CVE List - 2025 / February
Showing 1401 - 1500 of 3676 CVEs for February 2025 (Page 15 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-0815 | 2025-02-13 | CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious ICMPV6 packets are sent to the device. |
| CVE-2025-0814 | 2025-02-13 | CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network services running on the product when malicious IEC61850-MMS packets are sent to the device. The core functionality... |
| CVE-2025-0661 | 2025-02-13 | DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post Disclosure |
| CVE-2024-13346 | 2025-02-13 | Avada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-13345 | 2025-02-13 | Avada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-13639 | 2025-02-13 | Read More & Accordion <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary 'Read More' Post Deletion |
| CVE-2024-3303 | 2025-02-13 | Improper Neutralization of Input Used for LLM Prompting in GitLab |
| CVE-2024-46910 | 2025-02-13 | Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user |
| CVE-2024-13867 | 2025-02-13 | Listivo - Classified Ads WordPress Theme <= 2.3.67 - Reflected Cross-Site Scripting |
| CVE-2024-13606 | 2025-02-13 | JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2025-21700 | 2025-02-13 | net: sched: Disallow replacing of child qdisc from one parent to another |
| CVE-2024-13182 | 2025-02-13 | WP Directorybox Manager <= 2.5 - Authentication Bypass |
| CVE-2025-1270 | 2025-02-13 | Insecure direct object reference (IDOR) vulnerability in H6Web |
| CVE-2025-1271 | 2025-02-13 | Reflected Cross-Site Scripting (XSS) vulnerability in H6Web |
| CVE-2025-1094 | 2025-02-13 | PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation |
| CVE-2025-1247 | 2025-02-13 | Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance |
| CVE-2025-26543 | 2025-02-13 | WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-26545 | 2025-02-13 | WordPress Related Posts Line-up-Exactly by Milliard plugin <= 0.0.22 - CSRF to Stored XSS vulnerability |
| CVE-2025-26547 | 2025-02-13 | WordPress My Login Logout Plugin plugin <= 2.4 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-26549 | 2025-02-13 | WordPress WP Html Page Sitemap plugin <= 2.2 - CSRF to Stored Cross-Site Scripting |
| CVE-2025-26550 | 2025-02-13 | WordPress Global Meta Keyword & Description plugin <= 2.3 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-26551 | 2025-02-13 | WordPress Bootstrap collapse plugin <= 1.0.4 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-26552 | 2025-02-13 | WordPress Naver Syndication V2 plugin <= 0.8.3 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-26558 | 2025-02-13 | WordPress Aparat Responsive plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26561 | 2025-02-13 | WordPress Elfsight Yottie Lite Plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26562 | 2025-02-13 | WordPress RSS FIlter Plugin <= 1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26567 | 2025-02-13 | WordPress Font Awesome WP plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26568 | 2025-02-13 | WordPress Easy Amazon Product Information plugin <= 4.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-26569 | 2025-02-13 | WordPress Post Thumbs Plugin <= 1.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-26570 | 2025-02-13 | WordPress Glance That plugin <= 4.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-26571 | 2025-02-13 | WordPress Wibiya Toolbar plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-26572 | 2025-02-13 | WordPress WP PHPList Plugin <= 1.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-26574 | 2025-02-13 | WordPress Google Drive WP Media plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26577 | 2025-02-13 | WordPress DX-auto-publish plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-26578 | 2025-02-13 | WordPress Simple Documentation plugin <= 1.2.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-26580 | 2025-02-13 | WordPress Page/Post Specific Social Share Buttons plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-26582 | 2025-02-13 | WordPress TinyMCE Advanced qTranslate fix editor problems plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-26538 | 2025-02-13 | WordPress Prezi Embedder plugin <= 2.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26539 | 2025-02-13 | WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-21701 | 2025-02-13 | net: avoid race between device unregistration and ethnl ops |
| CVE-2025-0426 | 2025-02-13 | A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service... |
| CVE-2025-24903 | 2025-02-13 | libsignal-service-rs Doesn't Check Origin of Sync Messages |
| CVE-2025-24904 | 2025-02-13 | libsignal-service-rs doesn't sanity check plaintext envelopes are not sanity-checked |
| CVE-2025-25287 | 2025-02-13 | Lakeus vulnerable to stored XSS via system messages |
| CVE-2025-26511 | 2025-02-13 | Cassandra-Lucene-Index allows bypass of Cassandra RBAC |
| CVE-2024-12011 | 2025-02-13 | A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server.... |
| CVE-2024-12012 | 2025-02-13 | A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as... |
| CVE-2024-12013 | 2025-02-13 | A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A... |
