CVE List - 2025 / February

Showing 1401 - 1500 of 3678 CVEs for February 2025 (Page 15 of 37)

CVE ID Date Title
CVE-2025-0816 2025-02-13 CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service...
CVE-2025-0815 2025-02-13 CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service...
CVE-2025-0814 2025-02-13 CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service...
CVE-2025-0661 2025-02-13 DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post Disclosure
CVE-2024-13346 2025-02-13 Avada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-13345 2025-02-13 Avada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-13639 2025-02-13 Read More & Accordion <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary 'Read More' Post Deletion
CVE-2024-3303 2025-02-13 Improper Neutralization of Input Used for LLM Prompting in GitLab
CVE-2024-46910 2025-02-13 Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
CVE-2024-13867 2025-02-13 Listivo - Classified Ads WordPress Theme <= 2.3.67 - Reflected Cross-Site Scripting
CVE-2024-13606 2025-02-13 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
CVE-2025-21700 2025-02-13 net: sched: Disallow replacing of child qdisc from one parent to another
CVE-2024-13182 2025-02-13 WP Directorybox Manager <= 2.5 - Authentication Bypass
CVE-2025-1270 2025-02-13 Insecure direct object reference (IDOR) vulnerability in H6Web
CVE-2025-1271 2025-02-13 Reflected Cross-Site Scripting (XSS) vulnerability in H6Web
CVE-2025-1094 2025-02-13 PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
CVE-2025-1247 2025-02-13 Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance
CVE-2025-26543 2025-02-13 WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability
CVE-2025-26545 2025-02-13 WordPress Related Posts Line-up-Exactly by Milliard plugin <= 0.0.22 - CSRF to Stored XSS vulnerability
CVE-2025-26547 2025-02-13 WordPress My Login Logout Plugin plugin <= 2.4 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2025-26549 2025-02-13 WordPress WP Html Page Sitemap plugin <= 2.2 - CSRF to Stored Cross-Site Scripting
CVE-2025-26550 2025-02-13 WordPress Global Meta Keyword & Description plugin <= 2.3 - CSRF to Cross-Site Scripting vulnerability
CVE-2025-26551 2025-02-13 WordPress Bootstrap collapse plugin <= 1.0.4 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2025-26552 2025-02-13 WordPress Naver Syndication V2 plugin <= 0.8.3 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2025-26558 2025-02-13 WordPress Aparat Responsive plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26561 2025-02-13 WordPress Elfsight Yottie Lite Plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26562 2025-02-13 WordPress RSS FIlter Plugin <= 1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-26567 2025-02-13 WordPress Font Awesome WP plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26568 2025-02-13 WordPress Easy Amazon Product Information plugin <= 4.0.1 - CSRF to Stored XSS vulnerability
CVE-2025-26569 2025-02-13 WordPress Post Thumbs Plugin <= 1.5 - CSRF to Stored XSS vulnerability
CVE-2025-26570 2025-02-13 WordPress Glance That plugin <= 4.9 - CSRF to Stored XSS vulnerability
CVE-2025-26571 2025-02-13 WordPress Wibiya Toolbar plugin <= 2.0 - CSRF to Stored XSS vulnerability
CVE-2025-26572 2025-02-13 WordPress WP PHPList Plugin <= 1.7 - CSRF to Stored XSS vulnerability
CVE-2025-26574 2025-02-13 WordPress Google Drive WP Media plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26577 2025-02-13 WordPress DX-auto-publish plugin <= 1.2 - CSRF to Stored XSS vulnerability
CVE-2025-26578 2025-02-13 WordPress Simple Documentation plugin <= 1.2.8 - CSRF to Stored XSS vulnerability
CVE-2025-26580 2025-02-13 WordPress Page/Post Specific Social Share Buttons plugin <= 2.1 - CSRF to Stored XSS vulnerability
CVE-2025-26582 2025-02-13 WordPress TinyMCE Advanced qTranslate fix editor problems plugin <= 1.0.0 - CSRF to Stored XSS vulnerability
CVE-2025-26538 2025-02-13 WordPress Prezi Embedder plugin <= 2.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-26539 2025-02-13 WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-21701 2025-02-13 net: avoid race between device unregistration and ethnl ops
CVE-2025-0426 2025-02-13 A security issue was discovered in Kubernetes where a large...
CVE-2025-24903 2025-02-13 libsignal-service-rs Doesn't Check Origin of Sync Messages
CVE-2025-24904 2025-02-13 libsignal-service-rs doesn't sanity check plaintext envelopes are not sanity-checked
CVE-2025-25287 2025-02-13 Lakeus vulnerable to stored XSS via system messages
CVE-2025-26511 2025-02-13 Cassandra-Lucene-Index allows bypass of Cassandra RBAC
CVE-2024-12011 2025-02-13 A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP...
