CVE List - 2025 / January
Showing 3501 - 3600 of 4277 CVEs for January 2025 (Page 36 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-12885 | 2025-01-25 | Connections Business Directory <= 10.4.66 - Authenticated (Admin+) Arbitrary Directory Deletion |
| CVE-2024-13548 | 2025-01-25 | Power Ups for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13599 | 2025-01-25 | LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name |
| CVE-2024-13458 | 2025-01-25 | WordPress SEO Friendly Accordion FAQ with AI assisted content generation <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12113 | 2025-01-25 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion |
| CVE-2024-13368 | 2025-01-25 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2024-11825 | 2025-01-25 | Broadstreet <= 1.50.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via zone Parameter |
| CVE-2024-13467 | 2025-01-25 | WP Contact Form7 Email Spam Blocker <= 1.0.0 - Reflected Cross-Site Scripting |
| CVE-2024-13586 | 2025-01-25 | Masy Gallery <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12817 | 2025-01-25 | Etsy Importer <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13441 | 2025-01-25 | Bilingual Linker <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13551 | 2025-01-25 | ABC Notation <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13550 | 2025-01-25 | ABC Notation <= 6.1.3 - Authenticated (Contributor+) Arbitrary File Read |
| CVE-2024-13370 | 2025-01-25 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) |
| CVE-2024-12826 | 2025-01-25 | GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update |
| CVE-2024-13449 | 2025-01-25 | Boom Fest <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update |
| CVE-2024-13450 | 2025-01-25 | Contact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery |
| CVE-2025-0350 | 2025-01-25 | Divi Carousel Lite <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets |
| CVE-2024-13562 | 2025-01-25 | Import WP – Export and Import CSV and XML files to WordPress <= 2.14.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2024-35111 | 2025-01-25 | IBM Control Center information disclosure |
| CVE-2024-35112 | 2025-01-25 | IBM Control Center cross-site scripting |
| CVE-2024-35113 | 2025-01-25 | IBM Control Center information disclosure |
| CVE-2024-35114 | 2025-01-25 | IBM Control Center information disclosure |
| CVE-2023-38716 | 2025-01-25 | IBM Cloud Pak System information disclosure |
| CVE-2023-38012 | 2025-01-25 | IBM Cloud Pak System directory traversal |
| CVE-2023-38013 | 2025-01-25 | IBM Cloud Pak System information disclosure |
| CVE-2023-38714 | 2025-01-25 | IBM Cloud Pak System information disclosure |
| CVE-2023-38713 | 2025-01-25 | IBM Cloud Pak System information disclosure |
| CVE-2023-38271 | 2025-01-25 | IBM Cloud Pak System information disclosure |
| CVE-2024-39750 | 2025-01-25 | IBM Analytics Content Hub buffer overflow |
| CVE-2024-35134 | 2025-01-25 | IBM Analytics Content Hub information disclosure |
| CVE-2024-35145 | 2025-01-25 | IBM Maximo Application Suite cross-site scripting |
| CVE-2024-35144 | 2025-01-25 | IBM Maximo Application Suite information disclosure |
| CVE-2024-35148 | 2025-01-25 | IBM Maximo Application Suite SQL injection |
| CVE-2024-35150 | 2025-01-25 | IBM Maximo Application Suite log manipulation |
| CVE-2025-0542 | 2025-01-25 | G DATA Management Server Local privilege escalation |
| CVE-2025-0543 | 2025-01-25 | G DATA Security Client Local privilege escalation |
| CVE-2022-49043 | 2025-01-26 | xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. |
| CVE-2024-46881 | 2025-01-26 | Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control.... |
| CVE-2025-24858 | 2025-01-26 | Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who... |
| CVE-2024-10636 | 2025-01-26 | Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Reflected DOM-Based Cross-Site Scripting via content |
| CVE-2024-10628 | 2025-01-26 | Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated SQL Injection via id |
| CVE-2024-10574 | 2025-01-26 | Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Missing Authorization to Google Sheets Integration Credentials Modification and Stored Cross-Site Scripting |
| CVE-2024-10633 | 2025-01-26 | Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content |
| CVE-2024-11090 | 2025-01-26 | Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-10705 | 2025-01-26 | Multiple Page Generator Plugin – MPG <= 4.0.5 - Authenticated (Editor+) Server-Side Request Forgery via fileUrl |
| CVE-2024-11936 | 2025-01-26 | Zox News <= 3.16.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-11641 | 2025-01-26 | VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-12334 | 2025-01-26 | WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.4 - Reflected Cross-Site Scripting |
