CVE List - 2025 / January
Showing 301 - 400 of 4277 CVEs for January 2025 (Page 4 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-22390 | 2025-01-04 | An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A... |
| CVE-2025-22389 | 2025-01-04 | An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A... |
| CVE-2025-0200 | 2025-01-04 | code-projects Point of Sales and Inventory Management System search_num.php sql injection |
| CVE-2025-0201 | 2025-01-04 | code-projects Point of Sales and Inventory Management System update_account.php sql injection |
| CVE-2025-0202 | 2025-01-04 | TCS BaNCS REPORTS_SHOW_FILE.jsp file inclusion |
| CVE-2025-0203 | 2025-01-04 | code-projects Student Management System DbFunction.php showSubject1 sql injection |
| CVE-2024-12047 | 2025-01-04 | WP Compress – Instant Performance & Speed Optimization <= 6.30.03 - Reflected Cross-Site Scripting via custom_server Parameter |
| CVE-2024-12701 | 2025-01-04 | WP Smart Import : Import any XML File to WordPress <= 1.1.2 - Reflected Cross-Site Scripting |
| CVE-2024-11974 | 2025-01-04 | Media Library Assistant <= 3.23 - Reflected Cross-Site Scripting via smc_settings_tab, unattachfixit-action, and woofixit-action Parameters |
| CVE-2024-12545 | 2025-01-04 | Scratch & Win – Giveaways and Contests <= 2.7.1 - Cross-Site Request Forgery via reset_installation Function |
| CVE-2024-10932 | 2025-01-04 | Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace' |
| CVE-2025-0204 | 2025-01-04 | code-projects Online Shoe Store details.php sql injection |
| CVE-2024-12583 | 2025-01-04 | Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection |
| CVE-2024-11930 | 2025-01-04 | Taskbuilder – WordPress Project & Task Management plugin <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppm_tasks Shortcode |
| CVE-2025-0205 | 2025-01-04 | code-projects Online Shoe Store details2.php sql injection |
| CVE-2024-12221 | 2025-01-04 | Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter |
| CVE-2024-12475 | 2025-01-04 | WP Multi Store Locator <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12279 | 2025-01-04 | WP Social AutoConnect <= 4.6.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12195 | 2025-01-04 | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection |
| CVE-2025-0206 | 2025-01-04 | code-projects Online Shoe Store index.php access control |
| CVE-2025-0207 | 2025-01-04 | code-projects Online Shoe Store login.php sql injection |
| CVE-2025-0208 | 2025-01-04 | code-projects Online Shoe Store summary.php sql injection |
| CVE-2024-10957 | 2025-01-04 | UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection |
| CVE-2025-0210 | 2025-01-04 | Campcodes School Faculty Scheduling System ajax.php sql injection |
| CVE-2024-41768 | 2025-01-04 | IBM Engineering Lifecycle Optimization - Publishing unhandled SLL exception |
| CVE-2024-41767 | 2025-01-04 | IBM Engineering Lifecycle Optimization - Publishing SQL injection |
| CVE-2024-41765 | 2025-01-04 | IBM Engineering Lifecycle Optimization - Publishing directory traversal |
| CVE-2024-41766 | 2025-01-04 | IBM Engineering Lifecycle Optimization - Publishing denial of service |
| CVE-2024-41763 | 2025-01-04 | IBM Engineering Lifecycle Optimization - Publishing information disclosure |
| CVE-2025-0211 | 2025-01-04 | Campcodes School Faculty Scheduling System index.php file inclusion |
| CVE-2025-0212 | 2025-01-04 | Campcodes Student Grading System view_students.php sql injection |
| CVE-2025-0213 | 2025-01-04 | Campcodes Project Management System update_forms.php unrestricted upload |
| CVE-2025-0214 | 2025-01-04 | TMD Custom Header Menu index.php sql injection |
| CVE-2024-13130 | 2025-01-05 | Dahua IPC-HFW1200S Web Interface Sha1Account1 path traversal |
| CVE-2024-13132 | 2025-01-05 | Emlog Pro Subpage article.php cross site scripting |
| CVE-2024-13133 | 2025-01-05 | ZeroWdd studentmanager StudentController. java editStudent unrestricted upload |
| CVE-2025-0219 | 2025-01-05 | Trimble SPS851 Receiver Status Identity Tab cross site scripting |
| CVE-2024-13134 | 2025-01-05 | ZeroWdd studentmanager TeacherController. java editTeacher unrestricted upload |
| CVE-2024-13135 | 2025-01-05 | Emlog Pro Subpage twitter.php cross site scripting |
| CVE-2024-13136 | 2025-01-05 | wangl1989 mysiteforme ShiroConfig.java rememberMeManager deserialization |
| CVE-2024-13137 | 2025-01-05 | wangl1989 mysiteforme SiteController RestResponse cross site scripting |
| CVE-2024-13138 | 2025-01-05 | wangl1989 mysiteforme LocalUploadServiceImpl upload unrestricted upload |
| CVE-2024-13139 | 2025-01-05 | wangl1989 mysiteforme FileController doContent server-side request forgery |
| CVE-2024-13140 | 2025-01-05 | Emlog Pro Cover Upload article.php cross site scripting |
| CVE-2025-0220 | 2025-01-05 | Trimble SPS851 Ethernet Configuration Menu cross site scripting |
| CVE-2024-13141 | 2025-01-05 | osuuu LightPicture SVG File Upload upload cross site scripting |
| CVE-2025-0221 | 2025-01-05 | IOBit Protected Folder IOCTL pffilter.sys 0x22200c null pointer dereference |
| CVE-2025-0222 | 2025-01-05 | IObit Protected Folder IOCTL IUProcessFilter.sys 0x8001E004 null pointer dereference |
