CVE List - 2025 / January
Showing 401 - 500 of 4277 CVEs for January 2025 (Page 5 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-20149 | 2025-01-06 | In Modem, there is a possible system crash due to... |
| CVE-2024-20150 | 2025-01-06 | In Modem, there is a possible system crash due to... |
| CVE-2024-20151 | 2025-01-06 | In Modem, there is a possible out of bounds write... |
| CVE-2024-20152 | 2025-01-06 | In wlan STA driver, there is a possible reachable assertion... |
| CVE-2024-20153 | 2025-01-06 | In wlan STA, there is a possible way to trick... |
| CVE-2024-11356 | 2025-01-06 | Tourmaster < 5.3.4 - Unauthenticated Stored XSS via Room Booking |
| CVE-2024-11849 | 2025-01-06 | Pods – Custom Content Types and Fields < 3.2.8.1 - Admin+ Stored XSS |
| CVE-2024-12302 | 2025-01-06 | Icegram Engage < 3.1.32 - Author+ Stored XSS |
| CVE-2024-12311 | 2025-01-06 | Email Subscribers < 5.7.44 - Admin+ SQL Injection |
| CVE-2024-21464 | 2025-01-06 | Buffer Copy Without Checking Size of Input in Data Network Stack & Connectivity |
| CVE-2024-23366 | 2025-01-06 | Buffer Over-read in Automotive Autonomy |
| CVE-2024-33041 | 2025-01-06 | Use of Out-of-range Pointer Offset in Computer Vision |
| CVE-2024-33055 | 2025-01-06 | Use After Free in Computer Vision |
| CVE-2024-33059 | 2025-01-06 | Use After Free in Computer Vision |
| CVE-2024-33061 | 2025-01-06 | Buffer Over-read in DSP Service |
| CVE-2024-33067 | 2025-01-06 | Buffer Over-read in Audio |
| CVE-2024-43063 | 2025-01-06 | Buffer Over-read in Automotive Autonomy |
| CVE-2024-43064 | 2025-01-06 | Permissions, Privileges, and Access Controls issue in Automotive OS Platform |
| CVE-2024-45541 | 2025-01-06 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Windows Host |
| CVE-2024-45542 | 2025-01-06 | Stack-based Buffer Overflow in WLAN Windows Host |
| CVE-2024-45546 | 2025-01-06 | Buffer Over-read in WLAN Windows Host |
| CVE-2024-45547 | 2025-01-06 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Windows Host |
| CVE-2024-45548 | 2025-01-06 | Buffer Over-read in WLAN Windows Host |
| CVE-2024-45550 | 2025-01-06 | Improper Validation of Array Index in DSP Services |
| CVE-2024-45553 | 2025-01-06 | Use After Free in DSP Services |
| CVE-2024-45555 | 2025-01-06 | Integer Overflow to Buffer Overflow in Automotive OS Platform |
| CVE-2024-45558 | 2025-01-06 | Buffer Over-read in WLAN Host Cmn |
| CVE-2024-45559 | 2025-01-06 | Buffer Over-read in Automotive OS Platform |
| CVE-2024-12970 | 2025-01-06 | OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer |
| CVE-2024-5594 | 2025-01-06 | OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which... |
| CVE-2024-8474 | 2025-01-06 | OpenVPN Connect before version 3.5.0 can contain the configuration profile's... |
| CVE-2025-21604 | 2025-01-06 | LangChain4j-AIDeepin Using MD5 to Hash files may cause file upload conflicts |
| CVE-2025-21611 | 2025-01-06 | tgstation-server's role authorization incorrectly OR'd with user's enabled status |
| CVE-2025-21612 | 2025-01-06 | Cross-site Scripting in TabberTransclude in Extension:TabberNeue |
| CVE-2024-31913 | 2025-01-06 | IBM Sterling B2B Integrator cross-site scripting |
| CVE-2024-31914 | 2025-01-06 | IBM Sterling B2B Integrator cross-site scripting |
| CVE-2025-21613 | 2025-01-06 | go-git has an Argument Injection via the URL field |
| CVE-2025-21614 | 2025-01-06 | go-git clients vulnerable to DoS via maliciously crafted Git server replies |
| CVE-2024-56757 | 2025-01-06 | Bluetooth: btusb: mediatek: add intf release flow when usb disconnect |
| CVE-2024-56758 | 2025-01-06 | btrfs: check folio mapping after unlock in relocate_one_folio() |
| CVE-2024-56759 | 2025-01-06 | btrfs: fix use-after-free when COWing tree bock and tracing is enabled |
| CVE-2024-56760 | 2025-01-06 | PCI/MSI: Handle lack of irqdomain gracefully |
| CVE-2024-56761 | 2025-01-06 | x86/fred: Clear WFE in missing-ENDBRANCH #CPs |
| CVE-2024-56763 | 2025-01-06 | tracing: Prevent bad count for tracing_cpumask_write |
| CVE-2024-56764 | 2025-01-06 | ublk: detach gendisk from ublk device if add_disk() fails |
| CVE-2024-56765 | 2025-01-06 | powerpc/pseries/vas: Add close() callback in vas_vm_ops struct |
| CVE-2024-56766 | 2025-01-06 | mtd: rawnand: fix double free in atmel_pmecc_create_user() |
| CVE-2024-56767 | 2025-01-06 | dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset |
| CVE-2024-56768 | 2025-01-06 | bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP |
| CVE-2024-56769 | 2025-01-06 | media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg |
| CVE-2025-21615 | 2025-01-06 | AAT allows data exfiltration by other apps installed on the same device |