CVE-2024-12012 2025-02-13 A CWE-598 “Use of GET Request Method with Sensitive Query...
CVE-2024-12013 2025-02-13 A CWE-1392 “Use of Default Credentials” was discovered affecting the...
CVE-2025-22480 2025-02-13 Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a...
CVE-2025-24888 2025-02-13 Path traversal in SecureDrop Client API.download_reply()
CVE-2025-24889 2025-02-13 Path traversal in sd-log Qubes virtual machine
CVE-2024-11345 2025-02-13 Heap-based memory vulnerability in the Postscript interpreter in various Lexmark devices
CVE-2025-1127 2025-02-13 Combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server
CVE-2024-11344 2025-02-13 Type confusion vulnerability in the Postscript interpreter in various Lexmark devices
CVE-2024-11346 2025-02-13 Access of Resource Using Incompatible Type in Postscript interpreter
CVE-2024-11347 2025-02-13 Access of Resource Using Incompatible Type in Postscript interpreter
CVE-2025-1283 2025-02-13 Dingtian DT-R0 Series Authentication Bypass Using an Alternate Path or Channel
CVE-2025-26473 2025-02-13 Outback Power Mojave Inverter Use of GET Request Method With Sensitive Query Strings
CVE-2025-25281 2025-02-13 Outback Power Mojave Inverter Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-24861 2025-02-13 Outback Power Mojave Inverter Command Injection
CVE-2025-24865 2025-02-13 mySCADA myPRO Manager Missing Authentication for Critical Function
CVE-2025-22896 2025-02-13 mySCADA myPRO Manager Cleartext Storage of Sensitive Information
CVE-2025-23411 2025-02-13 mySCADA myPRO Manager Cross-Site Request Forgery
CVE-2025-25067 2025-02-13 mySCADA myPRO Manager OS Command Injection
CVE-2025-20615 2025-02-13 Qardio Heart Health IOS Mobile Application Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-25195 2025-02-13 Zulip events can leak private channel names
CVE-2025-23421 2025-02-13 Qardio iOS and Android applications Files or Directories Accessible to External Parties
CVE-2025-24836 2025-02-13 Qardio Heart Health IOS and Android Application and QardioARM A100 Uncaught Exception
CVE-2024-12054 2025-02-13 ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness
CVE-2024-56973 2025-02-14 Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director...
CVE-2024-57725 2025-02-14 An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a...
CVE-2024-57778 2025-02-14 An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows...
CVE-2024-57790 2025-02-14 IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered...
CVE-2024-57969 2025-02-14 app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a...
CVE-2025-25740 2025-02-14 D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based...
CVE-2025-25745 2025-02-14 D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based...
CVE-2025-25988 2025-02-14 Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote...
CVE-2025-25990 2025-02-14 Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote...
CVE-2025-25991 2025-02-14 SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker...
CVE-2025-25992 2025-02-14 SQL Injection vulnerability in FeMiner wms 1.0 allows a remote...
CVE-2025-25993 2025-02-14 SQL Injection vulnerability in FeMiner wms wms 1.0 allows a...
CVE-2025-25994 2025-02-14 SQL Injection vulnerability in FeMiner wms wms 1.0 allows a...
CVE-2025-25997 2025-02-14 Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote...
CVE-2025-26156 2025-02-14 A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul...
CVE-2025-26157 2025-02-14 A SQL Injection vulnerability was found in /bpms/index.php in Source...
CVE-2025-26158 2025-02-14 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the...
CVE-2025-26519 2025-02-14 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds...
CVE-2025-26788 2025-02-14 StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow...
CVE-2025-26789 2025-02-14 An issue was discovered in Logpoint AgentX before 1.5.0. A...
CVE-2025-26791 2025-02-14 DOMPurify before 3.2.4 has an incorrect template literal regular expression,...
CVE-2025-26819 2025-02-14 Monero through 0.18.3.4 before ec74ff4 does not have response limits...
CVE-2024-10404 2025-02-14 Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave
CVE-2024-55904 2025-02-14 IBM DevOps Deploy / IBM UrbanCode Deploy command injection
CVE-2025-1053 2025-02-14 Brocade SANnav encryption key is logged in the debug logs
CVE-2025-23406 2025-02-14 Out-of-bounds read vulnerability caused by improper checking of TCP MSS...
CVE-2024-2240 2025-02-14 Docker implementation in Brocade SANnav is missing Audit Rules.
CVE-2024-13641 2025-02-14 Return Refund and Exchange For WooCommerce <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
CVE-2024-13692 2025-02-14 Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference
CVE-2024-13493 2025-02-14 Sensly Online Presence <= 0.6 - Admin+ Stored XSS