CVE List - 2025 / January
Showing 3801 - 3900 of 4277 CVEs for January 2025 (Page 39 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-48310 | 2025-01-28 | AutoLib Software Systems OPAC v20.10 was discovered to have multiple... |
| CVE-2024-55968 | 2025-01-28 | An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1.... |
| CVE-2024-56529 | 2025-01-28 | Mailcow through 2024-11b has a session fixation vulnerability in the... |
| CVE-2024-57376 | 2025-01-28 | Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N,... |
| CVE-2024-57514 | 2025-01-28 | The TP-Link Archer A20 v3 router is vulnerable to Cross-site... |
| CVE-2024-57519 | 2025-01-28 | An issue in Open5GS v.2.7.2 allows a remote attacker to... |
| CVE-2025-22917 | 2025-01-28 | A reflected cross-site scripting (XSS) vulnerability in Audemium ERP <=0.9.0... |
| CVE-2024-27263 | 2025-01-28 | IBM Sterling B2B Integrator information disclosure |
| CVE-2022-3365 | 2025-01-28 | Emote Interactive Remote Mouse Server command injection due to weak encoding |
| CVE-2023-50316 | 2025-01-28 | IBM Sterling B2B Integrator information disclosure |
| CVE-2024-12647 | 2025-01-28 | Buffer overflow in CPCA font download processing of Small Office... |
| CVE-2024-12648 | 2025-01-28 | Buffer overflow in TIFF data EXIF tag processing of Small... |
| CVE-2024-12649 | 2025-01-28 | Buffer overflow in XPS data font processing of Small Office... |
| CVE-2024-45339 | 2025-01-28 | Vulnerability when creating log files in github.com/golang/glog |
| CVE-2024-45341 | 2025-01-28 | Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 |
| CVE-2024-45340 | 2025-01-28 | GOAUTH credential leak in cmd/go |
| CVE-2024-45336 | 2025-01-28 | Sensitive headers incorrectly sent after cross-domain redirect in net/http |
| CVE-2025-22865 | 2025-01-28 | ParsePKCS1PrivateKey panic with partial keys in crypto/x509 |
| CVE-2024-22315 | 2025-01-28 | IBM Fusion improper communication restriction |
| CVE-2024-0135 | 2025-01-28 | NVIDIA Container Toolkit contains an improper isolation vulnerability where a... |
| CVE-2024-0136 | 2025-01-28 | NVIDIA Container Toolkit contains an improper isolation vulnerability where a... |
| CVE-2024-0137 | 2025-01-28 | NVIDIA Container Toolkit contains an improper isolation vulnerability where a... |
| CVE-2024-0140 | 2025-01-28 | NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where... |
| CVE-2024-0150 | 2025-01-28 | NVIDIA GPU display driver for Windows and Linux contains a... |
| CVE-2024-0147 | 2025-01-28 | NVIDIA GPU display driver for Windows and Linux contains a... |
| CVE-2024-0149 | 2025-01-28 | NVIDIA GPU Display Driver for Linux contains a vulnerability which... |
| CVE-2024-53869 | 2025-01-28 | NVIDIA Unified Memory driver for Linux contains a vulnerability where... |
| CVE-2024-0146 | 2025-01-28 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU... |
| CVE-2024-53881 | 2025-01-28 | NVIDIA vGPU software contains a vulnerability in the host driver,... |
| CVE-2024-11135 | 2025-01-28 | Eventer <= 3.9.8 - Unauthenticated SQL Injection |
| CVE-2025-23084 | 2025-01-28 | A vulnerability has been identified in Node.js, specifically affecting the... |
| CVE-2025-24810 | 2025-01-28 | Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and... |
| CVE-2024-12723 | 2025-01-28 | Infility Global <= 2.9.8 - Reflected XSS |
| CVE-2024-12807 | 2025-01-28 | Social Share Buttons for WordPress <= 2.7 - Admin+ Stored XSS |
| CVE-2024-13448 | 2025-01-28 | ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data |
| CVE-2024-13509 | 2025-01-28 | WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-0321 | 2025-01-28 | ElementsKit Pro <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter |
| CVE-2024-13521 | 2025-01-28 | MailUp Auto Subscription <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13527 | 2025-01-28 | Philantro – Donations and Donor Management <= 5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via donate Shortcode |
| CVE-2025-0290 | 2025-01-28 | Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab |
| CVE-2024-23953 | 2025-01-28 | Apache Hive: Timing Attack Against Signature in LLAP util |
| CVE-2025-0736 | 2025-01-28 | Org.infinispan-infinispan-parent: exposure of sensitive information in application logs |
| CVE-2025-0750 | 2025-01-28 | Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting |
| CVE-2025-0752 | 2025-01-28 | Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access |
| CVE-2025-0754 | 2025-01-28 | Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing |
| CVE-2025-0065 | 2025-01-28 | Improper Neutralization of Argument Delimiters in TeamViewer Clients |
| CVE-2024-11954 | 2025-01-28 | Pimcore Search Document cross site scripting |
| CVE-2024-11956 | 2025-01-28 | Pimcore customer-data-framework list sql injection |