| CVE-2025-22480 | 2025-02-13 | Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion... |
| CVE-2025-24888 | 2025-02-13 | Path traversal in SecureDrop Client API.download_reply() |
| CVE-2025-24889 | 2025-02-13 | Path traversal in sd-log Qubes virtual machine |
| CVE-2024-11345 | 2025-02-13 | Heap-based memory vulnerability in the Postscript interpreter in various Lexmark devices |
| CVE-2025-1127 | 2025-02-13 | Combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server |
| CVE-2024-11344 | 2025-02-13 | Type confusion vulnerability in the Postscript interpreter in various Lexmark devices |
| CVE-2024-11346 | 2025-02-13 | Access of Resource Using Incompatible Type in Postscript interpreter |
| CVE-2024-11347 | 2025-02-13 | Access of Resource Using Incompatible Type in Postscript interpreter |
| CVE-2025-1283 | 2025-02-13 | Dingtian DT-R0 Series Authentication Bypass Using an Alternate Path or Channel |
| CVE-2025-26473 | 2025-02-13 | Outback Power Mojave Inverter Use of GET Request Method With Sensitive Query Strings |
| CVE-2025-25281 | 2025-02-13 | Outback Power Mojave Inverter Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2025-24861 | 2025-02-13 | Outback Power Mojave Inverter Command Injection |
| CVE-2025-24865 | 2025-02-13 | mySCADA myPRO Manager Missing Authentication for Critical Function |
| CVE-2025-22896 | 2025-02-13 | mySCADA myPRO Manager Cleartext Storage of Sensitive Information |
| CVE-2025-23411 | 2025-02-13 | mySCADA myPRO Manager Cross-Site Request Forgery |
| CVE-2025-25067 | 2025-02-13 | mySCADA myPRO Manager OS Command Injection |
| CVE-2025-20615 | 2025-02-13 | Qardio Heart Health IOS Mobile Application Exposure of Private Personal Information to an Unauthorized Actor |
| CVE-2025-25195 | 2025-02-13 | Zulip events can leak private channel names |
| CVE-2025-23421 | 2025-02-13 | Qardio iOS and Android applications Files or Directories Accessible to External Parties |
| CVE-2025-24836 | 2025-02-13 | Qardio Heart Health IOS and Android Application and QardioARM A100 Uncaught Exception |
| CVE-2024-12054 | 2025-02-13 | ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness |
| CVE-2024-56973 | 2025-02-14 | Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component. |
| CVE-2024-57725 | 2025-02-14 | An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi... |
| CVE-2024-57778 | 2025-02-14 | An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200. |
| CVE-2024-57790 | 2025-02-14 | IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root... |
| CVE-2024-57969 | 2025-02-14 | app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search. |
| CVE-2025-25740 | 2025-02-14 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module. |
| CVE-2025-25745 | 2025-02-14 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module. |
| CVE-2025-25988 | 2025-02-14 | Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter. |
| CVE-2025-25990 | 2025-02-14 | Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. |
| CVE-2025-25991 | 2025-02-14 | SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. |
| CVE-2025-25992 | 2025-02-14 | SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component. |
| CVE-2025-25993 | 2025-02-14 | SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid." |
| CVE-2025-25994 | 2025-02-14 | SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id. |
| CVE-2025-25997 | 2025-02-14 | Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component. |
| CVE-2025-26156 | 2025-02-14 | A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter. |
| CVE-2025-26157 | 2025-02-14 | A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST... |
| CVE-2025-26158 | 2025-02-14 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the... |
| CVE-2025-26519 | 2025-02-14 | musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8. |
| CVE-2025-26788 | 2025-02-14 | StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction. |
| CVE-2025-26789 | 2025-02-14 | An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in a Logpoint deployment. |
| CVE-2025-26791 | 2025-02-14 | DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS). |
| CVE-2025-26819 | 2025-02-14 | Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. |
| CVE-2024-10404 | 2025-02-14 | Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave |
| CVE-2024-55904 | 2025-02-14 | IBM DevOps Deploy / IBM UrbanCode Deploy command injection |
| CVE-2025-1053 | 2025-02-14 | Brocade SANnav encryption key is logged in the debug logs |
| CVE-2025-23406 | 2025-02-14 | Out-of-bounds read vulnerability caused by improper checking of TCP MSS option values exists in Cente middleware TCP/IP Network Series, which may lead to processing a specially crafted packet to cause... |
| CVE-2024-2240 | 2025-02-14 | Docker implementation in Brocade SANnav is missing Audit Rules. |
| CVE-2024-13641 | 2025-02-14 | Return Refund and Exchange For WooCommerce <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2024-13692 | 2025-02-14 | Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference |
| CVE-2024-13493 | 2025-02-14 | Sensly Online Presence <= 0.6 - Admin+ Stored XSS |
| CVE-2024-7052 | 2025-02-14 | Forminator < 1.38.3 - Admin+ Stored XSS |