| CVE-2024-13505 | 2025-01-26 | Survey Maker <= 5.1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Survey Question |
| CVE-2024-31906 | 2025-01-26 | IBM Automation Decision Services information disclosure |
| CVE-2023-50945 | 2025-01-26 | IBM Common Licensing information disclosure |
| CVE-2023-50946 | 2025-01-26 | IBM Common Licensing information disclosure |
| CVE-2023-38009 | 2025-01-26 | IBM Cognos Analytics Mobile information disclosure |
| CVE-2017-20196 | 2025-01-26 | Itechscripts School Management Software notice-edit.php sql injection |
| CVE-2025-0720 | 2025-01-26 | Microword eScan Antivirus Folder Watch List rtscanner removeExtraSlashes stack-based overflow |
| CVE-2025-0721 | 2025-01-26 | needyamin image_gallery view.php cross site scripting |
| CVE-2025-0722 | 2025-01-26 | needyamin image_gallery Cover Image gallery.php unrestricted upload |
| CVE-2024-26317 | 2025-01-27 | In illumos illumos-gate 2024-02-15, an error occurs in the elliptic... |
| CVE-2024-48416 | 2025-01-27 | Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable... |
| CVE-2024-48417 | 2025-01-27 | Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable... |
| CVE-2024-48418 | 2025-01-27 | In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the... |
| CVE-2024-48419 | 2025-01-27 | Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from... |
| CVE-2024-48420 | 2025-01-27 | Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable... |
| CVE-2024-48662 | 2025-01-27 | Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (4778) and... |
| CVE-2024-54728 | 2025-01-27 | Incorrect access control in BYD QIN PLUS DM-i Dilink OS... |
| CVE-2024-55227 | 2025-01-27 | A cross-site scripting (XSS) vulnerability in the Events/Agenda module of... |
| CVE-2024-55228 | 2025-01-27 | A cross-site scripting (XSS) vulnerability in the Product module of... |
| CVE-2024-56178 | 2025-01-27 | An issue was discovered in Couchbase Server 7.6.x through 7.6.3.... |
| CVE-2024-56316 | 2025-01-27 | In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user... |
| CVE-2024-56947 | 2025-01-27 | An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS... |
| CVE-2024-56948 | 2025-01-27 | An issue in KuGou Technology CO. LTD KuGou Music iOS... |
| CVE-2024-56949 | 2025-01-27 | An issue in Guangzhou Polar Future Culture Technology Co., Ltd... |
| CVE-2024-56950 | 2025-01-27 | An issue in KuGou Technology Co., Ltd KuGou Concept iOS... |
| CVE-2024-56951 | 2025-01-27 | An issue in Hangzhou Bobo Technology Co Ltd UU Game... |
| CVE-2024-56952 | 2025-01-27 | An issue in Beijing Baidu Netcom Science & Technology Co... |
| CVE-2024-56953 | 2025-01-27 | An issue in Baidu (China) Co Ltd Baidu Input Method... |
| CVE-2024-56954 | 2025-01-27 | An issue in Beijing Baidu Netcom Science & Technology Co... |
| CVE-2024-56955 | 2025-01-27 | An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS... |
| CVE-2024-56957 | 2025-01-27 | An issue in Kingsoft Office Software Corporation Limited WPS Office... |
| CVE-2024-56959 | 2025-01-27 | An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS... |
| CVE-2024-56960 | 2025-01-27 | An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe... |
| CVE-2024-56962 | 2025-01-27 | An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS... |
| CVE-2024-56963 | 2025-01-27 | An issue in Beijing Sogou Technology Development Co., Ltd Sogou... |
| CVE-2024-56964 | 2025-01-27 | An issue in Che Hao Duo Used Automobile Agency (Beijing)... |
| CVE-2024-56965 | 2025-01-27 | An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo... |
| CVE-2024-56966 | 2025-01-27 | An issue in Shanghai Xuan Ting Entertainment Information & Technology... |
| CVE-2024-56967 | 2025-01-27 | An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS... |
| CVE-2024-56968 | 2025-01-27 | An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home... |
| CVE-2024-56969 | 2025-01-27 | An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS... |
| CVE-2024-56971 | 2025-01-27 | An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co.,... |
| CVE-2024-56972 | 2025-01-27 | An issue in Midea Group Co., Ltd Midea Home iOS... |
| CVE-2024-57052 | 2025-01-27 | An issue in youdiancms v.9.5.20 and before allows a remote... |
| CVE-2024-57272 | 2025-01-27 | SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site... |
| CVE-2024-57276 | 2025-01-27 | In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service... |
| CVE-2024-57373 | 2025-01-27 | Cross Site Request Forgery (CSRF) vulnerability in LifestyleStore v1.0 allows... |
| CVE-2024-57546 | 2025-01-27 | An issue in CMSimple v.5.16 allows a remote attacker to... |
| CVE-2024-57547 | 2025-01-27 | Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker... |
| CVE-2024-57548 | 2025-01-27 | CMSimple 5.16 allows the user to edit log.php file via... |
| CVE-2024-57549 | 2025-01-27 | CMSimple 5.16 allows the user to read cms source code... |