CVE List - 2025 / February
Showing 2301 - 2400 of 3678 CVEs for February 2025 (Page 24 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-1412 | 2025-02-24 | Session Persistence After User-to-Bot Conversion |
| CVE-2025-25279 | 2025-02-24 | Arbitrary file read in Mattermost Boards via import & export board archive |
| CVE-2025-24490 | 2025-02-24 | SQL Injection in Mattermost Boards via board category ID reordering |
| CVE-2025-20051 | 2025-02-24 | Arbitrary file read via block duplication in Mattermost Boards |
| CVE-2025-0690 | 2025-02-24 | Grub2: read: integer overflow may lead to out-of-bounds write |
| CVE-2023-52926 | 2025-02-24 | io_uring/rw: split io_read() into a helper |
| CVE-2025-1488 | 2025-02-24 | WPO365 | MICROSOFT 365 GRAPH MAILER <= 3.2 - Open Redirect via 'redirect_to' Parameter |
| CVE-2025-1632 | 2025-02-24 | libarchive bsdunzip.c list null pointer dereference |
| CVE-2024-5174 | 2025-02-24 | Broken Authentication in Gliffy |
| CVE-2025-0545 | 2025-02-24 | XSS in Tekrom Technology's T-Soft E-Commerce |
| CVE-2024-12916 | 2025-02-24 | SQLi in Agito Computer's Life4All |
| CVE-2024-12917 | 2025-02-24 | Improper Access Control in Agito Computer's Health4All |
| CVE-2024-12918 | 2025-02-24 | SQLi in Agito Computer's Health4All |
| CVE-2025-27265 | 2025-02-24 | WordPress Google Maps for WordPress plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27266 | 2025-02-24 | WordPress Hover Image Button plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27272 | 2025-02-24 | WordPress VG PostCarousel plugin <= 1.1 - Local File Inclusion vulnerability |
| CVE-2025-27276 | 2025-02-24 | WordPress Photo Gallery ( Responsive ) plugin <= 4.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-27277 | 2025-02-24 | WordPress Add Linked Images To Gallery plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-27280 | 2025-02-24 | WordPress Archive Page plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27290 | 2025-02-24 | WordPress Select Erima Zarinpal Donate Plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27294 | 2025-02-24 | WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-27296 | 2025-02-24 | WordPress Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue Plugin <= 1.5 - Settings Change vulnerability |
| CVE-2025-27297 | 2025-02-24 | WordPress Bravo Search & Replace Plugin <= 1.0 - SQL Injection vulnerability |
| CVE-2025-27298 | 2025-02-24 | WordPress WP Video Posts plugin <= 3.5.1 - CSRF to Remote Code Execution (RCE) vulnerability |
| CVE-2025-27300 | 2025-02-24 | WordPress ADFO plugin <= 1.9.1 - Deserialization of untrusted data vulnerability |
| CVE-2025-27301 | 2025-02-24 | WordPress NHR Options Table Manager Plugin <= 1.1.2 - Deserialization of untrusted data vulnerability |
| CVE-2025-27303 | 2025-02-24 | WordPress Contact Form 7 Star Rating plugin <= 1.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27304 | 2025-02-24 | WordPress Contact Form 7 Star Rating with font Awesome plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27305 | 2025-02-24 | WordPress Table of Contents Block plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27306 | 2025-02-24 | WordPress Pathomation plugin <= 2.5.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27307 | 2025-02-24 | WordPress Quotes llama plugin <= 3.0.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27311 | 2025-02-24 | WordPress Bulk Content Creator Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27312 | 2025-02-24 | WordPress WP Sitemap plugin <= 1.0 - SQL Injection vulnerability |
| CVE-2025-27315 | 2025-02-24 | WordPress All-In-One Cufon Plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27316 | 2025-02-24 | WordPress JPG, PNG Compression and Optimization Plugin <= 1.7.35 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27317 | 2025-02-24 | WordPress RAYS Grid Plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27318 | 2025-02-24 | WordPress Simple Google Sitemap Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27320 | 2025-02-24 | WordPress Profile Widget Ninja plugin <= 4.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27321 | 2025-02-24 | WordPress Blightly Explorer plugin <= 2.3.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-27323 | 2025-02-24 | WordPress WP About Author plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27325 | 2025-02-24 | WordPress Video.js HLS Player plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26883 | 2025-02-24 | WordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2025-27327 | 2025-02-24 | WordPress Live Streaming Video Player – by SRS Player plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27328 | 2025-02-24 | WordPress WP-PostRatings Cheater Plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27329 | 2025-02-24 | WordPress EZ InLinkz linkup plugin <= 0.18 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27330 | 2025-02-24 | WordPress PlayerJS plugin <= 2.23 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27331 | 2025-02-24 | WordPress WooCommerce Display Products by Tags plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27332 | 2025-02-24 | WordPress Smart Maintenance & Countdown Plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-27335 | 2025-02-24 | WordPress Auto Tag Links Plugin <= 1.0.13 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27336 | 2025-02-24 | WordPress Just Variables Plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27339 | 2025-02-24 | WordPress Minimum Password Strength Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27340 | 2025-02-24 | WordPress F12-Profiler Plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27341 | 2025-02-24 | WordPress Reactive Mortgage Calculator plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27342 | 2025-02-24 | WordPress WooCommerce Recargo de Equivalencia Plugin <= 1.6.24 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27344 | 2025-02-24 | WordPress Phee's LinkPreview Plugin <= 1.6.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27347 | 2025-02-24 | WordPress Direct Checkout Button for WooCommerce plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27348 | 2025-02-24 | WordPress WP Social SEO Booster plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27349 | 2025-02-24 | WordPress Get Posts plugin <= 0.6 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27351 | 2025-02-24 | WordPress Local Search SEO Contact Page plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27352 | 2025-02-24 | WordPress 无觅相关文章插件 plugin <= 1.0.5.7 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27353 | 2025-02-24 | WordPress Namaste! LMS Plugin <= 2.6.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27355 | 2025-02-24 | WordPress Woocommerce – Loi Hamon Plugin <= 1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-27356 | 2025-02-24 | WordPress Sticky Header On Scroll plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-27357 | 2025-02-24 | WordPress Önceki Yazı Link Plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22495 | 2025-02-24 | Improper input validation in |
| CVE-2025-27112 | 2025-02-24 | Navidrome has authentication bypass in Subsonic API with non-existent username |
| CVE-2025-27133 | 2025-02-24 | WeGIA has SQL Injection endpoint at 'dao/pet/adicionar_tipo_exame.php' parameter 'tipo_exame' |
| CVE-2025-26525 | 2025-02-24 | Arbitrary file read risk through pdfTeX |
| CVE-2025-26526 | 2025-02-24 | Feedback response viewing and deletions did not respect Separate Groups mode |
| CVE-2025-26527 | 2025-02-24 | Non-searchable tags can still be discovered on the tag search page and in the tags block |
| CVE-2025-26528 | 2025-02-24 | Stored XSS in ddimageortext question type |
| CVE-2025-26529 | 2025-02-24 | Stored XSS risk in admin live log |
| CVE-2025-26530 | 2025-02-24 | Reflected XSS via question bank filter |
| CVE-2025-26531 | 2025-02-24 | IDOR in badges allows disabling of arbitrary badges |
| CVE-2025-26532 | 2025-02-24 | Teachers can evade trusttext config when restoring glossary entries |
| CVE-2025-26533 | 2025-02-24 | SQL injection risk in course search module list filter |
| CVE-2025-27137 | 2025-02-24 | Dependency-Track vulnerable to local file inclusion via custom notification templates |
| CVE-2025-27140 | 2025-02-24 | WeGIA vulnerable to OS Command Injection at endpoint 'importar_dump.php' parameter 'import' (RCE) |
| CVE-2025-27141 | 2025-02-24 | Metabase Enterprise Edition allows cached questions to leak data to impersonated users |
| CVE-2025-27143 | 2025-02-24 | Beter Auth has an Open Redirect via Scheme-Less Callback Parameter |
| CVE-2025-27144 | 2025-02-24 | Go JOSE's Parsing Vulnerable to Denial of Service |
| CVE-2024-34034 | 2025-02-25 | An issue was discovered in FlexRIC 2.0.0. It crashes during... |
| CVE-2024-34035 | 2025-02-25 | An issue was discovered in O-RAN Near Realtime RIC H-Release.... |
| CVE-2024-34036 | 2025-02-25 | An issue was discovered in O-RAN Near Realtime RIC I-Release.... |
| CVE-2025-25514 | 2025-02-25 | Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php. |
| CVE-2025-25515 | 2025-02-25 | Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that... |
| CVE-2025-25516 | 2025-02-25 | Seacms <=13.3 is vulnerable to SQL Injection in admin_paylog.php. |
| CVE-2025-25517 | 2025-02-25 | Seacms <=13.3 is vulnerable to SQL Injection in admin_reslib.php. |
| CVE-2025-25519 | 2025-02-25 | Seacms <=13.3 is vulnerable to SQL Injection in admin_zyk.php. |
| CVE-2025-25520 | 2025-02-25 | Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php. |
| CVE-2025-25521 | 2025-02-25 | Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php. |
| CVE-2025-1640 | 2025-02-25 | Benner ModernaNet JS_CarregaCombo sql injection |
| CVE-2025-1641 | 2025-02-25 | Benner ModernaNet GetHorariosDoDia sql injection |
| CVE-2025-1642 | 2025-02-25 | Benner ModernaNet GetImageMedico resource injection |
| CVE-2025-1643 | 2025-02-25 | Benner ModernaNet SG_AlterarSenha cross-site request forgery |
| CVE-2025-1644 | 2025-02-25 | Benner ModernaNet SG_Gravar cross-site request forgery |
| CVE-2025-27145 | 2025-02-25 | copyparty renders unsanitized filenames as HTML when user uploads empty files |
| CVE-2025-1645 | 2025-02-25 | Benner Connecta EditarLogado resource injection |
| CVE-2025-1646 | 2025-02-25 | Lumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted upload |
| CVE-2025-22210 | 2025-02-25 | Extension - hikashop.com - SQL injection in Hikashop component version 3.3.0 - 5.1.4 for Joomla |