| CVE-2025-0223 | 2025-01-05 | IObit Protected Folder IOCTL IURegistryFilter.sys 0x8001E010 null pointer dereference |
| CVE-2025-0224 | 2025-01-05 | Provision-ISR SH-4050A-2 server.js information disclosure |
| CVE-2025-0225 | 2025-01-05 | Tsinghua Unigroup Electronic Archives System exampleDownload.html path traversal |
| CVE-2025-0226 | 2025-01-05 | Tsinghua Unigroup Electronic Archives System downLoad.html download information disclosure |
| CVE-2025-0227 | 2025-01-05 | Tsinghua Unigroup Electronic Archives System downLoad.html information disclosure |
| CVE-2025-0228 | 2025-01-05 | code-projects Local Storage Todo App index.html cross site scripting |
| CVE-2025-0229 | 2025-01-05 | code-projects Travel Management System enquiry.php sql injection |
| CVE-2025-0230 | 2025-01-05 | code-projects Responsive Hotel Site print.php sql injection |
| CVE-2025-0231 | 2025-01-05 | Codezips Gym Management System submit_payments.php sql injection |
| CVE-2025-0232 | 2025-01-05 | Codezips Blood Bank Management System successadmin.php sql injection |
| CVE-2025-0233 | 2025-01-05 | Codezips Project Management System course.php sql injection |
| CVE-2024-13142 | 2025-01-05 | ZeroWdd studentmanager RoleController. java submitAddRole cross site scripting |
| CVE-2024-13143 | 2025-01-05 | ZeroWdd studentmanager PermissionController. java submitAddPermission cross site scripting |
| CVE-2021-27285 | 2025-01-06 | An issue was discovered in Inspur ClusterEngine v4.0 that allows... |
| CVE-2024-35498 | 2025-01-06 | A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers... |
| CVE-2024-46073 | 2025-01-06 | A reflected Cross-Site Scripting (XSS) vulnerability exists in the login... |
| CVE-2024-46209 | 2025-01-06 | A stored cross-site scripting (XSS) vulnerability in the component /media/test.html... |
| CVE-2024-46622 | 2025-01-06 | An Escalation of Privilege security vulnerability was found in SecureAge... |
| CVE-2024-48455 | 2025-01-06 | An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582... |
| CVE-2024-48456 | 2025-01-06 | An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582... |
| CVE-2024-48457 | 2025-01-06 | An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582... |
| CVE-2024-51111 | 2025-01-06 | Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker... |
| CVE-2024-51112 | 2025-01-06 | Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to... |
| CVE-2024-53933 | 2025-01-06 | The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application... |
| CVE-2024-53934 | 2025-01-06 | The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through... |
| CVE-2024-53935 | 2025-01-06 | The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application... |
| CVE-2024-53936 | 2025-01-06 | The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through... |
| CVE-2024-54763 | 2025-01-06 | An access control issue in the component /login/hostinfo.cgi of ipTIME... |
| CVE-2024-54764 | 2025-01-06 | An access control issue in the component /login/hostinfo2.cgi of ipTIME... |
| CVE-2024-54879 | 2025-01-06 | SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic... |
| CVE-2024-54880 | 2025-01-06 | SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic... |
| CVE-2024-55074 | 2025-01-06 | The edit profile function of Grocy through 4.3.0 allows stored... |
| CVE-2024-55075 | 2025-01-06 | Grocy through 4.3.0 allows remote attackers to obtain sensitive information... |
| CVE-2024-55076 | 2025-01-06 | Grocy through 4.3.0 has no CSRF protection, as demonstrated by... |
| CVE-2024-55407 | 2025-01-06 | An issue in the DeviceloControl function of ITE Tech. Inc... |
| CVE-2024-55408 | 2025-01-06 | An improper access control vulnerability in the AsusSAIO.sys driver may... |
| CVE-2024-55529 | 2025-01-06 | Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template. |
| CVE-2024-56828 | 2025-01-06 | File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the... |
| CVE-2024-53931 | 2025-01-06 | The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through... |
| CVE-2024-53932 | 2025-01-06 | The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through... |
| CVE-2024-54767 | 2025-01-06 | An access control issue in the component /juis_boxinfo.xml of AVM... |
| CVE-2024-55553 | 2025-01-06 | In FRRouting (FRR) before 10.3 from 6.0 onward, all routes... |
| CVE-2024-13144 | 2025-01-06 | zhenfeng13 My-Blog BlogController.java uploadFileByEditomd unrestricted upload |
| CVE-2024-13145 | 2025-01-06 | zhenfeng13 My-Blog uploadController. java upload unrestricted upload |
| CVE-2024-20154 | 2025-01-06 | In Modem, there is a possible out of bounds write... |
| CVE-2024-20140 | 2025-01-06 | In power, there is a possible out of bounds write... |
| CVE-2024-20143 | 2025-01-06 | In V6 DA, there is a possible out of bounds... |
| CVE-2024-20144 | 2025-01-06 | In V6 DA, there is a possible out of bounds... |
| CVE-2024-20145 | 2025-01-06 | In V6 DA, there is a possible out of bounds... |
| CVE-2024-20146 | 2025-01-06 | In wlan STA driver, there is a possible out of... |
| CVE-2024-20148 | 2025-01-06 | In wlan STA FW, there is a possible out of... |
| CVE-2024-20105 | 2025-01-06 | In m4u, there is a possible out of bounds write... |