CVE List - 2025 / February
Showing 1901 - 2000 of 3678 CVEs for February 2025 (Page 20 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-1447 | 2025-02-19 | kasuganosoras Pigeon index.php server-side request forgery |
| CVE-2025-1448 | 2025-02-19 | Synway SMG Gateway Management Software 9-12ping.php command injection |
| CVE-2024-11582 | 2025-02-19 | Subscribe2 – Form, Email Subscribers & Newsletters <= 10.43 - Unauthenticated Stored Cross-Site Scripting via IP Parameter |
| CVE-2024-13443 | 2025-02-19 | Easypromos Plugin <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-22622 | 2025-02-19 | Age Verification - Reflected cross-site scripting (XSS) |
| CVE-2025-1441 | 2025-02-19 | Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2025-1065 | 2025-02-19 | Visualizer: Tables and Charts Manager for WordPress <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Import Data From File |
| CVE-2024-13799 | 2025-02-19 | User Private Files – File Upload & Download Manager with Secure File Sharing <= 2.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2025-22888 | 2025-02-19 | Movable Type contains a stored cross-site scripting vulnerability in the... |
| CVE-2025-25054 | 2025-02-19 | Movable Type contains a reflected cross-site scripting vulnerability in the... |
| CVE-2025-24841 | 2025-02-19 | Movable Type contains a stored cross-site scripting vulnerability in the... |
| CVE-2024-12173 | 2025-02-19 | Master Slider < 3.10.5 - Editor+ Stored XSS |
| CVE-2025-0633 | 2025-02-19 | Heap Overflow in iniparser.c |
| CVE-2024-13663 | 2025-02-19 | Coaching Staffs <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-0865 | 2025-02-19 | WP Media Category Management 2.0 - 2.3.3 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-13589 | 2025-02-19 | YouTube Playlists with Schema <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13712 | 2025-02-19 | Pollin <= 1.01.1 - Authenticated (Admin+) SQL Injection |
| CVE-2024-13390 | 2025-02-19 | ADFO – Custom data in admin dashboard <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13719 | 2025-02-19 | PeproDev Ultimate Invoice <= 2.0.8 - Insecure Direct Object Reference to Unauthenticated Order Information Exposure |
| CVE-2024-12522 | 2025-02-19 | Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13711 | 2025-02-19 | Pollin <= 1.01.1 - Reflected Cross-Site Scripting |
| CVE-2024-13854 | 2025-02-19 | Education Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode |
| CVE-2024-13674 | 2025-02-19 | Cosmic Blocks (40+) Content Editor Blocks Collection <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12069 | 2025-02-19 | Lexicata <= 1.0.16 - Reflected Cross-Site Scripting |
| CVE-2024-13660 | 2025-02-19 | Responsive Flickr Slideshow <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12339 | 2025-02-19 | Digihood HTML Sitemap <= 3.1.1 - Reflected Cross-Site Scripting via 'channel' |
| CVE-2024-13462 | 2025-02-19 | WP Wiki Tooltip <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11335 | 2025-02-19 | UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11778 | 2025-02-19 | CanadaHelps Embedded Donation <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11753 | 2025-02-19 | UMich OIDC Login <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13676 | 2025-02-19 | Categorized Gallery Plugin <= 2.0 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-13657 | 2025-02-19 | Store Locator Widget <= 20200131 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13736 | 2025-02-19 | Pure Chat – Live Chat & More! <= 2.31 - Reflected Cross-Site Scripting via purechatWidgetName Parameter |
| CVE-2024-13591 | 2025-02-19 | Team Builder For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13468 | 2025-02-19 | Trash Duplicate and 301 Redirect <= 1.9 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2024-13592 | 2025-02-19 | Team Builder For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-13405 | 2025-02-19 | Apptivo Business Site CRM <= 5.3 - Cross-Site Request Forgery to IP Address Block |
| CVE-2024-13679 | 2025-02-19 | Widget BUY.BOX <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13231 | 2025-02-19 | WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update |
| CVE-2024-13336 | 2025-02-19 | Disable Auto Updates <= 1.4 - Cross-Site Request Forgery to Auto-update Disable |
| CVE-2024-13364 | 2025-02-19 | Raptive Ads <= 3.6.3 - Missing Authorization to Unauthenticated Data/Settings Reset |
| CVE-2024-13339 | 2025-02-19 | DeBounce Email Validator <= 5.6.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13363 | 2025-02-19 | Raptive Ads <= 3.6.3 - Reflected Cross-Site Scripting |
| CVE-2025-1024 | 2025-02-19 | Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter |
| CVE-2025-1007 | 2025-02-19 | Improper Authorization in /user/namespace/{namespace}/details |
| CVE-2025-1132 | 2025-02-19 | SQL Injection in ChurchCRM EN_tyid Parameter via EditEventAttendees.php |
| CVE-2025-1133 | 2025-02-19 | SQL Injection in ChurchCRM EID Parameter via EditEventAttendees.php |
| CVE-2025-1134 | 2025-02-19 | SQL Injection in ChurchCRM CurrentFundraiser Parameter via DonatedItemEditor.php |
| CVE-2025-1135 | 2025-02-19 | SQL Injection in ChurchCRM CurrentFundraiser Parameter via BatchWinnerEntry.php |
| CVE-2024-13489 | 2025-02-19 | LTL Freight Quotes – Old Dominion Edition <= 4.2.10 - Unauthenticated SQL Injection |
| CVE-2025-1075 | 2025-02-19 | LDAP credentials logged to Apache error log |
| CVE-2025-0916 | 2025-02-19 | YaySMTP 2.4.9 - 2.6.2 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-13478 | 2025-02-19 | LTL Freight Quotes – TForce Edition <= 3.6.4 - Unauthenticated SQL Injection |
| CVE-2025-0968 | 2025-02-19 | ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function |
| CVE-2024-13479 | 2025-02-19 | LTL Freight Quotes – SEFL Edition <= 3.2.4 - Unauthenticated SQL Injection |
| CVE-2024-13485 | 2025-02-19 | LTL Freight Quotes – ABF Freight Edition <= 3.3.7 - Unauthenticated SQL Injection |
| CVE-2024-13481 | 2025-02-19 | LTL Freight Quotes – R+L Carriers Edition <= 3.3.4 - Unauthenticated SQL Injection |
| CVE-2024-13491 | 2025-02-19 | Small Package Quotes – For Customers of FedEx <= 4.3.1 - Unauthenticated SQL Injection |
| CVE-2024-13483 | 2025-02-19 | LTL Freight Quotes – SAIA Edition <= 2.2.10 - Unauthenticated SQL Injection |
| CVE-2024-13533 | 2025-02-19 | Small Package Quotes – USPS Edition <= 1.3.5 - Unauthenticated SQL Injection |
| CVE-2024-13534 | 2025-02-19 | Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection |
| CVE-2025-1464 | 2025-02-19 | Baiyi Cloud Asset Management System admin.house.collect.php sql injection |
| CVE-2024-52902 | 2025-02-19 | IBM Cognos Controller information disclosure |
| CVE-2024-45084 | 2025-02-19 | IBM Cognos Controller CSV injection |
| CVE-2025-1465 | 2025-02-19 | lmxcms Maintenance db.inc.php code injection |
| CVE-2024-45081 | 2025-02-19 | IBM Cognos Controller incorrect authorization |
| CVE-2024-28780 | 2025-02-19 | IBM Cognos Controller information disclosure |
| CVE-2024-28776 | 2025-02-19 | IBM Cognos Controller cross-site scripting |
| CVE-2024-28777 | 2025-02-19 | IBM Cognos Controller code execution |
| CVE-2025-20158 | 2025-02-19 | Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability |
| CVE-2025-20153 | 2025-02-19 | Cisco ESA mail Bypass |
| CVE-2025-20211 | 2025-02-19 | Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability |
| CVE-2023-47160 | 2025-02-19 | IBM Cognos Controller XML external entity injection |
| CVE-2025-27089 | 2025-02-19 | Overlapping policies allow update to non-allowed fields in directus |
| CVE-2024-52541 | 2025-02-19 | Dell Client Platform BIOS contains a Weak Authentication vulnerability. A... |
| CVE-2025-24965 | 2025-02-19 | .krun_config.json symlink attack creates or overwrites file on the host in crun |
| CVE-2025-0999 | 2025-02-19 | Heap buffer overflow in V8 in Google Chrome prior to... |
| CVE-2025-1426 | 2025-02-19 | Heap buffer overflow in GPU in Google Chrome on Android... |
| CVE-2025-1006 | 2025-02-19 | Use after free in Network in Google Chrome prior to... |
| CVE-2025-24806 | 2025-02-19 | Regulation applies separately to Username-based logins to Email-based logins in authelia |
| CVE-2024-53974 | 2025-02-19 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-45777 | 2025-02-19 | Grub2: grub-core/gettext: integer overflow leads to heap oob write. |
| CVE-2025-1118 | 2025-02-19 | Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled |
| CVE-2025-0893 | 2025-02-19 | Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible... |
| CVE-2025-0624 | 2025-02-19 | Grub2: net: out-of-bounds write in grub_net_search_config_file() |
| CVE-2025-0677 | 2025-02-19 | Grub2: ufs: integer overflow may lead to heap based out-of-bounds write when handling symlinks |
| CVE-2025-25196 | 2025-02-19 | OpenFGA Authorization Bypass |
| CVE-2025-27090 | 2025-02-19 | Server-Side Request Forgery (SSRF) in sliver teamserver |
| CVE-2025-27092 | 2025-02-19 | Path Traversal Vulnerability in GHOSTS Photo Retrieval Endpoint |
| CVE-2025-21355 | 2025-02-19 | Microsoft Bing Remote Code Execution Vulnerability |
| CVE-2025-24989 | 2025-02-19 | Microsoft Power Pages Elevation of Privilege Vulnerability |
| CVE-2024-5706 | 2025-02-19 | Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection') |
| CVE-2024-5705 | 2025-02-19 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization |
| CVE-2024-37359 | 2025-02-19 | Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery |
| CVE-2024-37360 | 2025-02-19 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2024-37361 | 2025-02-19 | Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data |
| CVE-2024-6696 | 2025-02-19 | Hitachi Vantara Pentaho Business Analytics Server - Insufficient Granularity of Access Control |
| CVE-2024-12284 | 2025-02-19 | Authenticated privilege escalation |
| CVE-2024-6697 | 2025-02-19 | Hitachi Vantara Pentaho Business Analytics Server - Improper Handling of Insufficient Permissions or Privileges |
| CVE-2024-37362 | 2025-02-19 | Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials |