CVE List - 2025 / February
Showing 1601 - 1700 of 3676 CVEs for February 2025 (Page 17 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-5462 | 2025-02-14 | Brocade Fabric OS may capture SNMP Passwords in clear text |
| CVE-2025-26793 | 2025-02-15 | The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change... |
| CVE-2024-5461 | 2025-02-15 | Command or parameter injection via unique embedded switch SNMP commands. |
| CVE-2025-0995 | 2025-02-15 | Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-0996 | 2025-02-15 | Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML... |
| CVE-2025-0997 | 2025-02-15 | Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) |
| CVE-2025-1302 | 2025-02-15 | Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting... |
| CVE-2024-13208 | 2025-02-15 | WP Google Map < 1.9.4 - Admin+ Stored XSS |
| CVE-2024-13306 | 2025-02-15 | WP Google Map < 1.9.4 - Admin+ Stored XSS |
| CVE-2024-13513 | 2025-02-15 | Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation |
| CVE-2025-22209 | 2025-02-15 | Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla |
| CVE-2025-22208 | 2025-02-15 | Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla |
| CVE-2024-13563 | 2025-02-15 | Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode |
| CVE-2025-0935 | 2025-02-15 | Media Library Folders <= 8.3.0 - Missing Authorization to Plugin Settings Change |
| CVE-2024-13525 | 2025-02-15 | Customer Email Verification for WooCommerce <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure |
| CVE-2025-1005 | 2025-02-15 | ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget |
| CVE-2024-12562 | 2025-02-15 | s2Member Pro <= 241216 - Unauthenticated PHP Object Injection |
| CVE-2024-13752 | 2025-02-15 | WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update |
| CVE-2024-10581 | 2025-02-15 | DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update |
| CVE-2024-13439 | 2025-02-15 | Team – Team Members Showcase Plugin <= 4.4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-13500 | 2025-02-15 | WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter |
| CVE-2024-13488 | 2025-02-15 | LTL Freight Quotes – Estes Edition <= 3.3.7 - Unauthenticated SQL Injection |
| CVE-2025-0822 | 2025-02-15 | Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter |
| CVE-2024-13834 | 2025-02-15 | Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme <= 3.1.4 - Authenticated (Contributor+) Blind Server-Side Request Forgery via remote_request |
| CVE-2024-57970 | 2025-02-16 | libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname. |
| CVE-2024-57971 | 2025-02-16 | DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name. |
| CVE-2025-1332 | 2025-02-16 | FastCMS Template Menu menu cross site scripting |
| CVE-2025-1335 | 2025-02-16 | CmsEasy file_admin.php deleteimg_action path traversal |
| CVE-2025-1336 | 2025-02-16 | CmsEasy image_admin.php deleteimg_action path traversal |
| CVE-2025-1337 | 2025-02-16 | Eastnets PaymentSafe BIC Search cross site scripting |
| CVE-2025-1338 | 2025-02-16 | NUUO Camera handle_config.php print_file command injection |
| CVE-2025-1339 | 2025-02-16 | TOTOLINK X18 cstecgi.cgi setL2tpdConfig os command injection |
| CVE-2025-1340 | 2025-02-16 | TOTOLINK X18 cstecgi.cgi setPasswordCfg stack-based overflow |
| CVE-2025-1341 | 2025-02-16 | PMWeb Setting weak password |
| CVE-2025-1352 | 2025-02-16 | GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption |
| CVE-2025-1353 | 2025-02-16 | Kong Insomnia profapi.dll untrusted search path |
| CVE-2025-1354 | 2025-02-16 | A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument... |
| CVE-2025-1355 | 2025-02-16 | needyamin Library Card System Add Picture signup.php unrestricted upload |
| CVE-2025-1356 | 2025-02-16 | needyamin Library Card System card.php sql injection |
| CVE-2025-1357 | 2025-02-16 | Seventh D-Guard HTTP GET Request path traversal |
| CVE-2025-1358 | 2025-02-16 | Pix Software Vivaz cross-site request forgery |
| CVE-2025-1359 | 2025-02-16 | SIAM Industria de Automação e Monitoramento qrcode.jsp cross site scripting |
| CVE-2025-1360 | 2025-02-16 | Internet Web Solutions Sublime CRM HTTP POST Request inicio.php cross site scripting |
| CVE-2024-44044 | 2025-02-16 | WordPress Oshine Modules plugin < 3.3.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22284 | 2025-02-16 | WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22286 | 2025-02-16 | WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.21 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22289 | 2025-02-16 | WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Broken Access Control vulnerability |
| CVE-2025-22290 | 2025-02-16 | WordPress LTL Freight Quotes – FreightQuote Edition Plugin <= 2.3.11 - SQL Injection vulnerability |
| CVE-2025-22291 | 2025-02-16 | WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.20 - Arbitrary Content Deletion vulnerability |
| CVE-2025-22676 | 2025-02-16 | WordPress Upcasted S3 Offload plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22680 | 2025-02-16 | WordPress Ad Inserter Pro plugin <= 2.7.39 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22689 | 2025-02-16 | WordPress Forex Calculators plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23975 | 2025-02-16 | WordPress Botnet Attack Blocker plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26755 | 2025-02-16 | WordPress WP Airbnb Review Slider Plugin <= 3.9 - SQL Injection vulnerability |
| CVE-2025-26759 | 2025-02-16 | WordPress Content Snippet Manager plugin <= 1.1.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-26761 | 2025-02-16 | WordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26765 | 2025-02-16 | WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Broken Access Control vulnerability |
| CVE-2025-26766 | 2025-02-16 | WordPress Leyka plugin <= 3.31.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26767 | 2025-02-16 | WordPress Qubely – Advanced Gutenberg Blocks plugin <= 1.8.12 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26768 | 2025-02-16 | WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability |
| CVE-2025-26779 | 2025-02-16 | WordPress Keep Backup Daily plugin <= 2.1.0 - Arbitrary File Download vulnerability |
| CVE-2025-1364 | 2025-02-16 | MicroWord eScan Antivirus USB Protection Service passPrompt stack-based overflow |
| CVE-2025-1365 | 2025-02-16 | GNU elfutils eu-readelf readelf.c process_symtab buffer overflow |
| CVE-2025-0591 | 2025-02-16 | Out-of-bounds Read vulnerability in CX-Programmer |
| CVE-2024-25066 | 2025-02-17 | RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration... |
| CVE-2025-1366 | 2025-02-17 | MicroWord eScan Antivirus VirusPopUp strcpy stack-based overflow |
| CVE-2025-1367 | 2025-02-17 | MicroWord eScan Antivirus USB Password sprintf buffer overflow |
| CVE-2025-1368 | 2025-02-17 | MicroWord eScan Antivirus mwav.conf ReadConfiguration buffer overflow |
| CVE-2025-1369 | 2025-02-17 | MicroWord eScan Antivirus USB Password os command injection |
| CVE-2025-1370 | 2025-02-17 | MicroWorld eScan Antivirus Autoscan USB epsdaemon sprintf os command injection |
| CVE-2025-1371 | 2025-02-17 | GNU elfutils eu-read readelf.c handle_dynamic_symtab null pointer dereference |
| CVE-2025-26700 | 2025-02-17 | Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a... |
| CVE-2025-1372 | 2025-02-17 | GNU elfutils eu-readelf readelf.c print_string_section buffer overflow |
| CVE-2025-1373 | 2025-02-17 | FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference |
| CVE-2025-1387 | 2025-02-17 | Learning Digital Orca HCM - Improper Authentication |
| CVE-2025-1388 | 2025-02-17 | Learning Digital Orca HCM - Arbitrary File Upload |
| CVE-2025-1374 | 2025-02-17 | code-projects Real Estate Property Management System search.php sql injection |
| CVE-2025-1389 | 2025-02-17 | Learning Digital Orca HCM - SQL Injection |
| CVE-2025-0924 | 2025-02-17 | WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-1376 | 2025-02-17 | GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service |
| CVE-2025-1377 | 2025-02-17 | GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service |
| CVE-2024-13603 | 2025-02-17 | Wise Forms <= 1.2.0 - Unauthenticated Stored XSS |
| CVE-2024-13608 | 2025-02-17 | Track Logins <= 1.0 - Admin+ SQL Injection |
| CVE-2024-13625 | 2025-02-17 | Tube Video Ads Lite <= 1.5.7 - Reflected XSS |
| CVE-2024-13626 | 2025-02-17 | VR Frases <= 3.0.1 - Reflected XSS |
| CVE-2024-13627 | 2025-02-17 | WP Touch Slider <= 2.2 - Reflected XSS |
| CVE-2025-1378 | 2025-02-17 | radare2 rasm2 rasm2.c memory corruption |
| CVE-2024-13726 | 2025-02-17 | Themes Coder <= 1.3.4 - Unauthenticated SQLi |
| CVE-2024-47935 | 2025-02-17 | TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock Improper Validation of Integrity Check Value Vulnerability |
| CVE-2025-1379 | 2025-02-17 | code-projects Real Estate Property Management System CustomerReport.php sql injection |
| CVE-2025-1380 | 2025-02-17 | Codezips Gym Management System del_plan.php sql injection |
| CVE-2025-1381 | 2025-02-17 | code-projects Real Estate Property Management System ajax_city.php sql injection |
| CVE-2025-0001 | 2025-02-17 | authenticated arbitrary file read vulnerability |
| CVE-2025-26754 | 2025-02-17 | WordPress Timeline Block plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26758 | 2025-02-17 | WordPress Spotlight Social Feeds plugin <= 1.7.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-26769 | 2025-02-17 | WordPress Vertex Addons for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26770 | 2025-02-17 | WordPress Waymark plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26771 | 2025-02-17 | WordPress SKT Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26772 | 2025-02-17 | WordPress DethemeKit For Elementor plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26773 | 2025-02-17 | WordPress Analytify plugin <= 5.5.0 - Broken Access Control vulnerability |