CVE List - 2025 / February
Showing 601 - 700 of 3676 CVEs for February 2025 (Page 7 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-55272 | 2025-02-07 | An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function. |
| CVE-2024-57248 | 2025-02-07 | Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to... |
| CVE-2024-57249 | 2025-02-07 | Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP... |
| CVE-2024-57278 | 2025-02-07 | A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allowing an attacker to inject malicious... |
| CVE-2024-57279 | 2025-02-07 | A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the LDAP User Manager <= ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to... |
| CVE-2024-57357 | 2025-02-07 | An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'. |
| CVE-2024-57606 | 2025-02-07 | SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component. |
| CVE-2024-57707 | 2025-02-07 | An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components. |
| CVE-2025-1085 | 2025-02-07 | Animati PACS login cross site scripting |
| CVE-2025-1086 | 2025-02-07 | Safetytest Cloud-Master Server static path traversal |
| CVE-2025-1061 | 2025-02-07 | Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider |
| CVE-2025-22402 | 2025-02-07 | Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access... |
| CVE-2025-1072 | 2025-02-07 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2024-13352 | 2025-02-07 | Legull <= 1.2.2 - Reflected XSS |
| CVE-2024-13492 | 2025-02-07 | Guten Free Options <= 0.9.5 - Reflected XSS |
| CVE-2024-13841 | 2025-02-07 | Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time <= 1.0.0 - Authenticated (Contributor+) Post Disclosure |
| CVE-2025-23085 | 2025-02-07 | A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection... |
| CVE-2025-22880 | 2025-02-07 | Heap-based Buffer Overflow in CNCSoft-G2 |
| CVE-2025-1077 | 2025-02-07 | Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather) |
| CVE-2025-0302 | 2025-02-07 | Liteos_a has an integer overflow read vulnerability |
| CVE-2025-0303 | 2025-02-07 | Liteos_a has a buffer overflow vulnerability |
| CVE-2025-0304 | 2025-02-07 | Liteos_a has an use after free vulnerability |
| CVE-2025-25076 | 2025-02-07 | WordPress Graceful Email Obfuscation plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25091 | 2025-02-07 | WordPress NextGen Cooliris Gallery plugin <= 0.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25072 | 2025-02-07 | WordPress WP Admin Custom Page plugin <= 1.5.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25082 | 2025-02-07 | WordPress flexIDX Home Search plugin <= 2.1.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25073 | 2025-02-07 | WordPress Easy WP Tiles plugin <= 1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25098 | 2025-02-07 | WordPress Links in Captions plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25079 | 2025-02-07 | WordPress Simple Select All Text Box plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25074 | 2025-02-07 | WordPress WP Social Stream plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25078 | 2025-02-07 | WordPress Google Earth Embed plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25075 | 2025-02-07 | WordPress Show notice or message on admin area plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25077 | 2025-02-07 | WordPress Easy Chart Builder for WordPress plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25080 | 2025-02-07 | WordPress Kona Gallery Block plugin <= 1.7 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25094 | 2025-02-07 | WordPress Breaking News Ticker plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25071 | 2025-02-07 | WordPress Vignette Ads plugin <= 0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-25085 | 2025-02-07 | WordPress WP SimpleWeather plugin <= 0.2.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25096 | 2025-02-07 | WordPress RSS in Page plugin <= 2.9.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25095 | 2025-02-07 | WordPress ReverbNation Widgets plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability< |
| CVE-2025-25093 | 2025-02-07 | WordPress Child Themes Helper plugin <= 2.2.7 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-25104 | 2025-02-07 | WordPress URL-Preview-Box plugin <= 1.20 - CSRF to Stored XSS vulnerability |
| CVE-2025-25081 | 2025-02-07 | WordPress Embed RSS plugin <= 3.1 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-25111 | 2025-02-07 | WordPress WP Spell Check Plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-25110 | 2025-02-07 | WordPress Event Kikfyre plugin <= 2.1.8 - Broken Access Control vulnerability |
| CVE-2025-25088 | 2025-02-07 | WordPress WP Keyword Monitor Plugin <=1.0.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-25097 | 2025-02-07 | WordPress External "Video for Everybody" plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25106 | 2025-02-07 | WordPress Starter Templates by FancyWP plugin <= 2.0.0 - CSRF to Arbitrary Plugin Installation vulnerability |
| CVE-2025-25107 | 2025-02-07 | WordPress OneStore Sites plugin <= 0.1.1 - CSRF to Arbitrary Plugin Installation vulnerability |
| CVE-2025-25101 | 2025-02-07 | WordPress Munk Sites plugin <= 1.0.7 - CSRF to Arbitrary Plugin Installation vulnerability |
