CVE List - 2025 / January
Showing 3901 - 4000 of 4277 CVEs for January 2025 (Page 40 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-0791 | 2025-01-28 | ESAFENET CDG sdDoneDetail.jsp sql injection |
| CVE-2024-23733 | 2025-01-29 | The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software... |
| CVE-2024-48761 | 2025-01-29 | Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows... |
| CVE-2024-51182 | 2025-01-29 | HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows... |
| CVE-2024-54851 | 2025-01-29 | Teedy <= 1.12 is vulnerable to Cross Site Request Forgery... |
| CVE-2024-54852 | 2025-01-29 | When LDAP connection is activated in Teedy versions between 1.9... |
| CVE-2024-57395 | 2025-01-29 | Password Vulnerability in Safety production process management system v1.0 allows... |
| CVE-2024-57436 | 2025-01-29 | RuoYi v4.8.0 was discovered to allow unauthorized attackers to view... |
| CVE-2024-57437 | 2025-01-29 | RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-57438 | 2025-01-29 | Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate... |
| CVE-2024-57439 | 2025-01-29 | An issue in the reset password interface of ruoyi v4.8.0... |
| CVE-2024-57509 | 2025-01-29 | Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local... |
| CVE-2024-57510 | 2025-01-29 | Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local... |
| CVE-2024-57513 | 2025-01-29 | A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function... |
| CVE-2024-57665 | 2025-01-29 | JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The... |
| CVE-2024-57965 | 2025-01-29 | In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL... |
| CVE-2025-24527 | 2025-01-29 | An issue was discovered in Akamai Enterprise Application Access (EAA)... |
| CVE-2023-35017 | 2025-01-29 | IBM Security Verify Governance information |
| CVE-2025-0792 | 2025-01-29 | ESAFENET CDG sdTodoDetail.jsp sql injection |
| CVE-2025-0793 | 2025-01-29 | ESAFENET CDG todoDetail.jsp sql injection |
| CVE-2025-0794 | 2025-01-29 | ESAFENET CDG todoDetail.jsp cross site scripting |
| CVE-2025-0795 | 2025-01-29 | ESAFENET CDG todolistjump.jsp cross site scripting |
| CVE-2025-0797 | 2025-01-29 | MicroWorld eScan Antivirus Quarantine Microworld default permission |
| CVE-2023-33838 | 2025-01-29 | IBM Security Verify Governance information disclosure |
| CVE-2025-0798 | 2025-01-29 | MicroWorld eScan Antivirus Quarantine rtscanner os command injection |
| CVE-2025-0800 | 2025-01-29 | SourceCodester Online Courseware Edit Teacher saveeditt.php cross site scripting |
| CVE-2025-23362 | 2025-01-29 | The old versions of EXIF Viewer Classic contain a cross-site... |
| CVE-2025-0802 | 2025-01-29 | SourceCodester Best Employee Management System Administrative Endpoint View_user.php access control |
| CVE-2025-0803 | 2025-01-29 | Codezips Gym Management System submit_plan_new.php sql injection |
| CVE-2025-0806 | 2025-01-29 | code-projects Job Recruitment _call_job_search_ajax.php cross site scripting |
| CVE-2025-0804 | 2025-01-29 | ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12749 | 2025-01-29 | Competition Form <= 2.0 - Reflected XSS |
| CVE-2024-13696 | 2025-01-29 | Flexible Wishlist for WooCommerce <= 1.2.25 - Unauthenticated Stored Cross-Site Scripting via wishlist_name Parameter |
| CVE-2024-7695 | 2025-01-29 | Out-of-bounds Write Vulnerability |
| CVE-2021-3978 | 2025-01-29 | Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki |
| CVE-2025-0617 | 2025-01-29 | An attacker with access to an HX 10.0.0 and previous... |
| CVE-2025-0762 | 2025-01-29 | Use after free in DevTools in Google Chrome prior to... |
| CVE-2024-13561 | 2025-01-29 | Target Video Easy Publish <= 3.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via brid_override_yt Shortcode |
| CVE-2025-0353 | 2025-01-29 | Divi Torque Lite <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-41140 | 2025-01-29 | Improper Authorization |
| CVE-2024-54461 | 2025-01-29 | Unsanitized Filenames in Flutter package file_selector_android Allow File Overwrites |
| CVE-2024-54462 | 2025-01-29 | Unsanitized Filenames in Flutter package image_picker_android Allow File Overwrites |
| CVE-2025-24374 | 2025-01-29 | Twig fixes a security issue where escaping was missing when using null coalesce operator (??) |
| CVE-2025-24792 | 2025-01-29 | Snowflake PHP PDO Driver has a Signed-to-Unsigned Conversion Error |
| CVE-2023-37412 | 2025-01-29 | IBM Aspera Faspex improper access control |
| CVE-2023-37398 | 2025-01-29 | IBM Aspera Faspex information disclosure |
| CVE-2023-37413 | 2025-01-29 | IBM Aspera Faspex information disclosure |
| CVE-2023-35907 | 2025-01-29 | IBM Aspera Faspex information disclosure |
| CVE-2025-24791 | 2025-01-29 | snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions |
| CVE-2025-24882 | 2025-01-29 | regclient may ignore pinned manifest digests |
| CVE-2025-24789 | 2025-01-29 | Snowflake JDBC allows an untrusted search path on Windows |
| CVE-2025-24790 | 2025-01-29 | Snowflake JDBC uses insecure temporary credential cache file permissions |
| CVE-2024-48849 | 2025-01-29 | Authentication and Authorization Issues |
| CVE-2024-10001 | 2025-01-29 | Code Injection Vulnerability in GitHub Enterprise Server Allows Arbitrary Code Execution via Message Handling |
| CVE-2024-48852 | 2025-01-29 | Information disclosures |
| CVE-2025-20014 | 2025-01-29 | mySCADA myPRO Manager OS Command Injection |
| CVE-2025-20061 | 2025-01-29 | mySCADA myPRO Manager OS Command Injection |
| CVE-2025-0840 | 2025-01-29 | GNU Binutils objdump.c disassemble_bytes stack-based overflow |
| CVE-2025-24884 | 2025-01-29 | kube-audit-rest's example logging configuration could disclose secret values in the audit log |
| CVE-2025-24788 | 2025-01-29 | Snowflake Connector for .NET has weak temporary files permissions |
| CVE-2025-24793 | 2025-01-29 | Snowflake Connector for Python has an SQL Injection in write_pandas |
| CVE-2025-24794 | 2025-01-29 | The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache |
| CVE-2025-24795 | 2025-01-29 | The Snowflake Connector for Python uses insecure cache files permissions |
| CVE-2025-0841 | 2025-01-29 | Aridius XYZ News loadMore deserialization |
| CVE-2025-0851 | 2025-01-29 | Path traversal issue in Deep Java Library |
| CVE-2025-0842 | 2025-01-29 | needyamin Library Card System Login admin.php sql injection |
| CVE-2024-11187 | 2025-01-29 | Many records in the additional section cause CPU exhaustion |
| CVE-2024-12705 | 2025-01-29 | DNS-over-HTTPS implementation suffers from multiple issues under heavy query load |
| CVE-2025-21415 | 2025-01-29 | Azure AI Face Service Elevation of Privilege Vulnerability |
| CVE-2025-0843 | 2025-01-29 | needyamin Library Card System Admin Panel admindashboard.php sql injection |
| CVE-2025-21396 | 2025-01-29 | Microsoft Account Elevation of Privilege Vulnerability |
| CVE-2025-0844 | 2025-01-29 | needyamin Library Card System Registration Page signup.php cross site scripting |
| CVE-2024-53615 | 2025-01-30 | A command injection vulnerability in the video thumbnail rendering component... |
| CVE-2024-55415 | 2025-01-30 | DevDojo Voyager through 1.8.0 is vulnerable to path traversal at... |
| CVE-2024-55416 | 2025-01-30 | DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS... |
| CVE-2024-55417 | 2025-01-30 | DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the... |
| CVE-2025-0846 | 2025-01-30 | 1000 Projects Employee Task Management System AdminLogin.php sql injection |
| CVE-2025-0847 | 2025-01-30 | 1000 Projects Employee Task Management System Login index.php sql injection |
| CVE-2025-0848 | 2025-01-30 | Tenda A18 HTTP POST Request SetCmdlineRun stack-based overflow |
| CVE-2025-0849 | 2025-01-30 | CampCodes School Management Software Staff edit-staff improper authorization |
| CVE-2025-23374 | 2025-01-30 | Dell Networking Switches running Enterprise SONiC OS, version(s) prior to... |
| CVE-2025-0373 | 2025-01-30 | Buffer overflow in some filesystems via NFS |
| CVE-2025-0374 | 2025-01-30 | Unprivileged access to system files |
| CVE-2025-0662 | 2025-01-30 | Uninitialized kernel memory disclosure via ktrace(2) |
| CVE-2024-12921 | 2025-01-30 | EthereumICO <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ethereum-ico Shortcode |
| CVE-2024-10309 | 2025-01-30 | Tracking Code Manager < 2.4.0 - Contributor+ Stored XSS |
| CVE-2024-12163 | 2025-01-30 | GoodLayers Core < 2.1.3 - Subscriber+ Stored XSS via SVG Upload |
| CVE-2024-12400 | 2025-01-30 | Tourmaster < 5.3.5 - Reflected XSS |
| CVE-2024-12638 | 2025-01-30 | Bulk Me Now <= 2.0 - Reflected XSS |
| CVE-2024-12708 | 2025-01-30 | Bulk Me Now <= 2.0 - Stored XSS via Shortcode |
| CVE-2024-12709 | 2025-01-30 | Bulk Me Now <= 2.0 - Message Deletion via CSRF |
| CVE-2024-13457 | 2025-01-30 | Event Tickets <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure |
| CVE-2024-13642 | 2025-01-30 | Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget |
| CVE-2024-13470 | 2025-01-30 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-13732 | 2025-01-30 | Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via section_tag Parameter |
| CVE-2024-13758 | 2025-01-30 | CP Contact Form with PayPal <= 1.3.52 - Cross-Site Request Forgery |
| CVE-2024-13694 | 2025-01-30 | WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function |
| CVE-2025-0834 | 2025-01-30 | Wondershare Dr.Fone Privilege Scalation Vulnerability |
| CVE-2025-21107 | 2025-01-30 | Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10... |
| CVE-2025-0861 | 2025-01-30 | VR-Frases (collect & share quotes) <= 3.0.1 - Authenticated (Admin+) SQL Injection |