CVE List - 2025 / February
Showing 2001 - 2100 of 3676 CVEs for February 2025 (Page 21 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-51306 | 2025-02-20 | PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, title" parameters. |
| CVE-2023-51308 | 2025-02-20 | PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. |
| CVE-2023-51309 | 2025-02-20 | A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user,... |
| CVE-2023-51310 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a... |
| CVE-2023-51311 | 2025-02-20 | PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages... |
| CVE-2023-51312 | 2025-02-20 | PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter. |
| CVE-2023-51313 | 2025-02-20 | PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section... |
| CVE-2023-51314 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate... |
| CVE-2023-51315 | 2025-02-20 | PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name" parameters. |
| CVE-2023-51316 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading... |
| CVE-2023-51317 | 2025-02-20 | PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. |
| CVE-2023-51318 | 2025-02-20 | PHPJabbers Bus Reservation System v1.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. |
| CVE-2023-51319 | 2025-02-20 | PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section... |
| CVE-2023-51320 | 2025-02-20 | PHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages... |
| CVE-2023-51321 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Night Club Booking Software v1.0 allows attackers to send an excessive amount of email for a legitimate user,... |
| CVE-2023-51323 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user,... |
| CVE-2023-51324 | 2025-02-20 | PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages... |
| CVE-2023-51325 | 2025-02-20 | PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. |
| CVE-2023-51326 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading... |
| CVE-2023-51327 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading... |
| CVE-2023-51330 | 2025-02-20 | PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter. |
| CVE-2023-51331 | 2025-02-20 | PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section... |
| CVE-2023-51332 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user,... |
| CVE-2023-51333 | 2025-02-20 | PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section... |
| CVE-2023-51334 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading... |
| CVE-2023-51335 | 2025-02-20 | PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. |
| CVE-2023-51336 | 2025-02-20 | PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages... |
| CVE-2023-51337 | 2025-02-20 | PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in "lid" parameter in index. |
| CVE-2023-51338 | 2025-02-20 | PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page. |
| CVE-2023-51339 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Event Ticketing System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading... |
| CVE-2024-46933 | 2025-02-20 | An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Some BullSequana XH products were shipped without proper hardware programming, leading to a potential denial-of-service with... |
| CVE-2024-54756 | 2025-02-20 | A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious... |
| CVE-2024-54958 | 2025-02-20 | Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which... |
| CVE-2024-54959 | 2025-02-20 | Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS). |
| CVE-2024-54960 | 2025-02-20 | A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component. |
| CVE-2024-54961 | 2025-02-20 | Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users. |
| CVE-2024-55457 | 2025-02-20 | MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially... |
| CVE-2024-57401 | 2025-02-20 | SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function. |
| CVE-2024-57716 | 2025-02-20 | An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function. |
| CVE-2025-22973 | 2025-02-20 | An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response... |
| CVE-2025-23020 | 2025-02-20 | An issue was discovered in Kwik before 0.10.1. A hash collision vulnerability (in the hash table used to manage connections) allows remote attackers to cause a considerable CPU load on... |
| CVE-2025-24946 | 2025-02-20 | The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server (a Hash... |
| CVE-2025-24947 | 2025-02-20 | A hash collision vulnerability (in the hash table used to manage connections) in LSQUIC (aka LiteSpeed QUIC) before 4.2.0 allows remote attackers to cause a considerable CPU load on the... |
| CVE-2025-25662 | 2025-02-20 | Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time. |
| CVE-2025-25663 | 2025-02-20 | A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. |
| CVE-2025-25664 | 2025-02-20 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function. |
| CVE-2025-25667 | 2025-02-20 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. |
| CVE-2025-25668 | 2025-02-20 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function. |
| CVE-2025-25674 | 2025-02-20 | Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid. |
| CVE-2025-25675 | 2025-02-20 | Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to... |
| CVE-2025-25676 | 2025-02-20 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. |
| CVE-2025-25678 | 2025-02-20 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. |
| CVE-2025-25679 | 2025-02-20 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. |
| CVE-2025-25957 | 2025-02-20 | Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script. |
| CVE-2025-25958 | 2025-02-20 | Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script. |
| CVE-2025-25960 | 2025-02-20 | Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. |
| CVE-2025-25968 | 2025-02-20 | DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint... |
| CVE-2025-25973 | 2025-02-20 | A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category,... |
| CVE-2025-26304 | 2025-02-20 | A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8. |
| CVE-2025-26305 | 2025-02-20 | A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. |
| CVE-2025-26306 | 2025-02-20 | A memory leak has been identified in the readSizedString function in util/read.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted file. |
| CVE-2025-26307 | 2025-02-20 | A memory leak has been identified in the parseSWF_IMPORTASSETS2 function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. |
| CVE-2025-26308 | 2025-02-20 | A memory leak has been identified in the parseSWF_FILTERLIST function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. |
| CVE-2025-26309 | 2025-02-20 | A memory leak has been identified in the parseSWF_DEFINESCENEANDFRAMEDATA function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. |
| CVE-2025-26310 | 2025-02-20 | Multiple memory leaks have been identified in the ABC file parsing functions (parseABC_CONSTANT_POOL and `parseABC_FILE) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via... |
| CVE-2025-26311 | 2025-02-20 | Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via... |
| CVE-2025-27218 | 2025-02-20 | Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization. |
| CVE-2025-1222 | 2025-02-20 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data |
| CVE-2025-1223 | 2025-02-20 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data |
| CVE-2025-1293 | 2025-02-20 | HashiCorp Hermes Improperly Validates AWS ALB JWTs, which May Lead to Authentication Bypass |
| CVE-2025-1492 | 2025-02-20 | Uncontrolled Recursion in Wireshark |
| CVE-2024-49355 | 2025-02-20 | IBM OpenPages log manipulation |
| CVE-2024-43196 | 2025-02-20 | IBM OpenPages data manipulation |
| CVE-2024-49782 | 2025-02-20 | IBM OpenPages improper certificate validation |
| CVE-2024-49780 | 2025-02-20 | IBM OpenPages path traversal |
| CVE-2024-13445 | 2025-02-20 | Elementor Website Builder – More Than Just a Page Builder <= 3.27.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-26856 | 2025-02-20 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs in to the affected product... |
| CVE-2024-13155 | 2025-02-20 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.140 - Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget |
| CVE-2024-13888 | 2025-02-20 | WPMobile.App <= 11.56 - Open Redirect via 'redirect' Parameter |
| CVE-2025-1064 | 2025-02-20 | Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode |
| CVE-2025-0897 | 2025-02-20 | Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode |
| CVE-2025-1483 | 2025-02-20 | LTL Freight Quotes – GlobalTranz Edition <= 2.3.12 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2024-13520 | 2025-02-20 | Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.6 - Missing Authorization to Unauthenticated Price, Date, and Note Updates |
| CVE-2024-6432 | 2025-02-20 | Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter |
| CVE-2024-13849 | 2025-02-20 | Cookie Notice Bar <= 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-13748 | 2025-02-20 | Ultimate Classified Listings <= 1.4 Authenticated (Administrator+) Stored Cross-Site Scripting via Title Parameter |
| CVE-2024-13789 | 2025-02-20 | Ravpage <= 2.31 - PHP Object Injection |
| CVE-2025-0866 | 2025-02-20 | Legoeso PDF Manager <= 1.2.2 - Authenticated (Author+) SQL Injection via checkedVals Parameter |
| CVE-2024-13753 | 2025-02-20 | Ultimate Classified Listings <= 1.4 - Cross-Site Request Forgery to Account Takeover |
| CVE-2024-13476 | 2025-02-20 | LTL Freight Quotes – GlobalTranz Edition <= 2.3.11 - Unauthenticated SQL Injection |
| CVE-2024-13855 | 2025-02-20 | Prime Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block Shortcode |
| CVE-2024-13802 | 2025-02-20 | Bandsintown Events <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13792 | 2025-02-20 | WooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids |
| CVE-2025-1328 | 2025-02-20 | Typed JS: A typewriter style animation <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via typespeed Parameter |
| CVE-2025-1043 | 2025-02-20 | Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via embeddoc Shortcode |
| CVE-2025-0868 | 2025-02-20 | Remote Code Execution in DocsGPT |
| CVE-2025-21106 | 2025-02-20 | Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources... |
| CVE-2024-49781 | 2025-02-20 | IBM OpenPages XML external entity injection |
| CVE-2024-49779 | 2025-02-20 | IBM OpenPages cross-site request forgery |
| CVE-2024-49344 | 2025-02-20 | IBM OpenPages session fixation |