| CVE-2024-6351 | 2025-01-28 | Malformed packet leads to denial of service in NWK/APS layer |
| CVE-2024-7881 | 2025-01-28 | An unprivileged context can trigger a data memory-dependent prefetch engine... |
| CVE-2025-0659 | 2025-01-28 | Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix™ Private Cloud |
| CVE-2025-23045 | 2025-01-28 | CVAT allows remote code execution via tracker Nuclio functions |
| CVE-2025-23211 | 2025-01-28 | Tandoor Recipes - SSTI - Remote Code Execution |
| CVE-2025-23212 | 2025-01-28 | Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server |
| CVE-2025-23213 | 2025-01-28 | Tandoor Recipes - Stored XSS through Unrestricted File Upload |
| CVE-2025-24800 | 2025-01-28 | Critical vulnerability in `ismp-grandpa` <v15.0.1 |
| CVE-2025-0432 | 2025-01-28 | HMS Networks Ewon Flexy 202 Cleartext Transmission of Sensitive Information |
| CVE-2025-23385 | 2025-01-28 | In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before... |
| CVE-2025-0781 | 2025-01-28 | Incorrect Authorization in SimGear |
| CVE-2024-8401 | 2025-01-28 | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site... |
| CVE-2017-13317 | 2025-01-28 | In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of... |
| CVE-2017-13318 | 2025-01-28 | In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of... |
| CVE-2018-9373 | 2025-01-28 | In TdlsexRxFrameHandle of the MTK WLAN driver, there is a... |
| CVE-2018-9378 | 2025-01-28 | In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure... |
| CVE-2025-23055 | 2025-01-28 | Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface |
| CVE-2025-23056 | 2025-01-28 | Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface |
| CVE-2025-23057 | 2025-01-28 | Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface |
| CVE-2025-23054 | 2025-01-28 | Authenticated Response Manipulation allows Unauthorized Actions in Management Interface |
| CVE-2025-23053 | 2025-01-28 | Authenticated privilege escalation via broken access control |
| CVE-2024-13484 | 2025-01-28 | Openshift-gitops-operator-container: namespace isolation break |
| CVE-2025-0631 | 2025-01-28 | PowerFlex® 755 Credential Exposure Vulnerability |
| CVE-2025-0783 | 2025-01-28 | pankajindevops scale API Endpoint access control |
| CVE-2025-22217 | 2025-01-28 | Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability... |
| CVE-2025-24478 | 2025-01-28 | 5380/5580 Denial-of-Service Vulnerability |
| CVE-2025-24479 | 2025-01-28 | FactoryTalk® View Machine Edition - Local Code Injection |
| CVE-2025-24480 | 2025-01-28 | FactoryTalk® View Machine Editon - Remote Code Execution |
| CVE-2024-34732 | 2025-01-28 | In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code... |
| CVE-2024-34733 | 2025-01-28 | In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code... |
| CVE-2024-34748 | 2025-01-28 | In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due... |
| CVE-2024-40649 | 2025-01-28 | In TBD of TBD, there is a possible use-after-free due... |
| CVE-2024-40651 | 2025-01-28 | In TBD of TBD, there is a possible use-after-free due... |
| CVE-2024-40669 | 2025-01-28 | In TBD of TBD, there is a possible use after... |
| CVE-2024-40670 | 2025-01-28 | In TBD of TBD, there is a possible use after... |
| CVE-2024-40672 | 2025-01-28 | In onCreate of ChooserActivity.java, there is a possible way to... |
| CVE-2024-40673 | 2025-01-28 | In Source of ZipFile.java, there is a possible way for... |
| CVE-2024-40674 | 2025-01-28 | In validateSsid of WifiConfigurationUtil.java, there is a possible way to... |
| CVE-2024-40675 | 2025-01-28 | In parseUriInternal of Intent.java, there is a possible infinite loop... |
| CVE-2024-40676 | 2025-01-28 | In checkKeyIntent of AccountManagerService.java, there is a possible way to... |
| CVE-2024-40677 | 2025-01-28 | In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to... |
| CVE-2025-0784 | 2025-01-28 | Intelbras InControl Registered User usuario cleartext transmission |
| CVE-2025-24826 | 2025-01-28 | Local privilege escalation due to insecure folder permissions. The following... |
| CVE-2025-24481 | 2025-01-28 | FactoryTalk® View Site Edition - Incorrect Permission Assignment |
| CVE-2025-24482 | 2025-01-28 | FactoryTalk® View Site Edition - Local Code Injection |
| CVE-2025-0785 | 2025-01-28 | ESAFENET CDG SysConfig.jsp cross site scripting |
| CVE-2024-29869 | 2025-01-28 | Apache Hive: Credentials file created with non restrictive permissions |
| CVE-2025-0786 | 2025-01-28 | ESAFENET CDG appDetail.jsp sql injection |
| CVE-2025-0787 | 2025-01-28 | ESAFENET CDG appDetail.jsp cross site scripting |
| CVE-2025-0788 | 2025-01-28 | ESAFENET CDG content_top.jsp sql injection |
| CVE-2025-0789 | 2025-01-28 | ESAFENET CDG doneDetail.jsp sql injection |
| CVE-2025-0790 | 2025-01-28 | ESAFENET CDG doneDetail.jsp cross site scripting |