| CVE-2025-25105 | 2025-02-07 | WordPress Pop Up Plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25103 | 2025-02-07 | WordPress Indeed API Plugin <= 0.5 - CSRF to Settings Change vulnerability |
| CVE-2025-25120 | 2025-02-07 | WordPress Slide Banners plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2025-25117 | 2025-02-07 | WordPress Smart Countdown FX plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25116 | 2025-02-07 | WordPress Link to URL / Post plugin <=1.3 - SQL Injection vulnerability |
| CVE-2025-25125 | 2025-02-07 | WordPress Fyrebox Quizzes plugin <= 2.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-25123 | 2025-02-07 | WordPress Easy Related Posts plugin <= 2.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-25128 | 2025-02-07 | WordPress Facilita Form Tracker plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25146 | 2025-02-07 | WordPress Songkick Concerts and Festivals plugin <= 0.9.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-25126 | 2025-02-07 | WordPress ZMSEO plugin <= 1.14.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25136 | 2025-02-07 | WordPress Optimate Ads plugin <= 1.0.3 - Cross-Site Scripting (XSS) vulnerability |
| CVE-2025-25145 | 2025-02-07 | WordPress Infusionsoft Analytics Plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2025-25139 | 2025-02-07 | WordPress WP Custom Post RSS Feed plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25140 | 2025-02-07 | WordPress Simple User Profile plugin <= 1.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-25148 | 2025-02-07 | WordPress Read More Copy Link plugin <= 1.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-25135 | 2025-02-07 | WordPress Custom Links On Admin Dashboard Toolbar plugin <= 3.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-25138 | 2025-02-07 | WordPress On Page SEO + Social Live Chat (Formerly OPS) plugin <= 2.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25147 | 2025-02-07 | WordPress Auto SEO plugin <= 2.5.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-25143 | 2025-02-07 | WordPress GlobalQuran Plugin <= 1.0 - CSRF to Settings Change vulnerability |
| CVE-2025-25141 | 2025-02-07 | WordPress Fami Sales Popup plugin <= 2.0.0 - Local File Inclusion vulnerability |
| CVE-2025-25149 | 2025-02-07 | WordPress Login-box plugin <= 2.0.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-25144 | 2025-02-07 | WordPress Theasys plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25151 | 2025-02-07 | WordPress uListing Plugin <= 2.1.6 - SQL Injection vulnerability |
| CVE-2025-25153 | 2025-02-07 | WordPress Simple Auto Tag plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25156 | 2025-02-07 | WordPress Quote Comments plugin <= 2.2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25152 | 2025-02-07 | WordPress Smart DoFollow plugin <= 1.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-25160 | 2025-02-07 | WordPress Style Tweaker plugin <= 0.11 - CSRF to Stored XSS vulnerability |
| CVE-2025-25159 | 2025-02-07 | WordPress WP doodlez plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25154 | 2025-02-07 | WordPress Custom Comment Notifications plugin <= 1.0.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-25155 | 2025-02-07 | WordPress Music Sheet Viewer plugin <= 4.1 - Arbitrary File Read vulnerability |
| CVE-2025-25163 | 2025-02-07 | WordPress Plugin A/B Image Optimizer Plugin <= 3.3 - Arbitrary File Download vulnerability |
| CVE-2025-25166 | 2025-02-07 | WordPress InLocation plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25168 | 2025-02-07 | WordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-25167 | 2025-02-07 | WordPress BookPress – For Book Authors Plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2025-25069 | 2025-02-07 | Apache Kvrocks: Cross-Protocol Scripting Vulnerability |
| CVE-2025-1107 | 2025-02-07 | Unverified password change vulnerability in Janto |
| CVE-2025-1108 | 2025-02-07 | Insufficient data authenticity vulnerability in Janto |
| CVE-2024-10383 | 2025-02-07 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork |
| CVE-2025-1103 | 2025-02-07 | D-Link DIR-823X HTTP POST Request set_wifi_blacklists null pointer dereference |
| CVE-2024-9664 | 2025-02-07 | WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) PHP Object Injection via Import File |
| CVE-2024-7419 | 2025-02-07 | WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields |
| CVE-2024-9661 | 2025-02-07 | WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion |
| CVE-2024-7425 | 2025-02-07 | WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update |
| CVE-2025-1104 | 2025-02-07 | D-Link DHP-W310AV authentication spoofing |
| CVE-2022-26388 | 2025-02-07 | Use of Hard-Coded Password Vulnerability in ELI Electrocardiograph Devices |
| CVE-2022-26389 | 2025-02-07 | Improper Access Control Vulnerability in ELI Electrocardiograph Devices |
| CVE-2025-1105 | 2025-02-07 | SiberianCMS HTTP GET Request flat cross site scripting |
| CVE-2025-1106 | 2025-02-07 | CmsEasy database_admin.php restore_action path traversal |
| CVE-2021-27017 | 2025-02-07 | Deserialization of untrusted data |
| CVE-2021-41527 | 2025-02-07 | 2FA bypass on the RISC Platform |
| CVE-2021-41528 | 2025-02-07 | Improper authorization related to Import / Export interfaces on RISC Platform |