CVE List - 2025 / February
Showing 1301 - 1400 of 3676 CVEs for February 2025 (Page 14 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-28127 | 2025-02-12 | Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-39279 | 2025-02-12 | Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access. |
| CVE-2024-31157 | 2025-02-12 | Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2024-28047 | 2025-02-12 | Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2024-25571 | 2025-02-12 | Improper input validation in some Intel(R) SPS firmware before SPS_E5_06.01.04.059.0 may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2024-39355 | 2025-02-12 | Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access. |
| CVE-2023-31276 | 2025-02-12 | Heap-based buffer overflow in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board M50CYP and Intel(R)... |
| CVE-2023-29164 | 2025-02-12 | Improper access control in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board M50CYP and Intel(R)... |
| CVE-2025-20097 | 2025-02-12 | Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service... |
| CVE-2024-39372 | 2025-02-12 | Uncontrolled search path for the Intel(R) XTU software for Windows before version 7.14.2.14 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-36280 | 2025-02-12 | Uncontrolled search path for some Intel(R) High Level Synthesis Compiler software before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-32942 | 2025-02-12 | Incorrect default permissions for some Intel(R) DSA installer for Windows before version 24.2.19.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-39805 | 2025-02-12 | Insufficient verification of data authenticity in some Intel(R) DSA software before version 23.4.39 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-47006 | 2025-02-12 | Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation of privilege... |
| CVE-2024-32941 | 2025-02-12 | NULL pointer dereference for some Intel(R) MLC software before version v3.11b may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-36283 | 2025-02-12 | Uncontrolled search path for the Intel(R) Thread Director Visualizer software before version 1.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-42405 | 2025-02-12 | Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.01std may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-39365 | 2025-02-12 | Uncontrolled search path for the FPGA Support Package for the Intel(R) oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of... |
| CVE-2024-37020 | 2025-02-12 | Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via... |
| CVE-2024-39356 | 2025-02-12 | NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent... |
| CVE-2024-39606 | 2025-02-12 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent... |
| CVE-2024-40887 | 2025-02-12 | Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| CVE-2024-41166 | 2025-02-12 | Stack-based buffer overflow in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent... |
| CVE-2024-36285 | 2025-02-12 | Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-39271 | 2025-02-12 | Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure... |
| CVE-2024-36293 | 2025-02-12 | Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2023-48267 | 2025-02-12 | Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-48366 | 2025-02-12 | Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2023-49603 | 2025-02-12 | Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-49615 | 2025-02-12 | Improper input validation in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-49618 | 2025-02-12 | Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-36262 | 2025-02-12 | Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-31068 | 2025-02-12 | Improper Finite State Machines (FSMs) in Hardware Logic for some Intel(R) Processors may allow privileged user to potentially enable denial of service via local access. |
| CVE-2025-1228 | 2025-02-12 | olajowon Loggrove Logfile Update page path traversal |
| CVE-2024-41168 | 2025-02-12 | Use after free in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent... |
| CVE-2025-1229 | 2025-02-12 | olajowon Loggrove page os command injection |
| CVE-2022-31631 | 2025-02-12 | PDO::quote() may return unquoted string |
| CVE-2023-34397 | 2025-02-13 | Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed. |
| CVE-2023-34398 | 2025-02-13 | Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null... |
| CVE-2023-34399 | 2025-02-13 | Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains... |
| CVE-2023-34400 | 2025-02-13 | Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to... |
| CVE-2023-34401 | 2025-02-13 | Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed... |
| CVE-2023-34402 | 2025-02-13 | Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker... |
| CVE-2023-34403 | 2025-02-13 | Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be... |
| CVE-2023-34404 | 2025-02-13 | Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing... |
| CVE-2023-34406 | 2025-02-13 | An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG (New Telematics Generation) 6 head units. To perform... |
| CVE-2024-37600 | 2025-02-13 | An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible stack buffer overflow in the Service Broker service affects NTG 6 head units. To... |
| CVE-2024-37601 | 2025-02-13 | An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To... |
| CVE-2024-37602 | 2025-02-13 | An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units.... |
| CVE-2024-37603 | 2025-02-13 | An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform... |
| CVE-2024-53309 | 2025-02-13 | A stack-based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when an overly long string is passed to the "-f" parameter. This can lead to... |
| CVE-2024-53310 | 2025-02-13 | A Structured Exception Handler based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when a specially crafted file is passed to the -ff parameter. The... |
| CVE-2024-53311 | 2025-02-13 | A Stack buffer overflow in the arguments parameter in Immunity Inc. Immunity Debugger v1.85 allows attackers to execute arbitrary code via a crafted input that exceeds the buffer size. |
| CVE-2024-54951 | 2025-02-13 | Monica 4.1.2 is vulnerable to Cross Site Scripting (XSS). A malicious user can create a malformed contact and use that contact in the "HOW YOU MET" customization options to trigger... |
| CVE-2024-56908 | 2025-02-13 | In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. By providing malicious input in the rel_id parameter, combined with... |
| CVE-2024-57378 | 2025-02-13 | Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to... |
| CVE-2024-57782 | 2025-02-13 | An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service. |
| CVE-2025-22960 | 2025-02-13 | A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog*), potentially revealing sensitive session-related information such... |
| CVE-2025-22961 | 2025-02-13 | A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers can directly access sensitive database... |
| CVE-2025-22962 | 2025-02-13 | A critical remote code execution (RCE) vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session... |
| CVE-2025-25352 | 2025-02-13 | A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter. |
| CVE-2025-25354 | 2025-02-13 | A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter. |
| CVE-2025-25355 | 2025-02-13 | A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter. |
| CVE-2025-25356 | 2025-02-13 | A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter. |
| CVE-2025-25357 | 2025-02-13 | A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter. |
| CVE-2025-25387 | 2025-02-13 | A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter. |
| CVE-2025-25388 | 2025-02-13 | A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parameter. |
| CVE-2025-25389 | 2025-02-13 | A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter. |
| CVE-2025-25897 | 2025-02-13 | A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2025-25898 | 2025-02-13 | A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2025-25899 | 2025-02-13 | A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2025-25900 | 2025-02-13 | A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2025-25901 | 2025-02-13 | A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2025-25286 | 2025-02-13 | Crayfish allows Remote Code Execution via Homarus Authorization header |
| CVE-2024-8266 | 2025-02-13 | Execution with Unnecessary Privileges in GitLab |
| CVE-2024-7102 | 2025-02-13 | Execution with Unnecessary Privileges in GitLab |
| CVE-2025-1198 | 2025-02-13 | Insufficient Session Expiration in GitLab |
| CVE-2025-0896 | 2025-02-13 | Orthanc Server Missing Authentication for Critical Function |
| CVE-2024-13644 | 2025-02-13 | DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via De Gallery Widget |
| CVE-2024-13227 | 2025-02-13 | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.235 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rank Math API |
| CVE-2024-13229 | 2025-02-13 | Rank Math SEO <= 1.0.235 - Missing Authorization to Authenticated (Contributor+) Arbitrary Schema Deletion |
| CVE-2025-0837 | 2025-02-13 | Puzzles <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-13770 | 2025-02-13 | Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Object Injection |
| CVE-2024-10763 | 2025-02-13 | Campress <= 1.35 - Unauthenticated Local File Inclusion |
| CVE-2024-10083 | 2025-02-13 | CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input. |
| CVE-2025-1058 | 2025-02-13 | CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device inoperable when malicious firmware is downloaded. |
| CVE-2025-1059 | 2025-02-13 | CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device. |
| CVE-2025-1060 | 2025-02-13 | CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker. |
| CVE-2025-1070 | 2025-02-13 | CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded. |
| CVE-2024-12586 | 2025-02-13 | Chalet Montagne Com Tools <= 2.7.8 - Reflected XSS |
| CVE-2024-13119 | 2025-02-13 | ProfilePress < 4.15.20 - Admin+ Stored XSS |
| CVE-2024-13120 | 2025-02-13 | ProfilePress < 4.15.20 - Admin+ Stored XSS |
| CVE-2024-13121 | 2025-02-13 | Paid Membership Plugin < 4.15.20 - Admin+ Stored XSS |
| CVE-2024-13125 | 2025-02-13 | Everest Forms < 3.0.8.1 - Admin+ Stored XSS |
| CVE-2025-0692 | 2025-02-13 | Simple Video Management System <= 1.0.4 - Admin+ Stored XSS |
| CVE-2025-0327 | 2025-02-13 | CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss... |
| CVE-2024-47264 | 2025-02-13 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users... |
| CVE-2024-47265 | 2025-02-13 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote... |
| CVE-2024-47266 | 2025-02-13 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote... |
| CVE-2025-0816 | 2025-02-13 | CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious IPV6 packets are sent to the device. |