| CVE-2025-21618 | 2025-01-06 | NiceGUI On Air authentication issue |
| CVE-2024-51472 | 2025-01-06 | IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection |
| CVE-2023-6601 | 2025-01-06 | Ffmpeg: hls unsafe file extension bypass in ffmpeg |
| CVE-2023-6604 | 2025-01-06 | Ffmpeg: hls xbin demuxer dos amplification in ffmpeg |
| CVE-2023-6605 | 2025-01-06 | Ffmpeg: dash playlist ssrf vulnerability in ffmpeg |
| CVE-2024-55605 | 2025-01-06 | Suricata allows stack overflow in transforms |
| CVE-2024-47475 | 2025-01-06 | Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission... |
| CVE-2024-55626 | 2025-01-06 | Suricata oversized bpf file can lead to buffer overflow |
| CVE-2024-55627 | 2025-01-06 | Suricata segfault on StreamingBufferSlideToOffsetWithRegions |
| CVE-2024-55628 | 2025-01-06 | Suricata oversized resource names utilizing DNS name compression can lead to resource starvation |
| CVE-2024-55629 | 2025-01-06 | Suricata generic detection bypass using TCP urgent support |
| CVE-2025-21617 | 2025-01-06 | Guzzle OAuth Subscriber has insufficient nonce entropy |
| CVE-2024-46981 | 2025-01-06 | Redis' Lua library commands may lead to remote code execution |
| CVE-2024-51741 | 2025-01-06 | Redis allows denial-of-service due to malformed ACL selectors |
| CVE-2025-21616 | 2025-01-06 | Plane has a Cross-site scripting (XSS) via SVG image upload |
| CVE-2025-21620 | 2025-01-06 | Deno's authorization headers not dropped when redirecting cross-origin |
| CVE-2022-41572 | 2025-01-07 | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege... |
| CVE-2022-41573 | 2025-01-07 | An issue was discovered in Ovidentia 8.3. The file upload... |
| CVE-2022-45185 | 2025-01-07 | An issue was discovered in SuiteCRM 7.12.7. Authenticated users can... |
| CVE-2022-45186 | 2025-01-07 | An issue was discovered in SuiteCRM 7.12.7. Authenticated users can... |
| CVE-2024-35532 | 2025-01-07 | An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea... |
| CVE-2024-40427 | 2025-01-07 | Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to... |
| CVE-2024-44450 | 2025-01-07 | Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew.... |
| CVE-2024-46242 | 2025-01-07 | An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd... |
| CVE-2024-46601 | 2025-01-07 | Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered... |
| CVE-2024-46602 | 2025-01-07 | An issue was discovered in Elspec G5 digital fault recorder... |
| CVE-2024-46603 | 2025-01-07 | An XML External Entity (XXE) vulnerability in Elspec Engineering G5... |
| CVE-2024-48245 | 2025-01-07 | Vehicle Management System 1.0 is vulnerable to SQL Injection. A... |
| CVE-2024-50658 | 2025-01-07 | Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows... |
| CVE-2024-50659 | 2025-01-07 | Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows... |
| CVE-2024-50660 | 2025-01-07 | File Upload Bypass was found in AdPortal 3.0.39 allows a... |
| CVE-2024-53345 | 2025-01-07 | An authenticated arbitrary file upload vulnerability in Car Rental Management... |
| CVE-2024-53522 | 2025-01-07 | Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain... |
| CVE-2024-54819 | 2025-01-07 | I, Librarian before and including 5.11.1 is vulnerable to Server-Side... |
| CVE-2024-55008 | 2025-01-07 | JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication... |
| CVE-2024-55218 | 2025-01-07 | IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS)... |
| CVE-2024-55411 | 2025-01-07 | An issue in the snxpcamd.sys component of SUNIX Multi I/O... |
| CVE-2024-55412 | 2025-01-07 | A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver... |
| CVE-2024-55413 | 2025-01-07 | A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver... |
| CVE-2024-55414 | 2025-01-07 | A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem... |
| CVE-2024-55555 | 2025-01-07 | Invoice Ninja before 5.10.43 allows remote code execution from a... |
| CVE-2024-55556 | 2025-01-07 | A vulnerability in Crater Invoice allows an unauthenticated attacker with... |
| CVE-2025-22395 | 2025-01-07 | Dell Update Package Framework, versions prior to 22.01.02, contain(s) a... |
| CVE-2024-12590 | 2025-01-07 | WP Youtube Gallery <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-11437 | 2025-01-07 | Timeline Designer <= 1.4 - Authenticated (Admin+) SQL Injection |
| CVE-2024-12402 | 2025-01-07 | Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation |
| CVE-2024-12557 | 2025-01-07 | Transporters.io <= 2.0.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11934 | 2025-01-07 | Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via address Parameter |
| CVE-2024-12528 | 2025-01-07 | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |