CVE List - 2025 / February
Showing 1 - 100 of 3678 CVEs for February 2025 (Page 1 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-13343 | 2025-02-01 | WooCommerce Customers Manager <= 31.3 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2024-13547 | 2025-02-01 | aThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11780 | 2025-02-01 | Site Search 360 <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12184 | 2025-02-01 | WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download |
| CVE-2024-12620 | 2025-02-01 | AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2024-13651 | 2025-02-01 | RapidLoad – Optimize Web Vitals Automatically <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Limited Setting Reset |
| CVE-2024-12171 | 2025-02-01 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2024-53296 | 2025-02-01 | Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain... |
| CVE-2024-51534 | 2025-02-01 | Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and... |
| CVE-2024-53295 | 2025-02-01 | Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20... |
| CVE-2024-12041 | 2025-02-01 | Directorist – AI-Powered WordPress Business Directory Plugin with Classified Ads Listings <= 8.0.12 - Unauthenticated User Information Exposure |
| CVE-2025-0366 | 2025-02-01 | Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution) |
| CVE-2025-0365 | 2025-02-01 | Jupiterx Core <= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read |
| CVE-2024-12768 | 2025-02-01 | Responsive iframe <= 1.2.0 - Contributor+ Stored XSS |
| CVE-2024-13096 | 2025-02-01 | WP Finance <= 1.3.6 - Stored XSS via CSRF |
| CVE-2024-13097 | 2025-02-01 | WP Finance <= 1.3.6 - Reflected XSS |
| CVE-2024-13098 | 2025-02-01 | WP Email Newsletter <= 1.1 - Reflected XSS |
| CVE-2024-13099 | 2025-02-01 | Widget4call <= 1.0.7 - Reflected XSS |
| CVE-2024-13341 | 2025-02-01 | MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.1.11 - Authenticated (Subscriber+) SQL Injection |
| CVE-2025-0939 | 2025-02-01 | MagicForm - WordPress Form Builder <= 1.6.2 - Missing Authorization |
| CVE-2024-11829 | 2025-02-01 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-23091 | 2025-02-01 | An Improper Certificate Validation on UniFi OS devices, with Identity... |
| CVE-2024-12825 | 2025-02-01 | Custom Related Posts <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation Updates |
| CVE-2024-13429 | 2025-02-01 | WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion |
| CVE-2024-13425 | 2025-02-01 | WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion |
| CVE-2024-13428 | 2025-02-01 | WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion |
| CVE-2024-13371 | 2025-02-01 | WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending |
| CVE-2024-13372 | 2025-02-01 | WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download |
| CVE-2025-0943 | 2025-02-01 | itsourcecode Tailoring Management System deldoc.php sql injection |
| CVE-2024-13612 | 2025-02-01 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-13775 | 2025-02-01 | WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Information Exposure |
| CVE-2025-0944 | 2025-02-01 | itsourcecode Tailoring Management System customerview.php sql injection |
| CVE-2025-0945 | 2025-02-01 | itsourcecode Tailoring Management System typedelete.php sql injection |
| CVE-2025-0946 | 2025-02-01 | itsourcecode Tailoring Management System templatedelete.php sql injection |
| CVE-2025-0947 | 2025-02-01 | itsourcecode Tailoring Management System expview.php sql injection |
| CVE-2025-0948 | 2025-02-01 | itsourcecode Tailoring Management System incview.php sql injection |
| CVE-2025-0949 | 2025-02-01 | itsourcecode Tailoring Management System partview.php sql injection |
| CVE-2025-0950 | 2025-02-01 | itsourcecode Tailoring Management System staffview.php sql injection |
| CVE-2025-0961 | 2025-02-01 | code-projects Job Recruitment load_job-details.php cross site scripting |
| CVE-2024-0131 | 2025-02-02 | NVIDIA GPU kernel driver for Windows and Linux contains a... |
| CVE-2025-0967 | 2025-02-02 | code-projects Chat System add_chatroom.php sql injection |
| CVE-2025-0970 | 2025-02-02 | Zenvia Movidesk Login redirect |
| CVE-2025-0971 | 2025-02-02 | Zenvia Movidesk Profile Editing EditProfile cross site scripting |
| CVE-2023-52163 | 2025-02-03 | Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE:... |
| CVE-2023-52164 | 2025-02-03 | access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file... |
| CVE-2024-34896 | 2025-02-03 | An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife... |
| CVE-2024-34897 | 2025-02-03 | Nedis SmartLife android app v1.4.0 was discovered to contain an... |
| CVE-2024-36437 | 2025-02-03 | The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2... |
| CVE-2024-44449 | 2025-02-03 | Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows... |
| CVE-2024-50656 | 2025-02-03 | itsourcecode Placement Management System 1.0 is vulnerable to Cross Site... |
| CVE-2024-53942 | 2025-02-03 | An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The... |
| CVE-2024-53943 | 2025-02-03 | An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The... |
| CVE-2024-54840 | 2025-02-03 | PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager... |
| CVE-2024-55456 | 2025-02-03 | lunasvg v3.0.1 was discovered to contain a segmentation violation via... |
| CVE-2024-56898 | 2025-02-03 | Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0... |
| CVE-2024-56901 | 2025-02-03 | A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application... |
| CVE-2024-56902 | 2025-02-03 | Information disclosure vulnerability in Geovision GV-ASManager web application with the... |
| CVE-2024-56903 | 2025-02-03 | Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers... |
| CVE-2024-56921 | 2025-02-03 | An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request... |
| CVE-2024-56946 | 2025-02-03 | Denial of service in DNS-over-QUIC in Technitium DNS Server <=... |
| CVE-2024-57004 | 2025-02-03 | Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote... |
| CVE-2024-57097 | 2025-02-03 | ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in... |
| CVE-2024-57098 | 2025-02-03 | Moss v0.1.3 version has an SQL injection vulnerability that allows... |
| CVE-2024-57099 | 2025-02-03 | ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit... |
| CVE-2024-57175 | 2025-02-03 | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the... |
| CVE-2024-57237 | 2025-02-03 | Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to... |
| CVE-2024-57238 | 2025-02-03 | Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to... |
| CVE-2024-57450 | 2025-02-03 | ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create... |
| CVE-2024-57451 | 2025-02-03 | ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which... |
| CVE-2024-57452 | 2025-02-03 | ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController,... |
| CVE-2024-57498 | 2025-02-03 | Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a... |
| CVE-2024-57522 | 2025-02-03 | SourceCodester Packers and Movers Management System v1.0 is vulnerable to... |
| CVE-2024-57669 | 2025-02-03 | Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote... |
| CVE-2024-57966 | 2025-02-03 | libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an... |
| CVE-2024-57967 | 2025-02-03 | PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager... |
| CVE-2024-57968 | 2025-02-03 | Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload... |
| CVE-2025-22918 | 2025-02-03 | Polycom RealPresence Group 500 <=20 has Insecure Permissions due to... |
| CVE-2025-22978 | 2025-02-03 | eladmin <=2.7 is vulnerable to CSV Injection in the exception... |
| CVE-2025-25062 | 2025-02-03 | An XSS issue was discovered in Backdrop CMS 1.28.x before... |
| CVE-2025-25063 | 2025-02-03 | An XSS issue was discovered in Backdrop CMS 1.28.x before... |
| CVE-2025-25064 | 2025-02-03 | SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in... |
| CVE-2025-25065 | 2025-02-03 | SSRF vulnerability in the RSS feed parser in Zimbra Collaboration... |
| CVE-2025-25066 | 2025-02-03 | nDPI through 4.12 has a potential stack-based buffer overflow in... |
| CVE-2025-25181 | 2025-02-03 | A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through... |
| CVE-2025-0972 | 2025-02-03 | Zenvia Movidesk New Ticket cross site scripting |
| CVE-2025-0973 | 2025-02-03 | CmsEasy index.php backAll_action path traversal |
| CVE-2025-0974 | 2025-02-03 | MaxD Lightning Module deserialization |
| CVE-2025-20633 | 2025-02-03 | In wlan AP driver, there is a possible out of... |
| CVE-2025-20632 | 2025-02-03 | In wlan AP driver, there is a possible out of... |
| CVE-2025-20631 | 2025-02-03 | In wlan AP driver, there is a possible out of... |
| CVE-2025-20634 | 2025-02-03 | In Modem, there is a possible out of bounds write... |
| CVE-2025-20635 | 2025-02-03 | In V6 DA, there is a possible out of bounds... |
| CVE-2025-20636 | 2025-02-03 | In secmem, there is a possible out of bounds write... |
| CVE-2025-20637 | 2025-02-03 | In network HW, there is a possible system hang due... |
| CVE-2024-20141 | 2025-02-03 | In V5 DA, there is a possible out of bounds... |
| CVE-2024-20142 | 2025-02-03 | In V5 DA, there is a possible out of bounds... |
| CVE-2025-20638 | 2025-02-03 | In DA, there is a possible read of uninitialized heap... |
| CVE-2025-20639 | 2025-02-03 | In DA, there is a possible out of bounds write... |
| CVE-2025-20640 | 2025-02-03 | In DA, there is a possible out of bounds read... |
| CVE-2025-20641 | 2025-02-03 | In DA, there is a possible out of bounds write... |