 | JoeyBling bootplus list sql injection |
| CVE-2025-24555 | 2025-01-24 | WordPress Subscription DNA plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-24568 | 2025-01-24 | WordPress Starter Templates plugin <= 4.4.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24575 | 2025-01-24 | WordPress HelloAsso plugin <= 1.1.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24580 | 2025-01-24 | WordPress 12 Step Meeting List plugin <= 3.16.5 - Arbitrary Content Deletion vulnerability |
| CVE-2025-24561 | 2025-01-24 | WordPress ReviewsTap plugin <= 1.1.2 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-24582 | 2025-01-24 | WordPress 12 Step Meeting List plugin <= 3.16.5 - Sensitive Data Exposure vulnerability |
| CVE-2025-24546 | 2025-01-24 | WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24591 | 2025-01-24 | WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.1 - Broken Access Control vulnerability |
| CVE-2025-24571 | 2025-01-24 | WordPress WP Fast Total Search plugin <= 1.78.258 - Broken Access Control vulnerability |
| CVE-2025-24578 | 2025-01-24 | WordPress ElementInvader Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24585 | 2025-01-24 | WordPress Event post plugin <= 5.9.7 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24542 | 2025-01-24 | WordPress Icegram Engage plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24589 | 2025-01-24 | WordPress JSM Show Post Metadata plugin <= 4.6.0 - Broken Access Control vulnerability |
| CVE-2025-24579 | 2025-01-24 | WordPress Nested pages plugin <= 3.2.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24570 | 2025-01-24 | WordPress Atarim plugin <= 4.0.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24552 | 2025-01-24 | WordPress Paytium plugin <= 4.4.11 - Full Path Disclosure (FPD) vulnerability |
| CVE-2025-24547 | 2025-01-24 | WordPress Caching Compatible Cookie Opt-In plugin <= 0.0.10 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24573 | 2025-01-24 | WordPress Pagelayer plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24543 | 2025-01-24 | WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24588 | 2025-01-24 | WordPress Patreon WordPress plugin <= 1.9.1 - Broken Access Control vulnerability |
| CVE-2025-24572 | 2025-01-24 | WordPress WP Fast Total Search plugin <= 1.78.258 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24595 | 2025-01-24 | WordPress All Embed – Elementor Addons plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24562 | 2025-01-24 | WordPress KBucket plugin <= 4.1.6 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-24594 | 2025-01-24 | WordPress Linet ERP-Woocommerce Integration plugin <= 3.5.7 - CSRF to Broken Access Control vulnerability |
| CVE-2025-24604 | 2025-01-24 | WordPress Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin <= 3.0.5 - Broken Access Control vulnerability |
| CVE-2025-24596 | 2025-01-24 | WordPress WooCommerce Product Table Lite plugin <= 3.8.7 - Broken Access Control vulnerability |
| CVE-2025-24611 | 2025-01-24 | WordPress Export All Posts, Products, Orders, Refunds & Users Plugin <= 2.9 - Arbitrary File Read vulnerability |
| CVE-2025-24633 | 2025-01-24 | WordPress Build Private Store For Woocommerce plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-24636 | 2025-01-24 | WordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-24618 | 2025-01-24 | WordPress ElementInvader Addons for Elementor Plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2025-24622 | 2025-01-24 | WordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24610 | 2025-01-24 | WordPress Restrict Anonymous Access Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability |