VULNMAP - Security Vulnerabilities

CVE List - 2025 / February

Showing 2401 - 2500 of 3678 CVEs for February 2025 (Page 25 of 37)

CVE ID Date Title
CVE-2024-10545 2025-02-25 NextGEN Gallery < 3.59.9 - Admin+ Stored XSS
CVE-2025-1648 2025-02-25 Yawave <= 2.9.1 - Unauthenticated SQL Injection
CVE-2025-1128 2025-02-25 Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion
CVE-2025-1063 2025-02-25 Classified Listing – Classified ads & Business Directory Plugin <= 4.0.4 - Unauthenticated Settings Exposure
CVE-2025-1673 2025-02-25 Out of bounds read when calling crc16_ansi and strlen in dns_validate_msg
CVE-2025-1674 2025-02-25 Out of bounds read when unpacking DNS answers
CVE-2025-1675 2025-02-25 Out of bounds read in dns_copy_qname
CVE-2024-13494 2025-02-25 WordPress File Upload <= 4.25.2 - Cross-Site Request Forgery in wfu_file_details
CVE-2024-13693 2025-02-25 Enfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php
CVE-2024-13695 2025-02-25 Enfold <= 6.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery via attachment_id
CVE-2025-1676 2025-02-25 hzmanyun Education and Training System pdf2swf os command injection
CVE-2025-1262 2025-02-25 Advanced Google reCaptcha <= 1.27 - Built-in Math CAPTCHA Bypass
CVE-2024-51539 2025-02-25 The Dell Secure Connect Gateway (SCG) Application and Appliance, versions...
CVE-2025-26985 2025-02-25 WordPress Majestic Support plugin <= 1.0.6 - Local File Inclusion vulnerability
CVE-2025-26987 2025-02-25 WordPress Frontend Admin by DynamiApps plugin <= 3.25.17 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-27000 2025-02-25 WordPress Simple Photo Feed Plugin <= 1.4.0 - Broken Access Control vulnerability
CVE-2024-54444 2025-02-25 WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26751 2025-02-25 WordPress Alphabetic Pagination Plugin <= 3.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26752 2025-02-25 WordPress VideoWhisper Live Streaming Integration plugin <= 6.2 - Arbitrary File Deletion vulnerability
CVE-2025-26753 2025-02-25 WordPress VideoWhisper Live Streaming Integration plugin <= 6.2 - Arbitrary File Download vulnerability
CVE-2025-26868 2025-02-25 WordPress Fast Flow plugin <= 1.2.16 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26871 2025-02-25 WordPress Essential Blocks plugin <= 4.8.3 - Broken Access Control vulnerability
CVE-2025-26876 2025-02-25 WordPress Search with Typesense Plugin <= 2.0.8 - Path Traversal vulnerability
CVE-2025-26877 2025-02-25 WordPress Front End Users Plugin <= 3.2.30 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26878 2025-02-25 WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.8.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26881 2025-02-25 WordPress Sticky Content plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26882 2025-02-25 WordPress Popup Builder plugin <= 1.1.33 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26884 2025-02-25 WordPress Greenshift plugin <= 10.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26887 2025-02-25 WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.21.35 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26891 2025-02-25 WordPress Ibtana – WordPress Website Builder plugin <= 1.2.4.9 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-26893 2025-02-25 WordPress Easy Charts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26896 2025-02-25 WordPress PiwigoPress plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26897 2025-02-25 WordPress List Related Attachments plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26900 2025-02-25 WordPress Flexmls® IDX Plugin Plugin <= 3.14.27 - PHP Object Injection vulnerability
CVE-2025-26904 2025-02-25 WordPress WP Responsive Auto Fit Text plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26905 2025-02-25 WordPress Estatik plugin <= 4.1.9 - Local File Inclusion vulnerability
CVE-2025-26907 2025-02-25 WordPress Estatik Mortgage Calculator plugin <= 2.0.12 - Local File Inclusion vulnerability
CVE-2025-26911 2025-02-25 WordPress System Dashboard plugin <= 2.8.18 - Sensitive Data Exposure vulnerability
CVE-2025-26912 2025-02-25 WordPress Easy Elementor Addons plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26913 2025-02-25 WordPress AR for WordPress plugin <= 7.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26915 2025-02-25 WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability
CVE-2025-26926 2025-02-25 WordPress Booknetic plugin <= 4.0.9 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-26928 2025-02-25 WordPress Order Limit for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability
CVE-2025-26931 2025-02-25 WordPress Tribulant Gallery Voting plugin <= 1.2.1 - CSRF to Stored XSS vulnerability
CVE-2025-26932 2025-02-25 WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability
CVE-2025-26935 2025-02-25 WordPress WP Job Portal plugin <= 2.2.8 - Local File Inclusion vulnerability
CVE-2025-26937 2025-02-25 WordPress Icon List Block plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26938 2025-02-25 WordPress Countdown Timer block plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26939 2025-02-25 WordPress Counters Block plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26943 2025-02-25 WordPress Easy Quotes plugin <= 1.2.2 - SQL Injection vulnerability
CVE-2025-26945 2025-02-25 WordPress Info Cards plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26946 2025-02-25 WordPress WP Yelp Review Slider Plugin <= 8.1 - SQL Injection vulnerability
CVE-2025-26947 2025-02-25 WordPress Services Section block plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26948 2025-02-25 WordPress Pie Register Premium plugin <= 3.8.3.2 - Broken Access Control vulnerability
CVE-2025-26949 2025-02-25 WordPress Team Section Block plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26952 2025-02-25 WordPress Business Card Block plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26957 2025-02-25 WordPress Affiliate Coupons plugin <= 1.7.3 - Local File Inclusion vulnerability
CVE-2025-26960 2025-02-25 WordPress Small Package Quotes – Unishippers Edition plugin <= 2.4.9 - Broken Access Control vulnerability
CVE-2025-26962 2025-02-25 WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26963 2025-02-25 WordPress ClickWhale plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-26964 2025-02-25 WordPress Eventin plugin <= 4.0.20 - Local File Inclusion vulnerability
CVE-2025-26965 2025-02-25 WordPress Amelia plugin <= 1.2.16 - Insecure Direct Object References (IDOR) vulnerability
CVE-2025-26966 2025-02-25 WordPress PrivateContent plugin <= 8.11.5 - Unauthenticated Account Takeover vulnerability
CVE-2025-26971 2025-02-25 WordPress Poll Maker <= 5.6.5 - SQL Injection vulnerability
CVE-2025-26974 2025-02-25 WordPress WP Multi Store Locator plugin <= 2.5.1 - SQL Injection vulnerability
CVE-2025-26975 2025-02-25 WordPress Strong Testimonials plugin <= 3.2.3 - Broken Access Control vulnerability
CVE-2025-26977 2025-02-25 WordPress FileBird plugin <= 6.4.2.1 - Insecure Direct Object References (IDOR) vulnerability
CVE-2025-26979 2025-02-25 WordPress Funnel Builder by FunnelKit plugin <= 3.9.0 - Local File Inclusion vulnerability
CVE-2025-26980 2025-02-25 WordPress Wired Impact Volunteer Management plugin <= 2.5 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-26981 2025-02-25 WordPress Web Accessibility By accessiBe plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26983 2025-02-25 WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.3 - Broken Access Control vulnerability
CVE-2025-26991 2025-02-25 WordPress WPPizza plugin <= 3.19.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26993 2025-02-25 WordPress Visual Website Collaboration Atarim plugin <= 4.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26995 2025-02-25 WordPress Market Exporter plugin <= 2.0.21 - Broken Access Control vulnerability
CVE-2023-25574 2025-02-25 JupyterHub's LTI13Authenticator: JWT signature not validated
CVE-2024-11955 2025-02-25 GLPI index.php redirect
CVE-2025-21626 2025-02-25 GLPI vulnerable to exposure of sensitive information in the `status.php` endpoint
CVE-2025-21627 2025-02-25 GLPI Cross-site Scripting vulnerability
CVE-2025-23024 2025-02-25 GLPI: Plugins are disabled accessing one page
CVE-2025-26594 2025-02-25 X.org: xwayland: use-after-free of the root cursor
CVE-2025-26595 2025-02-25 Xorg: xwayland: buffer overflow in xkbvmodmasktext()
CVE-2025-26596 2025-02-25 Xorg: xwayland: heap overflow in xkbwritekeysyms()
CVE-2025-26597 2025-02-25 Xorg: xwayland: buffer overflow in xkbchangetypesofkey()
CVE-2025-26598 2025-02-25 Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()
CVE-2025-26599 2025-02-25 Xorg: xwayland: use of uninitialized pointer in compredirectwindow()
CVE-2025-26600 2025-02-25 Xorg: xwayland: use-after-free in playreleasedevents()
CVE-2025-26601 2025-02-25 Xorg: xwayland: use-after-free in syncinittrigger()
CVE-2025-1067 2025-02-25 There is a code injection vulnerability in ArcGIS Pro
CVE-2025-1068 2025-02-25 There is a code injection vulnerability in Esri ArcGIS AllSource
CVE-2025-1204 2025-02-25 The "update" binary in the firmware of the affected product...
CVE-2025-23046 2025-02-25 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin
CVE-2025-25192 2025-02-25 GLPI allows unauthorized access to debug mode
CVE-2024-12368 2025-02-25 Improper access control in the auth_oauth module of Odoo Community...
CVE-2025-27135 2025-02-25 RAGFlow SQL Injection vulnerability
CVE-2024-36259 2025-02-25 Improper access control in mail module of Odoo Community 17.0...
CVE-2024-45424 2025-02-25 Zoom Workplace Apps - Business Logic Error
CVE-2024-45425 2025-02-25 Zoom Workplace Apps - Incorrect User Management
CVE-2024-45426 2025-02-25 Zoom Workplace Apps - Incorrect Ownership Assignment
CVE-2024-45417 2025-02-25 Zoom Apps for macOS - Uncontrolled Resource Consumption
CVE-2025-27139 2025-02-25 Combodo iTop vulnerable to stored self Cross-site Scripting in preferences