CVE List - 2025 / January
Showing 4101 - 4200 of 4277 CVEs for January 2025 (Page 42 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-0570 | 2025-01-30 | Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| CVE-2025-0571 | 2025-01-30 | Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| CVE-2025-0569 | 2025-01-30 | Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| CVE-2025-0573 | 2025-01-30 | Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability |
| CVE-2025-0572 | 2025-01-30 | Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability |
| CVE-2025-0574 | 2025-01-30 | Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability |
| CVE-2024-11609 | 2025-01-30 | AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-11610 | 2025-01-30 | AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2024-11611 | 2025-01-30 | AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2025-0880 | 2025-01-30 | Codezips Gym Management System updateplan.php sql injection |
| CVE-2025-0881 | 2025-01-30 | Codezips Gym Management System saveroutine.php sql injection |
| CVE-2025-0882 | 2025-01-30 | code-projects Chat System addnewmember.php sql injection |
| CVE-2025-24886 | 2025-01-30 | pwn.college has Symlink LFI in Dojo repos |
| CVE-2025-24885 | 2025-01-30 | pwn.college has a XSS on dojo pages |
| CVE-2024-24731 | 2025-01-30 | Silicon Labs Gecko OS http_download Stack-based Buffer Overflow |
| CVE-2024-23973 | 2025-01-30 | Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow |
| CVE-2024-23968 | 2025-01-30 | ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow |
| CVE-2024-23969 | 2025-01-30 | ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write |
| CVE-2024-23970 | 2025-01-30 | ChargePoint Home Flex Improper Certificate Validation |
| CVE-2024-23971 | 2025-01-30 | ChargePoint Home Flex OCPP bswitch Command Injection |
| CVE-2024-1211 | 2025-01-30 | Cross-Site Request Forgery (CSRF) in GitLab |
| CVE-2023-6195 | 2025-01-30 | Server-Side Request Forgery (SSRF) in GitLab |
| CVE-2024-23962 | 2025-01-30 | Alpine Halo9 Missing Authentication |
| CVE-2024-23963 | 2025-01-30 | Alpine Halo9 Stack-based Buffer Overflow |
| CVE-2024-42671 | 2025-01-31 | A Host Header Poisoning Open Redirect issue in slabiak Appointment... |
| CVE-2024-47857 | 2025-01-31 | SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation... |
| CVE-2024-52875 | 2025-01-31 | An issue was discovered in GFI Kerio Control 9.2.5 through... |
| CVE-2024-53007 | 2025-01-31 | Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL... |
| CVE-2024-53319 | 2025-01-31 | A heap buffer overflow in the XML Text Escaping component... |
| CVE-2024-53320 | 2025-01-31 | Qualisys C++ SDK commit a32a21a was discovered to contain multiple... |
| CVE-2024-53354 | 2025-01-31 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and... |
| CVE-2024-53355 | 2025-01-31 | Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0... |
| CVE-2024-53356 | 2025-01-31 | Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and... |
| CVE-2024-53357 | 2025-01-31 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and... |
| CVE-2024-53537 | 2025-01-31 | An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to... |
| CVE-2024-53582 | 2025-01-31 | An issue found in the Copy and View functions in... |
| CVE-2024-53584 | 2025-01-31 | OpenPanel v0.3.4 was discovered to contain an OS command injection... |
| CVE-2024-55062 | 2025-01-31 | Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope... |
| CVE-2024-57432 | 2025-01-31 | macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT... |
| CVE-2024-57433 | 2025-01-31 | macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via... |
| CVE-2024-57434 | 2025-01-31 | macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The... |
| CVE-2024-57435 | 2025-01-31 | In macrozheng mall-tiny 1.0.1, an attacker can send null data... |
| CVE-2024-57587 | 2025-01-31 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and... |
| CVE-2025-22957 | 2025-01-31 | A SQL injection vulnerability exists in the front-end of the... |
| CVE-2025-22994 | 2025-01-31 | O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in... |
| CVE-2025-23001 | 2025-01-31 | A Host header injection vulnerability exists in CTFd 3.7.5, due... |
| CVE-2024-23930 | 2025-01-31 | Pioneer DMH-WT7600NEX Media Service Improper Handling of Exceptional Conditions |
| CVE-2025-24336 | 2025-01-31 | SXF Common Library handles input data improperly. If a product... |
| CVE-2024-23937 | 2025-01-31 | Silicon Labs Gecko OS Debug Interface Format String |
| CVE-2024-23928 | 2025-01-31 | Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation |
| CVE-2024-23929 | 2025-01-31 | Pioneer DMH-WT7600NEX Telematics Directory Traversal |
| CVE-2024-23920 | 2025-01-31 | ChargePoint Home Flex Improper Access Control |
| CVE-2024-23921 | 2025-01-31 | ChargePoint Home Flex Command Injection |
| CVE-2022-28653 | 2025-01-31 | Users can consume unlimited disk space in /var/crash |
| CVE-2020-11936 | 2025-01-31 | gdbus setgid privilege escalation |
| CVE-2022-1736 | 2025-01-31 | Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be... |
| CVE-2023-0092 | 2025-01-31 | An authenticated user who has read access to the juju... |
| CVE-2024-13399 | 2025-01-31 | Gosign – Posts Slider Block <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13767 | 2025-01-31 | Live2DWebCanvas <= 1.9.11 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2024-13396 | 2025-01-31 | Frictionless <= 0.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13397 | 2025-01-31 | WPRadio – WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-46974 | 2025-01-31 | GPU DDK - Arbitrary write of read-only dmabuf |
| CVE-2024-47891 | 2025-01-31 | GPU DDK - Exploitable double free on PTL_STREAM_DESC object in the kernel function TLServerCloseStreamKM due to a race condition |
| CVE-2024-47898 | 2025-01-31 | GPU DDK - PVRSRVDeviceSyncOpen use-after-free condition |
| CVE-2024-47899 | 2025-01-31 | GPU DDK - PVRSRVDeviceServicesOpen use-after-free condition |
| CVE-2024-47900 | 2025-01-31 | GPU DDK - Multiple integer overflow in DmaTransfer PMR_DevPhysAddr functions leading to OOB writes |
| CVE-2024-13463 | 2025-01-31 | SeatReg <= 1.56.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-0470 | 2025-01-31 | Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter |
| CVE-2025-0507 | 2025-01-31 | Ticketmeo – Sell Tickets – Event Ticketing <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-0493 | 2025-01-31 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion |
| CVE-2024-10867 | 2025-01-31 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload |
| CVE-2024-13216 | 2025-01-31 | HT Event – WordPress Event Manager Plugin for Elementor <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor |
| CVE-2025-0809 | 2025-01-31 | Link Fixer <= 3.4 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-11886 | 2025-01-31 | Contact Form and Calls To Action by vcita <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13717 | 2025-01-31 | Contact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Toggle |
| CVE-2024-13504 | 2025-01-31 | Shared Files – Frontend File Upload Form & Secure File Sharing <= 1.7.42 - Limited Unauthenticated Stored Cross-Site Scripting via File Upload |
| CVE-2024-13415 | 2025-01-31 | Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-13424 | 2025-01-31 | Ni Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission Update |
| CVE-2025-22216 | 2025-01-31 | CVE-2025-22216 UAA Missing Zone Validation |
| CVE-2024-12275 | 2025-01-31 | CanvasFlow <= 1.5.5 - Reflected XSS |
| CVE-2024-12772 | 2025-01-31 | Ninja Tables < 5.0.17 - Admin+ Stored XSS |
| CVE-2024-12872 | 2025-01-31 | Zalomení <= 1.5 - Admin+ Stored XSS |
| CVE-2024-13100 | 2025-01-31 | Woo UPS Pickup <= 2.6.3 - Reflected XSS |
| CVE-2024-13101 | 2025-01-31 | WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS |
| CVE-2024-13112 | 2025-01-31 | WP MediaTagger <= 4.1.1 - Reflected XSS |
| CVE-2024-13218 | 2025-01-31 | Fast Tube <= 2.3.1 - Reflected XSS |
| CVE-2024-13219 | 2025-01-31 | Policy Genius <= 2.0.4 - Reflected XSS |
| CVE-2024-13220 | 2025-01-31 | Google Map Professional <= 1.0 - Reflected XSS |
| CVE-2024-13221 | 2025-01-31 | Fantastic Elasticsearch <= 4.1.0 - Reflected XSS |
| CVE-2024-13222 | 2025-01-31 | User Messages <= 1.2.4 - Reflected XSS |
| CVE-2024-13223 | 2025-01-31 | Tabulate <= 2.10.3 - Reflected XSS |
| CVE-2024-13224 | 2025-01-31 | SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS |
| CVE-2024-13225 | 2025-01-31 | ECT Home Page Products <= 1.9 - Reflected XSS |
| CVE-2024-13226 | 2025-01-31 | A5 Custom Login Page <= 2.8.1 - Reflected XSS |
| CVE-2024-13623 | 2025-01-31 | Order Export for WooCommerce <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2024-13530 | 2025-01-31 | Custom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session Termination |
| CVE-2024-13157 | 2025-01-31 | MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Podcast RSS Feed |
| CVE-2024-13566 | 2025-01-31 | WP DataTable <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-44055 | 2025-01-31 | WordPress Oshine Modules plugin < 3.3.6 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-22265 | 2025-01-31 | WordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerability |